1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 // THIS CODE IS GENERATED - DO NOT MODIFY! 18 19 #include "trunks/tpm_generated.h" 20 21 #include <memory> 22 #include <string> 23 24 #include <base/bind.h> 25 #include <base/callback.h> 26 #include <base/logging.h> 27 #include <base/macros.h> 28 #include <base/stl_util.h> 29 #include <base/strings/string_number_conversions.h> 30 #include <base/sys_byteorder.h> 31 #include <crypto/secure_hash.h> 32 33 #include "trunks/authorization_delegate.h" 34 #include "trunks/command_transceiver.h" 35 #include "trunks/error_codes.h" 36 37 namespace trunks { 38 39 size_t GetNumberOfRequestHandles(TPM_CC command_code) { 40 switch (command_code) { 41 case TPM_CC_Startup: 42 return 0; 43 case TPM_CC_Shutdown: 44 return 0; 45 case TPM_CC_SelfTest: 46 return 0; 47 case TPM_CC_IncrementalSelfTest: 48 return 0; 49 case TPM_CC_GetTestResult: 50 return 0; 51 case TPM_CC_StartAuthSession: 52 return 2; 53 case TPM_CC_PolicyRestart: 54 return 1; 55 case TPM_CC_Create: 56 return 1; 57 case TPM_CC_Load: 58 return 1; 59 case TPM_CC_LoadExternal: 60 return 0; 61 case TPM_CC_ReadPublic: 62 return 1; 63 case TPM_CC_ActivateCredential: 64 return 2; 65 case TPM_CC_MakeCredential: 66 return 1; 67 case TPM_CC_Unseal: 68 return 1; 69 case TPM_CC_ObjectChangeAuth: 70 return 2; 71 case TPM_CC_Duplicate: 72 return 2; 73 case TPM_CC_Rewrap: 74 return 2; 75 case TPM_CC_Import: 76 return 1; 77 case TPM_CC_RSA_Encrypt: 78 return 1; 79 case TPM_CC_RSA_Decrypt: 80 return 1; 81 case TPM_CC_ECDH_KeyGen: 82 return 1; 83 case TPM_CC_ECDH_ZGen: 84 return 1; 85 case TPM_CC_ECC_Parameters: 86 return 0; 87 case TPM_CC_ZGen_2Phase: 88 return 1; 89 case TPM_CC_EncryptDecrypt: 90 return 1; 91 case TPM_CC_Hash: 92 return 0; 93 case TPM_CC_HMAC: 94 return 1; 95 case TPM_CC_GetRandom: 96 return 0; 97 case TPM_CC_StirRandom: 98 return 0; 99 case TPM_CC_HMAC_Start: 100 return 1; 101 case TPM_CC_HashSequenceStart: 102 return 0; 103 case TPM_CC_SequenceUpdate: 104 return 1; 105 case TPM_CC_SequenceComplete: 106 return 1; 107 case TPM_CC_EventSequenceComplete: 108 return 2; 109 case TPM_CC_Certify: 110 return 2; 111 case TPM_CC_CertifyCreation: 112 return 2; 113 case TPM_CC_Quote: 114 return 1; 115 case TPM_CC_GetSessionAuditDigest: 116 return 3; 117 case TPM_CC_GetCommandAuditDigest: 118 return 2; 119 case TPM_CC_GetTime: 120 return 2; 121 case TPM_CC_Commit: 122 return 1; 123 case TPM_CC_EC_Ephemeral: 124 return 0; 125 case TPM_CC_VerifySignature: 126 return 1; 127 case TPM_CC_Sign: 128 return 1; 129 case TPM_CC_SetCommandCodeAuditStatus: 130 return 1; 131 case TPM_CC_PCR_Extend: 132 return 1; 133 case TPM_CC_PCR_Event: 134 return 1; 135 case TPM_CC_PCR_Read: 136 return 0; 137 case TPM_CC_PCR_Allocate: 138 return 1; 139 case TPM_CC_PCR_SetAuthPolicy: 140 return 2; 141 case TPM_CC_PCR_SetAuthValue: 142 return 1; 143 case TPM_CC_PCR_Reset: 144 return 1; 145 case TPM_CC_PolicySigned: 146 return 2; 147 case TPM_CC_PolicySecret: 148 return 2; 149 case TPM_CC_PolicyTicket: 150 return 1; 151 case TPM_CC_PolicyOR: 152 return 1; 153 case TPM_CC_PolicyPCR: 154 return 1; 155 case TPM_CC_PolicyLocality: 156 return 1; 157 case TPM_CC_PolicyNV: 158 return 3; 159 case TPM_CC_PolicyCounterTimer: 160 return 1; 161 case TPM_CC_PolicyCommandCode: 162 return 1; 163 case TPM_CC_PolicyPhysicalPresence: 164 return 1; 165 case TPM_CC_PolicyCpHash: 166 return 1; 167 case TPM_CC_PolicyNameHash: 168 return 1; 169 case TPM_CC_PolicyDuplicationSelect: 170 return 1; 171 case TPM_CC_PolicyAuthorize: 172 return 1; 173 case TPM_CC_PolicyAuthValue: 174 return 1; 175 case TPM_CC_PolicyPassword: 176 return 1; 177 case TPM_CC_PolicyGetDigest: 178 return 1; 179 case TPM_CC_PolicyNvWritten: 180 return 1; 181 case TPM_CC_CreatePrimary: 182 return 1; 183 case TPM_CC_HierarchyControl: 184 return 1; 185 case TPM_CC_SetPrimaryPolicy: 186 return 1; 187 case TPM_CC_ChangePPS: 188 return 1; 189 case TPM_CC_ChangeEPS: 190 return 1; 191 case TPM_CC_Clear: 192 return 1; 193 case TPM_CC_ClearControl: 194 return 1; 195 case TPM_CC_HierarchyChangeAuth: 196 return 1; 197 case TPM_CC_DictionaryAttackLockReset: 198 return 1; 199 case TPM_CC_DictionaryAttackParameters: 200 return 1; 201 case TPM_CC_PP_Commands: 202 return 1; 203 case TPM_CC_SetAlgorithmSet: 204 return 1; 205 case TPM_CC_FieldUpgradeStart: 206 return 2; 207 case TPM_CC_FieldUpgradeData: 208 return 0; 209 case TPM_CC_FirmwareRead: 210 return 0; 211 case TPM_CC_ContextSave: 212 return 1; 213 case TPM_CC_ContextLoad: 214 return 0; 215 case TPM_CC_FlushContext: 216 return 0; 217 case TPM_CC_EvictControl: 218 return 2; 219 case TPM_CC_ReadClock: 220 return 0; 221 case TPM_CC_ClockSet: 222 return 1; 223 case TPM_CC_ClockRateAdjust: 224 return 1; 225 case TPM_CC_GetCapability: 226 return 0; 227 case TPM_CC_TestParms: 228 return 0; 229 case TPM_CC_NV_DefineSpace: 230 return 1; 231 case TPM_CC_NV_UndefineSpace: 232 return 2; 233 case TPM_CC_NV_UndefineSpaceSpecial: 234 return 2; 235 case TPM_CC_NV_ReadPublic: 236 return 1; 237 case TPM_CC_NV_Write: 238 return 2; 239 case TPM_CC_NV_Increment: 240 return 2; 241 case TPM_CC_NV_Extend: 242 return 2; 243 case TPM_CC_NV_SetBits: 244 return 2; 245 case TPM_CC_NV_WriteLock: 246 return 2; 247 case TPM_CC_NV_GlobalWriteLock: 248 return 1; 249 case TPM_CC_NV_Read: 250 return 2; 251 case TPM_CC_NV_ReadLock: 252 return 2; 253 case TPM_CC_NV_ChangeAuth: 254 return 1; 255 case TPM_CC_NV_Certify: 256 return 3; 257 default: 258 LOG(WARNING) << "Unknown command code: " << command_code; 259 } 260 return 0; 261 } 262 263 size_t GetNumberOfResponseHandles(TPM_CC command_code) { 264 switch (command_code) { 265 case TPM_CC_Startup: 266 return 0; 267 case TPM_CC_Shutdown: 268 return 0; 269 case TPM_CC_SelfTest: 270 return 0; 271 case TPM_CC_IncrementalSelfTest: 272 return 0; 273 case TPM_CC_GetTestResult: 274 return 0; 275 case TPM_CC_StartAuthSession: 276 return 1; 277 case TPM_CC_PolicyRestart: 278 return 0; 279 case TPM_CC_Create: 280 return 0; 281 case TPM_CC_Load: 282 return 1; 283 case TPM_CC_LoadExternal: 284 return 1; 285 case TPM_CC_ReadPublic: 286 return 0; 287 case TPM_CC_ActivateCredential: 288 return 0; 289 case TPM_CC_MakeCredential: 290 return 0; 291 case TPM_CC_Unseal: 292 return 0; 293 case TPM_CC_ObjectChangeAuth: 294 return 0; 295 case TPM_CC_Duplicate: 296 return 0; 297 case TPM_CC_Rewrap: 298 return 0; 299 case TPM_CC_Import: 300 return 0; 301 case TPM_CC_RSA_Encrypt: 302 return 0; 303 case TPM_CC_RSA_Decrypt: 304 return 0; 305 case TPM_CC_ECDH_KeyGen: 306 return 0; 307 case TPM_CC_ECDH_ZGen: 308 return 0; 309 case TPM_CC_ECC_Parameters: 310 return 0; 311 case TPM_CC_ZGen_2Phase: 312 return 0; 313 case TPM_CC_EncryptDecrypt: 314 return 0; 315 case TPM_CC_Hash: 316 return 0; 317 case TPM_CC_HMAC: 318 return 0; 319 case TPM_CC_GetRandom: 320 return 0; 321 case TPM_CC_StirRandom: 322 return 0; 323 case TPM_CC_HMAC_Start: 324 return 1; 325 case TPM_CC_HashSequenceStart: 326 return 1; 327 case TPM_CC_SequenceUpdate: 328 return 0; 329 case TPM_CC_SequenceComplete: 330 return 0; 331 case TPM_CC_EventSequenceComplete: 332 return 0; 333 case TPM_CC_Certify: 334 return 0; 335 case TPM_CC_CertifyCreation: 336 return 0; 337 case TPM_CC_Quote: 338 return 0; 339 case TPM_CC_GetSessionAuditDigest: 340 return 0; 341 case TPM_CC_GetCommandAuditDigest: 342 return 0; 343 case TPM_CC_GetTime: 344 return 0; 345 case TPM_CC_Commit: 346 return 0; 347 case TPM_CC_EC_Ephemeral: 348 return 0; 349 case TPM_CC_VerifySignature: 350 return 0; 351 case TPM_CC_Sign: 352 return 0; 353 case TPM_CC_SetCommandCodeAuditStatus: 354 return 0; 355 case TPM_CC_PCR_Extend: 356 return 0; 357 case TPM_CC_PCR_Event: 358 return 0; 359 case TPM_CC_PCR_Read: 360 return 0; 361 case TPM_CC_PCR_Allocate: 362 return 0; 363 case TPM_CC_PCR_SetAuthPolicy: 364 return 0; 365 case TPM_CC_PCR_SetAuthValue: 366 return 0; 367 case TPM_CC_PCR_Reset: 368 return 0; 369 case TPM_CC_PolicySigned: 370 return 0; 371 case TPM_CC_PolicySecret: 372 return 0; 373 case TPM_CC_PolicyTicket: 374 return 0; 375 case TPM_CC_PolicyOR: 376 return 0; 377 case TPM_CC_PolicyPCR: 378 return 0; 379 case TPM_CC_PolicyLocality: 380 return 0; 381 case TPM_CC_PolicyNV: 382 return 0; 383 case TPM_CC_PolicyCounterTimer: 384 return 0; 385 case TPM_CC_PolicyCommandCode: 386 return 0; 387 case TPM_CC_PolicyPhysicalPresence: 388 return 0; 389 case TPM_CC_PolicyCpHash: 390 return 0; 391 case TPM_CC_PolicyNameHash: 392 return 0; 393 case TPM_CC_PolicyDuplicationSelect: 394 return 0; 395 case TPM_CC_PolicyAuthorize: 396 return 0; 397 case TPM_CC_PolicyAuthValue: 398 return 0; 399 case TPM_CC_PolicyPassword: 400 return 0; 401 case TPM_CC_PolicyGetDigest: 402 return 0; 403 case TPM_CC_PolicyNvWritten: 404 return 0; 405 case TPM_CC_CreatePrimary: 406 return 1; 407 case TPM_CC_HierarchyControl: 408 return 0; 409 case TPM_CC_SetPrimaryPolicy: 410 return 0; 411 case TPM_CC_ChangePPS: 412 return 0; 413 case TPM_CC_ChangeEPS: 414 return 0; 415 case TPM_CC_Clear: 416 return 0; 417 case TPM_CC_ClearControl: 418 return 0; 419 case TPM_CC_HierarchyChangeAuth: 420 return 0; 421 case TPM_CC_DictionaryAttackLockReset: 422 return 0; 423 case TPM_CC_DictionaryAttackParameters: 424 return 0; 425 case TPM_CC_PP_Commands: 426 return 0; 427 case TPM_CC_SetAlgorithmSet: 428 return 0; 429 case TPM_CC_FieldUpgradeStart: 430 return 0; 431 case TPM_CC_FieldUpgradeData: 432 return 0; 433 case TPM_CC_FirmwareRead: 434 return 0; 435 case TPM_CC_ContextSave: 436 return 0; 437 case TPM_CC_ContextLoad: 438 return 1; 439 case TPM_CC_FlushContext: 440 return 0; 441 case TPM_CC_EvictControl: 442 return 0; 443 case TPM_CC_ReadClock: 444 return 0; 445 case TPM_CC_ClockSet: 446 return 0; 447 case TPM_CC_ClockRateAdjust: 448 return 0; 449 case TPM_CC_GetCapability: 450 return 0; 451 case TPM_CC_TestParms: 452 return 0; 453 case TPM_CC_NV_DefineSpace: 454 return 0; 455 case TPM_CC_NV_UndefineSpace: 456 return 0; 457 case TPM_CC_NV_UndefineSpaceSpecial: 458 return 0; 459 case TPM_CC_NV_ReadPublic: 460 return 0; 461 case TPM_CC_NV_Write: 462 return 0; 463 case TPM_CC_NV_Increment: 464 return 0; 465 case TPM_CC_NV_Extend: 466 return 0; 467 case TPM_CC_NV_SetBits: 468 return 0; 469 case TPM_CC_NV_WriteLock: 470 return 0; 471 case TPM_CC_NV_GlobalWriteLock: 472 return 0; 473 case TPM_CC_NV_Read: 474 return 0; 475 case TPM_CC_NV_ReadLock: 476 return 0; 477 case TPM_CC_NV_ChangeAuth: 478 return 0; 479 case TPM_CC_NV_Certify: 480 return 0; 481 default: 482 LOG(WARNING) << "Unknown command code: " << command_code; 483 } 484 return 0; 485 } 486 487 TPM_RC Serialize_uint8_t(const uint8_t& value, std::string* buffer) { 488 VLOG(3) << __func__; 489 uint8_t value_net = value; 490 switch (sizeof(uint8_t)) { 491 case 2: 492 value_net = base::HostToNet16(value); 493 break; 494 case 4: 495 value_net = base::HostToNet32(value); 496 break; 497 case 8: 498 value_net = base::HostToNet64(value); 499 break; 500 default: 501 break; 502 } 503 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 504 buffer->append(value_bytes, sizeof(uint8_t)); 505 return TPM_RC_SUCCESS; 506 } 507 508 TPM_RC Parse_uint8_t(std::string* buffer, 509 uint8_t* value, 510 std::string* value_bytes) { 511 VLOG(3) << __func__; 512 if (buffer->size() < sizeof(uint8_t)) 513 return TPM_RC_INSUFFICIENT; 514 uint8_t value_net = 0; 515 memcpy(&value_net, buffer->data(), sizeof(uint8_t)); 516 switch (sizeof(uint8_t)) { 517 case 2: 518 *value = base::NetToHost16(value_net); 519 break; 520 case 4: 521 *value = base::NetToHost32(value_net); 522 break; 523 case 8: 524 *value = base::NetToHost64(value_net); 525 break; 526 default: 527 *value = value_net; 528 } 529 if (value_bytes) { 530 value_bytes->append(buffer->substr(0, sizeof(uint8_t))); 531 } 532 buffer->erase(0, sizeof(uint8_t)); 533 return TPM_RC_SUCCESS; 534 } 535 536 TPM_RC Serialize_int8_t(const int8_t& value, std::string* buffer) { 537 VLOG(3) << __func__; 538 int8_t value_net = value; 539 switch (sizeof(int8_t)) { 540 case 2: 541 value_net = base::HostToNet16(value); 542 break; 543 case 4: 544 value_net = base::HostToNet32(value); 545 break; 546 case 8: 547 value_net = base::HostToNet64(value); 548 break; 549 default: 550 break; 551 } 552 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 553 buffer->append(value_bytes, sizeof(int8_t)); 554 return TPM_RC_SUCCESS; 555 } 556 557 TPM_RC Parse_int8_t(std::string* buffer, 558 int8_t* value, 559 std::string* value_bytes) { 560 VLOG(3) << __func__; 561 if (buffer->size() < sizeof(int8_t)) 562 return TPM_RC_INSUFFICIENT; 563 int8_t value_net = 0; 564 memcpy(&value_net, buffer->data(), sizeof(int8_t)); 565 switch (sizeof(int8_t)) { 566 case 2: 567 *value = base::NetToHost16(value_net); 568 break; 569 case 4: 570 *value = base::NetToHost32(value_net); 571 break; 572 case 8: 573 *value = base::NetToHost64(value_net); 574 break; 575 default: 576 *value = value_net; 577 } 578 if (value_bytes) { 579 value_bytes->append(buffer->substr(0, sizeof(int8_t))); 580 } 581 buffer->erase(0, sizeof(int8_t)); 582 return TPM_RC_SUCCESS; 583 } 584 585 TPM_RC Serialize_int(const int& value, std::string* buffer) { 586 VLOG(3) << __func__; 587 int value_net = value; 588 switch (sizeof(int)) { 589 case 2: 590 value_net = base::HostToNet16(value); 591 break; 592 case 4: 593 value_net = base::HostToNet32(value); 594 break; 595 case 8: 596 value_net = base::HostToNet64(value); 597 break; 598 default: 599 break; 600 } 601 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 602 buffer->append(value_bytes, sizeof(int)); 603 return TPM_RC_SUCCESS; 604 } 605 606 TPM_RC Parse_int(std::string* buffer, int* value, std::string* value_bytes) { 607 VLOG(3) << __func__; 608 if (buffer->size() < sizeof(int)) 609 return TPM_RC_INSUFFICIENT; 610 int value_net = 0; 611 memcpy(&value_net, buffer->data(), sizeof(int)); 612 switch (sizeof(int)) { 613 case 2: 614 *value = base::NetToHost16(value_net); 615 break; 616 case 4: 617 *value = base::NetToHost32(value_net); 618 break; 619 case 8: 620 *value = base::NetToHost64(value_net); 621 break; 622 default: 623 *value = value_net; 624 } 625 if (value_bytes) { 626 value_bytes->append(buffer->substr(0, sizeof(int))); 627 } 628 buffer->erase(0, sizeof(int)); 629 return TPM_RC_SUCCESS; 630 } 631 632 TPM_RC Serialize_uint16_t(const uint16_t& value, std::string* buffer) { 633 VLOG(3) << __func__; 634 uint16_t value_net = value; 635 switch (sizeof(uint16_t)) { 636 case 2: 637 value_net = base::HostToNet16(value); 638 break; 639 case 4: 640 value_net = base::HostToNet32(value); 641 break; 642 case 8: 643 value_net = base::HostToNet64(value); 644 break; 645 default: 646 break; 647 } 648 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 649 buffer->append(value_bytes, sizeof(uint16_t)); 650 return TPM_RC_SUCCESS; 651 } 652 653 TPM_RC Parse_uint16_t(std::string* buffer, 654 uint16_t* value, 655 std::string* value_bytes) { 656 VLOG(3) << __func__; 657 if (buffer->size() < sizeof(uint16_t)) 658 return TPM_RC_INSUFFICIENT; 659 uint16_t value_net = 0; 660 memcpy(&value_net, buffer->data(), sizeof(uint16_t)); 661 switch (sizeof(uint16_t)) { 662 case 2: 663 *value = base::NetToHost16(value_net); 664 break; 665 case 4: 666 *value = base::NetToHost32(value_net); 667 break; 668 case 8: 669 *value = base::NetToHost64(value_net); 670 break; 671 default: 672 *value = value_net; 673 } 674 if (value_bytes) { 675 value_bytes->append(buffer->substr(0, sizeof(uint16_t))); 676 } 677 buffer->erase(0, sizeof(uint16_t)); 678 return TPM_RC_SUCCESS; 679 } 680 681 TPM_RC Serialize_int16_t(const int16_t& value, std::string* buffer) { 682 VLOG(3) << __func__; 683 int16_t value_net = value; 684 switch (sizeof(int16_t)) { 685 case 2: 686 value_net = base::HostToNet16(value); 687 break; 688 case 4: 689 value_net = base::HostToNet32(value); 690 break; 691 case 8: 692 value_net = base::HostToNet64(value); 693 break; 694 default: 695 break; 696 } 697 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 698 buffer->append(value_bytes, sizeof(int16_t)); 699 return TPM_RC_SUCCESS; 700 } 701 702 TPM_RC Parse_int16_t(std::string* buffer, 703 int16_t* value, 704 std::string* value_bytes) { 705 VLOG(3) << __func__; 706 if (buffer->size() < sizeof(int16_t)) 707 return TPM_RC_INSUFFICIENT; 708 int16_t value_net = 0; 709 memcpy(&value_net, buffer->data(), sizeof(int16_t)); 710 switch (sizeof(int16_t)) { 711 case 2: 712 *value = base::NetToHost16(value_net); 713 break; 714 case 4: 715 *value = base::NetToHost32(value_net); 716 break; 717 case 8: 718 *value = base::NetToHost64(value_net); 719 break; 720 default: 721 *value = value_net; 722 } 723 if (value_bytes) { 724 value_bytes->append(buffer->substr(0, sizeof(int16_t))); 725 } 726 buffer->erase(0, sizeof(int16_t)); 727 return TPM_RC_SUCCESS; 728 } 729 730 TPM_RC Serialize_uint32_t(const uint32_t& value, std::string* buffer) { 731 VLOG(3) << __func__; 732 uint32_t value_net = value; 733 switch (sizeof(uint32_t)) { 734 case 2: 735 value_net = base::HostToNet16(value); 736 break; 737 case 4: 738 value_net = base::HostToNet32(value); 739 break; 740 case 8: 741 value_net = base::HostToNet64(value); 742 break; 743 default: 744 break; 745 } 746 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 747 buffer->append(value_bytes, sizeof(uint32_t)); 748 return TPM_RC_SUCCESS; 749 } 750 751 TPM_RC Parse_uint32_t(std::string* buffer, 752 uint32_t* value, 753 std::string* value_bytes) { 754 VLOG(3) << __func__; 755 if (buffer->size() < sizeof(uint32_t)) 756 return TPM_RC_INSUFFICIENT; 757 uint32_t value_net = 0; 758 memcpy(&value_net, buffer->data(), sizeof(uint32_t)); 759 switch (sizeof(uint32_t)) { 760 case 2: 761 *value = base::NetToHost16(value_net); 762 break; 763 case 4: 764 *value = base::NetToHost32(value_net); 765 break; 766 case 8: 767 *value = base::NetToHost64(value_net); 768 break; 769 default: 770 *value = value_net; 771 } 772 if (value_bytes) { 773 value_bytes->append(buffer->substr(0, sizeof(uint32_t))); 774 } 775 buffer->erase(0, sizeof(uint32_t)); 776 return TPM_RC_SUCCESS; 777 } 778 779 TPM_RC Serialize_int32_t(const int32_t& value, std::string* buffer) { 780 VLOG(3) << __func__; 781 int32_t value_net = value; 782 switch (sizeof(int32_t)) { 783 case 2: 784 value_net = base::HostToNet16(value); 785 break; 786 case 4: 787 value_net = base::HostToNet32(value); 788 break; 789 case 8: 790 value_net = base::HostToNet64(value); 791 break; 792 default: 793 break; 794 } 795 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 796 buffer->append(value_bytes, sizeof(int32_t)); 797 return TPM_RC_SUCCESS; 798 } 799 800 TPM_RC Parse_int32_t(std::string* buffer, 801 int32_t* value, 802 std::string* value_bytes) { 803 VLOG(3) << __func__; 804 if (buffer->size() < sizeof(int32_t)) 805 return TPM_RC_INSUFFICIENT; 806 int32_t value_net = 0; 807 memcpy(&value_net, buffer->data(), sizeof(int32_t)); 808 switch (sizeof(int32_t)) { 809 case 2: 810 *value = base::NetToHost16(value_net); 811 break; 812 case 4: 813 *value = base::NetToHost32(value_net); 814 break; 815 case 8: 816 *value = base::NetToHost64(value_net); 817 break; 818 default: 819 *value = value_net; 820 } 821 if (value_bytes) { 822 value_bytes->append(buffer->substr(0, sizeof(int32_t))); 823 } 824 buffer->erase(0, sizeof(int32_t)); 825 return TPM_RC_SUCCESS; 826 } 827 828 TPM_RC Serialize_uint64_t(const uint64_t& value, std::string* buffer) { 829 VLOG(3) << __func__; 830 uint64_t value_net = value; 831 switch (sizeof(uint64_t)) { 832 case 2: 833 value_net = base::HostToNet16(value); 834 break; 835 case 4: 836 value_net = base::HostToNet32(value); 837 break; 838 case 8: 839 value_net = base::HostToNet64(value); 840 break; 841 default: 842 break; 843 } 844 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 845 buffer->append(value_bytes, sizeof(uint64_t)); 846 return TPM_RC_SUCCESS; 847 } 848 849 TPM_RC Parse_uint64_t(std::string* buffer, 850 uint64_t* value, 851 std::string* value_bytes) { 852 VLOG(3) << __func__; 853 if (buffer->size() < sizeof(uint64_t)) 854 return TPM_RC_INSUFFICIENT; 855 uint64_t value_net = 0; 856 memcpy(&value_net, buffer->data(), sizeof(uint64_t)); 857 switch (sizeof(uint64_t)) { 858 case 2: 859 *value = base::NetToHost16(value_net); 860 break; 861 case 4: 862 *value = base::NetToHost32(value_net); 863 break; 864 case 8: 865 *value = base::NetToHost64(value_net); 866 break; 867 default: 868 *value = value_net; 869 } 870 if (value_bytes) { 871 value_bytes->append(buffer->substr(0, sizeof(uint64_t))); 872 } 873 buffer->erase(0, sizeof(uint64_t)); 874 return TPM_RC_SUCCESS; 875 } 876 877 TPM_RC Serialize_int64_t(const int64_t& value, std::string* buffer) { 878 VLOG(3) << __func__; 879 int64_t value_net = value; 880 switch (sizeof(int64_t)) { 881 case 2: 882 value_net = base::HostToNet16(value); 883 break; 884 case 4: 885 value_net = base::HostToNet32(value); 886 break; 887 case 8: 888 value_net = base::HostToNet64(value); 889 break; 890 default: 891 break; 892 } 893 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 894 buffer->append(value_bytes, sizeof(int64_t)); 895 return TPM_RC_SUCCESS; 896 } 897 898 TPM_RC Parse_int64_t(std::string* buffer, 899 int64_t* value, 900 std::string* value_bytes) { 901 VLOG(3) << __func__; 902 if (buffer->size() < sizeof(int64_t)) 903 return TPM_RC_INSUFFICIENT; 904 int64_t value_net = 0; 905 memcpy(&value_net, buffer->data(), sizeof(int64_t)); 906 switch (sizeof(int64_t)) { 907 case 2: 908 *value = base::NetToHost16(value_net); 909 break; 910 case 4: 911 *value = base::NetToHost32(value_net); 912 break; 913 case 8: 914 *value = base::NetToHost64(value_net); 915 break; 916 default: 917 *value = value_net; 918 } 919 if (value_bytes) { 920 value_bytes->append(buffer->substr(0, sizeof(int64_t))); 921 } 922 buffer->erase(0, sizeof(int64_t)); 923 return TPM_RC_SUCCESS; 924 } 925 926 TPM_RC Serialize_UINT8(const UINT8& value, std::string* buffer) { 927 VLOG(3) << __func__; 928 return Serialize_uint8_t(value, buffer); 929 } 930 931 TPM_RC Parse_UINT8(std::string* buffer, 932 UINT8* value, 933 std::string* value_bytes) { 934 VLOG(3) << __func__; 935 return Parse_uint8_t(buffer, value, value_bytes); 936 } 937 938 TPM_RC Serialize_BYTE(const BYTE& value, std::string* buffer) { 939 VLOG(3) << __func__; 940 return Serialize_uint8_t(value, buffer); 941 } 942 943 TPM_RC Parse_BYTE(std::string* buffer, BYTE* value, std::string* value_bytes) { 944 VLOG(3) << __func__; 945 return Parse_uint8_t(buffer, value, value_bytes); 946 } 947 948 TPM_RC Serialize_INT8(const INT8& value, std::string* buffer) { 949 VLOG(3) << __func__; 950 return Serialize_int8_t(value, buffer); 951 } 952 953 TPM_RC Parse_INT8(std::string* buffer, INT8* value, std::string* value_bytes) { 954 VLOG(3) << __func__; 955 return Parse_int8_t(buffer, value, value_bytes); 956 } 957 958 TPM_RC Serialize_BOOL(const BOOL& value, std::string* buffer) { 959 VLOG(3) << __func__; 960 return Serialize_int(value, buffer); 961 } 962 963 TPM_RC Parse_BOOL(std::string* buffer, BOOL* value, std::string* value_bytes) { 964 VLOG(3) << __func__; 965 return Parse_int(buffer, value, value_bytes); 966 } 967 968 TPM_RC Serialize_UINT16(const UINT16& value, std::string* buffer) { 969 VLOG(3) << __func__; 970 return Serialize_uint16_t(value, buffer); 971 } 972 973 TPM_RC Parse_UINT16(std::string* buffer, 974 UINT16* value, 975 std::string* value_bytes) { 976 VLOG(3) << __func__; 977 return Parse_uint16_t(buffer, value, value_bytes); 978 } 979 980 TPM_RC Serialize_INT16(const INT16& value, std::string* buffer) { 981 VLOG(3) << __func__; 982 return Serialize_int16_t(value, buffer); 983 } 984 985 TPM_RC Parse_INT16(std::string* buffer, 986 INT16* value, 987 std::string* value_bytes) { 988 VLOG(3) << __func__; 989 return Parse_int16_t(buffer, value, value_bytes); 990 } 991 992 TPM_RC Serialize_UINT32(const UINT32& value, std::string* buffer) { 993 VLOG(3) << __func__; 994 return Serialize_uint32_t(value, buffer); 995 } 996 997 TPM_RC Parse_UINT32(std::string* buffer, 998 UINT32* value, 999 std::string* value_bytes) { 1000 VLOG(3) << __func__; 1001 return Parse_uint32_t(buffer, value, value_bytes); 1002 } 1003 1004 TPM_RC Serialize_INT32(const INT32& value, std::string* buffer) { 1005 VLOG(3) << __func__; 1006 return Serialize_int32_t(value, buffer); 1007 } 1008 1009 TPM_RC Parse_INT32(std::string* buffer, 1010 INT32* value, 1011 std::string* value_bytes) { 1012 VLOG(3) << __func__; 1013 return Parse_int32_t(buffer, value, value_bytes); 1014 } 1015 1016 TPM_RC Serialize_UINT64(const UINT64& value, std::string* buffer) { 1017 VLOG(3) << __func__; 1018 return Serialize_uint64_t(value, buffer); 1019 } 1020 1021 TPM_RC Parse_UINT64(std::string* buffer, 1022 UINT64* value, 1023 std::string* value_bytes) { 1024 VLOG(3) << __func__; 1025 return Parse_uint64_t(buffer, value, value_bytes); 1026 } 1027 1028 TPM_RC Serialize_INT64(const INT64& value, std::string* buffer) { 1029 VLOG(3) << __func__; 1030 return Serialize_int64_t(value, buffer); 1031 } 1032 1033 TPM_RC Parse_INT64(std::string* buffer, 1034 INT64* value, 1035 std::string* value_bytes) { 1036 VLOG(3) << __func__; 1037 return Parse_int64_t(buffer, value, value_bytes); 1038 } 1039 1040 TPM_RC Serialize_TPM_ALGORITHM_ID(const TPM_ALGORITHM_ID& value, 1041 std::string* buffer) { 1042 VLOG(3) << __func__; 1043 return Serialize_UINT32(value, buffer); 1044 } 1045 1046 TPM_RC Parse_TPM_ALGORITHM_ID(std::string* buffer, 1047 TPM_ALGORITHM_ID* value, 1048 std::string* value_bytes) { 1049 VLOG(3) << __func__; 1050 return Parse_UINT32(buffer, value, value_bytes); 1051 } 1052 1053 TPM_RC Serialize_TPM_MODIFIER_INDICATOR(const TPM_MODIFIER_INDICATOR& value, 1054 std::string* buffer) { 1055 VLOG(3) << __func__; 1056 return Serialize_UINT32(value, buffer); 1057 } 1058 1059 TPM_RC Parse_TPM_MODIFIER_INDICATOR(std::string* buffer, 1060 TPM_MODIFIER_INDICATOR* value, 1061 std::string* value_bytes) { 1062 VLOG(3) << __func__; 1063 return Parse_UINT32(buffer, value, value_bytes); 1064 } 1065 1066 TPM_RC Serialize_TPM_AUTHORIZATION_SIZE(const TPM_AUTHORIZATION_SIZE& value, 1067 std::string* buffer) { 1068 VLOG(3) << __func__; 1069 return Serialize_UINT32(value, buffer); 1070 } 1071 1072 TPM_RC Parse_TPM_AUTHORIZATION_SIZE(std::string* buffer, 1073 TPM_AUTHORIZATION_SIZE* value, 1074 std::string* value_bytes) { 1075 VLOG(3) << __func__; 1076 return Parse_UINT32(buffer, value, value_bytes); 1077 } 1078 1079 TPM_RC Serialize_TPM_PARAMETER_SIZE(const TPM_PARAMETER_SIZE& value, 1080 std::string* buffer) { 1081 VLOG(3) << __func__; 1082 return Serialize_UINT32(value, buffer); 1083 } 1084 1085 TPM_RC Parse_TPM_PARAMETER_SIZE(std::string* buffer, 1086 TPM_PARAMETER_SIZE* value, 1087 std::string* value_bytes) { 1088 VLOG(3) << __func__; 1089 return Parse_UINT32(buffer, value, value_bytes); 1090 } 1091 1092 TPM_RC Serialize_TPM_KEY_SIZE(const TPM_KEY_SIZE& value, std::string* buffer) { 1093 VLOG(3) << __func__; 1094 return Serialize_UINT16(value, buffer); 1095 } 1096 1097 TPM_RC Parse_TPM_KEY_SIZE(std::string* buffer, 1098 TPM_KEY_SIZE* value, 1099 std::string* value_bytes) { 1100 VLOG(3) << __func__; 1101 return Parse_UINT16(buffer, value, value_bytes); 1102 } 1103 1104 TPM_RC Serialize_TPM_KEY_BITS(const TPM_KEY_BITS& value, std::string* buffer) { 1105 VLOG(3) << __func__; 1106 return Serialize_UINT16(value, buffer); 1107 } 1108 1109 TPM_RC Parse_TPM_KEY_BITS(std::string* buffer, 1110 TPM_KEY_BITS* value, 1111 std::string* value_bytes) { 1112 VLOG(3) << __func__; 1113 return Parse_UINT16(buffer, value, value_bytes); 1114 } 1115 1116 TPM_RC Serialize_TPM_HANDLE(const TPM_HANDLE& value, std::string* buffer) { 1117 VLOG(3) << __func__; 1118 return Serialize_UINT32(value, buffer); 1119 } 1120 1121 TPM_RC Parse_TPM_HANDLE(std::string* buffer, 1122 TPM_HANDLE* value, 1123 std::string* value_bytes) { 1124 VLOG(3) << __func__; 1125 return Parse_UINT32(buffer, value, value_bytes); 1126 } 1127 1128 TPM_RC Serialize_TPM2B_DIGEST(const TPM2B_DIGEST& value, std::string* buffer) { 1129 TPM_RC result = TPM_RC_SUCCESS; 1130 VLOG(3) << __func__; 1131 1132 result = Serialize_UINT16(value.size, buffer); 1133 if (result) { 1134 return result; 1135 } 1136 1137 if (arraysize(value.buffer) < value.size) { 1138 return TPM_RC_INSUFFICIENT; 1139 } 1140 for (uint32_t i = 0; i < value.size; ++i) { 1141 result = Serialize_BYTE(value.buffer[i], buffer); 1142 if (result) { 1143 return result; 1144 } 1145 } 1146 return result; 1147 } 1148 1149 TPM_RC Parse_TPM2B_DIGEST(std::string* buffer, 1150 TPM2B_DIGEST* value, 1151 std::string* value_bytes) { 1152 TPM_RC result = TPM_RC_SUCCESS; 1153 VLOG(3) << __func__; 1154 1155 result = Parse_UINT16(buffer, &value->size, value_bytes); 1156 if (result) { 1157 return result; 1158 } 1159 1160 if (arraysize(value->buffer) < value->size) { 1161 return TPM_RC_INSUFFICIENT; 1162 } 1163 for (uint32_t i = 0; i < value->size; ++i) { 1164 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 1165 if (result) { 1166 return result; 1167 } 1168 } 1169 return result; 1170 } 1171 1172 TPM2B_DIGEST Make_TPM2B_DIGEST(const std::string& bytes) { 1173 TPM2B_DIGEST tpm2b; 1174 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 1175 memset(&tpm2b, 0, sizeof(TPM2B_DIGEST)); 1176 tpm2b.size = bytes.size(); 1177 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 1178 return tpm2b; 1179 } 1180 1181 std::string StringFrom_TPM2B_DIGEST(const TPM2B_DIGEST& tpm2b) { 1182 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 1183 return std::string(char_buffer, tpm2b.size); 1184 } 1185 1186 TPM_RC Serialize_TPM2B_NONCE(const TPM2B_NONCE& value, std::string* buffer) { 1187 VLOG(3) << __func__; 1188 return Serialize_TPM2B_DIGEST(value, buffer); 1189 } 1190 1191 TPM_RC Parse_TPM2B_NONCE(std::string* buffer, 1192 TPM2B_NONCE* value, 1193 std::string* value_bytes) { 1194 VLOG(3) << __func__; 1195 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1196 } 1197 1198 TPM_RC Serialize_TPM2B_AUTH(const TPM2B_AUTH& value, std::string* buffer) { 1199 VLOG(3) << __func__; 1200 return Serialize_TPM2B_DIGEST(value, buffer); 1201 } 1202 1203 TPM_RC Parse_TPM2B_AUTH(std::string* buffer, 1204 TPM2B_AUTH* value, 1205 std::string* value_bytes) { 1206 VLOG(3) << __func__; 1207 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1208 } 1209 1210 TPM_RC Serialize_TPM2B_OPERAND(const TPM2B_OPERAND& value, 1211 std::string* buffer) { 1212 VLOG(3) << __func__; 1213 return Serialize_TPM2B_DIGEST(value, buffer); 1214 } 1215 1216 TPM_RC Parse_TPM2B_OPERAND(std::string* buffer, 1217 TPM2B_OPERAND* value, 1218 std::string* value_bytes) { 1219 VLOG(3) << __func__; 1220 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1221 } 1222 1223 TPM_RC Serialize_TPM_ALG_ID(const TPM_ALG_ID& value, std::string* buffer) { 1224 VLOG(3) << __func__; 1225 return Serialize_UINT16(value, buffer); 1226 } 1227 1228 TPM_RC Parse_TPM_ALG_ID(std::string* buffer, 1229 TPM_ALG_ID* value, 1230 std::string* value_bytes) { 1231 VLOG(3) << __func__; 1232 return Parse_UINT16(buffer, value, value_bytes); 1233 } 1234 1235 TPM_RC Serialize_TPMI_ALG_HASH(const TPMI_ALG_HASH& value, 1236 std::string* buffer) { 1237 VLOG(3) << __func__; 1238 return Serialize_TPM_ALG_ID(value, buffer); 1239 } 1240 1241 TPM_RC Parse_TPMI_ALG_HASH(std::string* buffer, 1242 TPMI_ALG_HASH* value, 1243 std::string* value_bytes) { 1244 VLOG(3) << __func__; 1245 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1246 } 1247 1248 TPM_RC Serialize_TPMS_SCHEME_SIGHASH(const TPMS_SCHEME_SIGHASH& value, 1249 std::string* buffer) { 1250 TPM_RC result = TPM_RC_SUCCESS; 1251 VLOG(3) << __func__; 1252 1253 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 1254 if (result) { 1255 return result; 1256 } 1257 return result; 1258 } 1259 1260 TPM_RC Parse_TPMS_SCHEME_SIGHASH(std::string* buffer, 1261 TPMS_SCHEME_SIGHASH* value, 1262 std::string* value_bytes) { 1263 TPM_RC result = TPM_RC_SUCCESS; 1264 VLOG(3) << __func__; 1265 1266 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 1267 if (result) { 1268 return result; 1269 } 1270 return result; 1271 } 1272 1273 TPM_RC Serialize_TPMS_SCHEME_HMAC(const TPMS_SCHEME_HMAC& value, 1274 std::string* buffer) { 1275 VLOG(3) << __func__; 1276 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1277 } 1278 1279 TPM_RC Parse_TPMS_SCHEME_HMAC(std::string* buffer, 1280 TPMS_SCHEME_HMAC* value, 1281 std::string* value_bytes) { 1282 VLOG(3) << __func__; 1283 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1284 } 1285 1286 TPM_RC Serialize_TPMS_SCHEME_RSASSA(const TPMS_SCHEME_RSASSA& value, 1287 std::string* buffer) { 1288 VLOG(3) << __func__; 1289 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1290 } 1291 1292 TPM_RC Parse_TPMS_SCHEME_RSASSA(std::string* buffer, 1293 TPMS_SCHEME_RSASSA* value, 1294 std::string* value_bytes) { 1295 VLOG(3) << __func__; 1296 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1297 } 1298 1299 TPM_RC Serialize_TPMS_SCHEME_RSAPSS(const TPMS_SCHEME_RSAPSS& value, 1300 std::string* buffer) { 1301 VLOG(3) << __func__; 1302 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1303 } 1304 1305 TPM_RC Parse_TPMS_SCHEME_RSAPSS(std::string* buffer, 1306 TPMS_SCHEME_RSAPSS* value, 1307 std::string* value_bytes) { 1308 VLOG(3) << __func__; 1309 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1310 } 1311 1312 TPM_RC Serialize_TPMS_SCHEME_ECDSA(const TPMS_SCHEME_ECDSA& value, 1313 std::string* buffer) { 1314 VLOG(3) << __func__; 1315 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1316 } 1317 1318 TPM_RC Parse_TPMS_SCHEME_ECDSA(std::string* buffer, 1319 TPMS_SCHEME_ECDSA* value, 1320 std::string* value_bytes) { 1321 VLOG(3) << __func__; 1322 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1323 } 1324 1325 TPM_RC Serialize_TPMS_SCHEME_SM2(const TPMS_SCHEME_SM2& value, 1326 std::string* buffer) { 1327 VLOG(3) << __func__; 1328 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1329 } 1330 1331 TPM_RC Parse_TPMS_SCHEME_SM2(std::string* buffer, 1332 TPMS_SCHEME_SM2* value, 1333 std::string* value_bytes) { 1334 VLOG(3) << __func__; 1335 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1336 } 1337 1338 TPM_RC Serialize_TPMS_SCHEME_ECSCHNORR(const TPMS_SCHEME_ECSCHNORR& value, 1339 std::string* buffer) { 1340 VLOG(3) << __func__; 1341 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1342 } 1343 1344 TPM_RC Parse_TPMS_SCHEME_ECSCHNORR(std::string* buffer, 1345 TPMS_SCHEME_ECSCHNORR* value, 1346 std::string* value_bytes) { 1347 VLOG(3) << __func__; 1348 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1349 } 1350 1351 TPM_RC Serialize_TPMI_YES_NO(const TPMI_YES_NO& value, std::string* buffer) { 1352 VLOG(3) << __func__; 1353 return Serialize_BYTE(value, buffer); 1354 } 1355 1356 TPM_RC Parse_TPMI_YES_NO(std::string* buffer, 1357 TPMI_YES_NO* value, 1358 std::string* value_bytes) { 1359 VLOG(3) << __func__; 1360 return Parse_BYTE(buffer, value, value_bytes); 1361 } 1362 1363 TPM_RC Serialize_TPMI_DH_OBJECT(const TPMI_DH_OBJECT& value, 1364 std::string* buffer) { 1365 VLOG(3) << __func__; 1366 return Serialize_TPM_HANDLE(value, buffer); 1367 } 1368 1369 TPM_RC Parse_TPMI_DH_OBJECT(std::string* buffer, 1370 TPMI_DH_OBJECT* value, 1371 std::string* value_bytes) { 1372 VLOG(3) << __func__; 1373 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1374 } 1375 1376 TPM_RC Serialize_TPMI_DH_PERSISTENT(const TPMI_DH_PERSISTENT& value, 1377 std::string* buffer) { 1378 VLOG(3) << __func__; 1379 return Serialize_TPM_HANDLE(value, buffer); 1380 } 1381 1382 TPM_RC Parse_TPMI_DH_PERSISTENT(std::string* buffer, 1383 TPMI_DH_PERSISTENT* value, 1384 std::string* value_bytes) { 1385 VLOG(3) << __func__; 1386 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1387 } 1388 1389 TPM_RC Serialize_TPMI_DH_ENTITY(const TPMI_DH_ENTITY& value, 1390 std::string* buffer) { 1391 VLOG(3) << __func__; 1392 return Serialize_TPM_HANDLE(value, buffer); 1393 } 1394 1395 TPM_RC Parse_TPMI_DH_ENTITY(std::string* buffer, 1396 TPMI_DH_ENTITY* value, 1397 std::string* value_bytes) { 1398 VLOG(3) << __func__; 1399 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1400 } 1401 1402 TPM_RC Serialize_TPMI_DH_PCR(const TPMI_DH_PCR& value, std::string* buffer) { 1403 VLOG(3) << __func__; 1404 return Serialize_TPM_HANDLE(value, buffer); 1405 } 1406 1407 TPM_RC Parse_TPMI_DH_PCR(std::string* buffer, 1408 TPMI_DH_PCR* value, 1409 std::string* value_bytes) { 1410 VLOG(3) << __func__; 1411 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1412 } 1413 1414 TPM_RC Serialize_TPMI_SH_AUTH_SESSION(const TPMI_SH_AUTH_SESSION& value, 1415 std::string* buffer) { 1416 VLOG(3) << __func__; 1417 return Serialize_TPM_HANDLE(value, buffer); 1418 } 1419 1420 TPM_RC Parse_TPMI_SH_AUTH_SESSION(std::string* buffer, 1421 TPMI_SH_AUTH_SESSION* value, 1422 std::string* value_bytes) { 1423 VLOG(3) << __func__; 1424 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1425 } 1426 1427 TPM_RC Serialize_TPMI_SH_HMAC(const TPMI_SH_HMAC& value, std::string* buffer) { 1428 VLOG(3) << __func__; 1429 return Serialize_TPM_HANDLE(value, buffer); 1430 } 1431 1432 TPM_RC Parse_TPMI_SH_HMAC(std::string* buffer, 1433 TPMI_SH_HMAC* value, 1434 std::string* value_bytes) { 1435 VLOG(3) << __func__; 1436 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1437 } 1438 1439 TPM_RC Serialize_TPMI_SH_POLICY(const TPMI_SH_POLICY& value, 1440 std::string* buffer) { 1441 VLOG(3) << __func__; 1442 return Serialize_TPM_HANDLE(value, buffer); 1443 } 1444 1445 TPM_RC Parse_TPMI_SH_POLICY(std::string* buffer, 1446 TPMI_SH_POLICY* value, 1447 std::string* value_bytes) { 1448 VLOG(3) << __func__; 1449 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1450 } 1451 1452 TPM_RC Serialize_TPMI_DH_CONTEXT(const TPMI_DH_CONTEXT& value, 1453 std::string* buffer) { 1454 VLOG(3) << __func__; 1455 return Serialize_TPM_HANDLE(value, buffer); 1456 } 1457 1458 TPM_RC Parse_TPMI_DH_CONTEXT(std::string* buffer, 1459 TPMI_DH_CONTEXT* value, 1460 std::string* value_bytes) { 1461 VLOG(3) << __func__; 1462 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1463 } 1464 1465 TPM_RC Serialize_TPMI_RH_HIERARCHY(const TPMI_RH_HIERARCHY& value, 1466 std::string* buffer) { 1467 VLOG(3) << __func__; 1468 return Serialize_TPM_HANDLE(value, buffer); 1469 } 1470 1471 TPM_RC Parse_TPMI_RH_HIERARCHY(std::string* buffer, 1472 TPMI_RH_HIERARCHY* value, 1473 std::string* value_bytes) { 1474 VLOG(3) << __func__; 1475 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1476 } 1477 1478 TPM_RC Serialize_TPMI_RH_ENABLES(const TPMI_RH_ENABLES& value, 1479 std::string* buffer) { 1480 VLOG(3) << __func__; 1481 return Serialize_TPM_HANDLE(value, buffer); 1482 } 1483 1484 TPM_RC Parse_TPMI_RH_ENABLES(std::string* buffer, 1485 TPMI_RH_ENABLES* value, 1486 std::string* value_bytes) { 1487 VLOG(3) << __func__; 1488 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1489 } 1490 1491 TPM_RC Serialize_TPMI_RH_HIERARCHY_AUTH(const TPMI_RH_HIERARCHY_AUTH& value, 1492 std::string* buffer) { 1493 VLOG(3) << __func__; 1494 return Serialize_TPM_HANDLE(value, buffer); 1495 } 1496 1497 TPM_RC Parse_TPMI_RH_HIERARCHY_AUTH(std::string* buffer, 1498 TPMI_RH_HIERARCHY_AUTH* value, 1499 std::string* value_bytes) { 1500 VLOG(3) << __func__; 1501 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1502 } 1503 1504 TPM_RC Serialize_TPMI_RH_PLATFORM(const TPMI_RH_PLATFORM& value, 1505 std::string* buffer) { 1506 VLOG(3) << __func__; 1507 return Serialize_TPM_HANDLE(value, buffer); 1508 } 1509 1510 TPM_RC Parse_TPMI_RH_PLATFORM(std::string* buffer, 1511 TPMI_RH_PLATFORM* value, 1512 std::string* value_bytes) { 1513 VLOG(3) << __func__; 1514 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1515 } 1516 1517 TPM_RC Serialize_TPMI_RH_OWNER(const TPMI_RH_OWNER& value, 1518 std::string* buffer) { 1519 VLOG(3) << __func__; 1520 return Serialize_TPM_HANDLE(value, buffer); 1521 } 1522 1523 TPM_RC Parse_TPMI_RH_OWNER(std::string* buffer, 1524 TPMI_RH_OWNER* value, 1525 std::string* value_bytes) { 1526 VLOG(3) << __func__; 1527 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1528 } 1529 1530 TPM_RC Serialize_TPMI_RH_ENDORSEMENT(const TPMI_RH_ENDORSEMENT& value, 1531 std::string* buffer) { 1532 VLOG(3) << __func__; 1533 return Serialize_TPM_HANDLE(value, buffer); 1534 } 1535 1536 TPM_RC Parse_TPMI_RH_ENDORSEMENT(std::string* buffer, 1537 TPMI_RH_ENDORSEMENT* value, 1538 std::string* value_bytes) { 1539 VLOG(3) << __func__; 1540 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1541 } 1542 1543 TPM_RC Serialize_TPMI_RH_PROVISION(const TPMI_RH_PROVISION& value, 1544 std::string* buffer) { 1545 VLOG(3) << __func__; 1546 return Serialize_TPM_HANDLE(value, buffer); 1547 } 1548 1549 TPM_RC Parse_TPMI_RH_PROVISION(std::string* buffer, 1550 TPMI_RH_PROVISION* value, 1551 std::string* value_bytes) { 1552 VLOG(3) << __func__; 1553 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1554 } 1555 1556 TPM_RC Serialize_TPMI_RH_CLEAR(const TPMI_RH_CLEAR& value, 1557 std::string* buffer) { 1558 VLOG(3) << __func__; 1559 return Serialize_TPM_HANDLE(value, buffer); 1560 } 1561 1562 TPM_RC Parse_TPMI_RH_CLEAR(std::string* buffer, 1563 TPMI_RH_CLEAR* value, 1564 std::string* value_bytes) { 1565 VLOG(3) << __func__; 1566 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1567 } 1568 1569 TPM_RC Serialize_TPMI_RH_NV_AUTH(const TPMI_RH_NV_AUTH& value, 1570 std::string* buffer) { 1571 VLOG(3) << __func__; 1572 return Serialize_TPM_HANDLE(value, buffer); 1573 } 1574 1575 TPM_RC Parse_TPMI_RH_NV_AUTH(std::string* buffer, 1576 TPMI_RH_NV_AUTH* value, 1577 std::string* value_bytes) { 1578 VLOG(3) << __func__; 1579 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1580 } 1581 1582 TPM_RC Serialize_TPMI_RH_LOCKOUT(const TPMI_RH_LOCKOUT& value, 1583 std::string* buffer) { 1584 VLOG(3) << __func__; 1585 return Serialize_TPM_HANDLE(value, buffer); 1586 } 1587 1588 TPM_RC Parse_TPMI_RH_LOCKOUT(std::string* buffer, 1589 TPMI_RH_LOCKOUT* value, 1590 std::string* value_bytes) { 1591 VLOG(3) << __func__; 1592 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1593 } 1594 1595 TPM_RC Serialize_TPMI_RH_NV_INDEX(const TPMI_RH_NV_INDEX& value, 1596 std::string* buffer) { 1597 VLOG(3) << __func__; 1598 return Serialize_TPM_HANDLE(value, buffer); 1599 } 1600 1601 TPM_RC Parse_TPMI_RH_NV_INDEX(std::string* buffer, 1602 TPMI_RH_NV_INDEX* value, 1603 std::string* value_bytes) { 1604 VLOG(3) << __func__; 1605 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1606 } 1607 1608 TPM_RC Serialize_TPMI_ALG_ASYM(const TPMI_ALG_ASYM& value, 1609 std::string* buffer) { 1610 VLOG(3) << __func__; 1611 return Serialize_TPM_ALG_ID(value, buffer); 1612 } 1613 1614 TPM_RC Parse_TPMI_ALG_ASYM(std::string* buffer, 1615 TPMI_ALG_ASYM* value, 1616 std::string* value_bytes) { 1617 VLOG(3) << __func__; 1618 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1619 } 1620 1621 TPM_RC Serialize_TPMI_ALG_SYM(const TPMI_ALG_SYM& value, std::string* buffer) { 1622 VLOG(3) << __func__; 1623 return Serialize_TPM_ALG_ID(value, buffer); 1624 } 1625 1626 TPM_RC Parse_TPMI_ALG_SYM(std::string* buffer, 1627 TPMI_ALG_SYM* value, 1628 std::string* value_bytes) { 1629 VLOG(3) << __func__; 1630 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1631 } 1632 1633 TPM_RC Serialize_TPMI_ALG_SYM_OBJECT(const TPMI_ALG_SYM_OBJECT& value, 1634 std::string* buffer) { 1635 VLOG(3) << __func__; 1636 return Serialize_TPM_ALG_ID(value, buffer); 1637 } 1638 1639 TPM_RC Parse_TPMI_ALG_SYM_OBJECT(std::string* buffer, 1640 TPMI_ALG_SYM_OBJECT* value, 1641 std::string* value_bytes) { 1642 VLOG(3) << __func__; 1643 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1644 } 1645 1646 TPM_RC Serialize_TPMI_ALG_SYM_MODE(const TPMI_ALG_SYM_MODE& value, 1647 std::string* buffer) { 1648 VLOG(3) << __func__; 1649 return Serialize_TPM_ALG_ID(value, buffer); 1650 } 1651 1652 TPM_RC Parse_TPMI_ALG_SYM_MODE(std::string* buffer, 1653 TPMI_ALG_SYM_MODE* value, 1654 std::string* value_bytes) { 1655 VLOG(3) << __func__; 1656 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1657 } 1658 1659 TPM_RC Serialize_TPMI_ALG_KDF(const TPMI_ALG_KDF& value, std::string* buffer) { 1660 VLOG(3) << __func__; 1661 return Serialize_TPM_ALG_ID(value, buffer); 1662 } 1663 1664 TPM_RC Parse_TPMI_ALG_KDF(std::string* buffer, 1665 TPMI_ALG_KDF* value, 1666 std::string* value_bytes) { 1667 VLOG(3) << __func__; 1668 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1669 } 1670 1671 TPM_RC Serialize_TPMI_ALG_SIG_SCHEME(const TPMI_ALG_SIG_SCHEME& value, 1672 std::string* buffer) { 1673 VLOG(3) << __func__; 1674 return Serialize_TPM_ALG_ID(value, buffer); 1675 } 1676 1677 TPM_RC Parse_TPMI_ALG_SIG_SCHEME(std::string* buffer, 1678 TPMI_ALG_SIG_SCHEME* value, 1679 std::string* value_bytes) { 1680 VLOG(3) << __func__; 1681 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1682 } 1683 1684 TPM_RC Serialize_TPMI_ECC_KEY_EXCHANGE(const TPMI_ECC_KEY_EXCHANGE& value, 1685 std::string* buffer) { 1686 VLOG(3) << __func__; 1687 return Serialize_TPM_ALG_ID(value, buffer); 1688 } 1689 1690 TPM_RC Parse_TPMI_ECC_KEY_EXCHANGE(std::string* buffer, 1691 TPMI_ECC_KEY_EXCHANGE* value, 1692 std::string* value_bytes) { 1693 VLOG(3) << __func__; 1694 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1695 } 1696 1697 TPM_RC Serialize_TPM_ST(const TPM_ST& value, std::string* buffer) { 1698 VLOG(3) << __func__; 1699 return Serialize_UINT16(value, buffer); 1700 } 1701 1702 TPM_RC Parse_TPM_ST(std::string* buffer, 1703 TPM_ST* value, 1704 std::string* value_bytes) { 1705 VLOG(3) << __func__; 1706 return Parse_UINT16(buffer, value, value_bytes); 1707 } 1708 1709 TPM_RC Serialize_TPMI_ST_COMMAND_TAG(const TPMI_ST_COMMAND_TAG& value, 1710 std::string* buffer) { 1711 VLOG(3) << __func__; 1712 return Serialize_TPM_ST(value, buffer); 1713 } 1714 1715 TPM_RC Parse_TPMI_ST_COMMAND_TAG(std::string* buffer, 1716 TPMI_ST_COMMAND_TAG* value, 1717 std::string* value_bytes) { 1718 VLOG(3) << __func__; 1719 return Parse_TPM_ST(buffer, value, value_bytes); 1720 } 1721 1722 TPM_RC Serialize_TPMI_ST_ATTEST(const TPMI_ST_ATTEST& value, 1723 std::string* buffer) { 1724 VLOG(3) << __func__; 1725 return Serialize_TPM_ST(value, buffer); 1726 } 1727 1728 TPM_RC Parse_TPMI_ST_ATTEST(std::string* buffer, 1729 TPMI_ST_ATTEST* value, 1730 std::string* value_bytes) { 1731 VLOG(3) << __func__; 1732 return Parse_TPM_ST(buffer, value, value_bytes); 1733 } 1734 1735 TPM_RC Serialize_TPMI_AES_KEY_BITS(const TPMI_AES_KEY_BITS& value, 1736 std::string* buffer) { 1737 VLOG(3) << __func__; 1738 return Serialize_TPM_KEY_BITS(value, buffer); 1739 } 1740 1741 TPM_RC Parse_TPMI_AES_KEY_BITS(std::string* buffer, 1742 TPMI_AES_KEY_BITS* value, 1743 std::string* value_bytes) { 1744 VLOG(3) << __func__; 1745 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1746 } 1747 1748 TPM_RC Serialize_TPMI_SM4_KEY_BITS(const TPMI_SM4_KEY_BITS& value, 1749 std::string* buffer) { 1750 VLOG(3) << __func__; 1751 return Serialize_TPM_KEY_BITS(value, buffer); 1752 } 1753 1754 TPM_RC Parse_TPMI_SM4_KEY_BITS(std::string* buffer, 1755 TPMI_SM4_KEY_BITS* value, 1756 std::string* value_bytes) { 1757 VLOG(3) << __func__; 1758 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1759 } 1760 1761 TPM_RC Serialize_TPMI_ALG_KEYEDHASH_SCHEME( 1762 const TPMI_ALG_KEYEDHASH_SCHEME& value, 1763 std::string* buffer) { 1764 VLOG(3) << __func__; 1765 return Serialize_TPM_ALG_ID(value, buffer); 1766 } 1767 1768 TPM_RC Parse_TPMI_ALG_KEYEDHASH_SCHEME(std::string* buffer, 1769 TPMI_ALG_KEYEDHASH_SCHEME* value, 1770 std::string* value_bytes) { 1771 VLOG(3) << __func__; 1772 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1773 } 1774 1775 TPM_RC Serialize_TPMI_ALG_ASYM_SCHEME(const TPMI_ALG_ASYM_SCHEME& value, 1776 std::string* buffer) { 1777 VLOG(3) << __func__; 1778 return Serialize_TPM_ALG_ID(value, buffer); 1779 } 1780 1781 TPM_RC Parse_TPMI_ALG_ASYM_SCHEME(std::string* buffer, 1782 TPMI_ALG_ASYM_SCHEME* value, 1783 std::string* value_bytes) { 1784 VLOG(3) << __func__; 1785 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1786 } 1787 1788 TPM_RC Serialize_TPMI_ALG_RSA_SCHEME(const TPMI_ALG_RSA_SCHEME& value, 1789 std::string* buffer) { 1790 VLOG(3) << __func__; 1791 return Serialize_TPM_ALG_ID(value, buffer); 1792 } 1793 1794 TPM_RC Parse_TPMI_ALG_RSA_SCHEME(std::string* buffer, 1795 TPMI_ALG_RSA_SCHEME* value, 1796 std::string* value_bytes) { 1797 VLOG(3) << __func__; 1798 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1799 } 1800 1801 TPM_RC Serialize_TPMI_ALG_RSA_DECRYPT(const TPMI_ALG_RSA_DECRYPT& value, 1802 std::string* buffer) { 1803 VLOG(3) << __func__; 1804 return Serialize_TPM_ALG_ID(value, buffer); 1805 } 1806 1807 TPM_RC Parse_TPMI_ALG_RSA_DECRYPT(std::string* buffer, 1808 TPMI_ALG_RSA_DECRYPT* value, 1809 std::string* value_bytes) { 1810 VLOG(3) << __func__; 1811 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1812 } 1813 1814 TPM_RC Serialize_TPMI_RSA_KEY_BITS(const TPMI_RSA_KEY_BITS& value, 1815 std::string* buffer) { 1816 VLOG(3) << __func__; 1817 return Serialize_TPM_KEY_BITS(value, buffer); 1818 } 1819 1820 TPM_RC Parse_TPMI_RSA_KEY_BITS(std::string* buffer, 1821 TPMI_RSA_KEY_BITS* value, 1822 std::string* value_bytes) { 1823 VLOG(3) << __func__; 1824 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1825 } 1826 1827 TPM_RC Serialize_TPMI_ALG_ECC_SCHEME(const TPMI_ALG_ECC_SCHEME& value, 1828 std::string* buffer) { 1829 VLOG(3) << __func__; 1830 return Serialize_TPM_ALG_ID(value, buffer); 1831 } 1832 1833 TPM_RC Parse_TPMI_ALG_ECC_SCHEME(std::string* buffer, 1834 TPMI_ALG_ECC_SCHEME* value, 1835 std::string* value_bytes) { 1836 VLOG(3) << __func__; 1837 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1838 } 1839 1840 TPM_RC Serialize_TPM_ECC_CURVE(const TPM_ECC_CURVE& value, 1841 std::string* buffer) { 1842 VLOG(3) << __func__; 1843 return Serialize_UINT16(value, buffer); 1844 } 1845 1846 TPM_RC Parse_TPM_ECC_CURVE(std::string* buffer, 1847 TPM_ECC_CURVE* value, 1848 std::string* value_bytes) { 1849 VLOG(3) << __func__; 1850 return Parse_UINT16(buffer, value, value_bytes); 1851 } 1852 1853 TPM_RC Serialize_TPMI_ECC_CURVE(const TPMI_ECC_CURVE& value, 1854 std::string* buffer) { 1855 VLOG(3) << __func__; 1856 return Serialize_TPM_ECC_CURVE(value, buffer); 1857 } 1858 1859 TPM_RC Parse_TPMI_ECC_CURVE(std::string* buffer, 1860 TPMI_ECC_CURVE* value, 1861 std::string* value_bytes) { 1862 VLOG(3) << __func__; 1863 return Parse_TPM_ECC_CURVE(buffer, value, value_bytes); 1864 } 1865 1866 TPM_RC Serialize_TPMI_ALG_PUBLIC(const TPMI_ALG_PUBLIC& value, 1867 std::string* buffer) { 1868 VLOG(3) << __func__; 1869 return Serialize_TPM_ALG_ID(value, buffer); 1870 } 1871 1872 TPM_RC Parse_TPMI_ALG_PUBLIC(std::string* buffer, 1873 TPMI_ALG_PUBLIC* value, 1874 std::string* value_bytes) { 1875 VLOG(3) << __func__; 1876 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1877 } 1878 1879 TPM_RC Serialize_TPMA_ALGORITHM(const TPMA_ALGORITHM& value, 1880 std::string* buffer) { 1881 VLOG(3) << __func__; 1882 return Serialize_UINT32(value, buffer); 1883 } 1884 1885 TPM_RC Parse_TPMA_ALGORITHM(std::string* buffer, 1886 TPMA_ALGORITHM* value, 1887 std::string* value_bytes) { 1888 VLOG(3) << __func__; 1889 return Parse_UINT32(buffer, value, value_bytes); 1890 } 1891 1892 TPM_RC Serialize_TPMA_OBJECT(const TPMA_OBJECT& value, std::string* buffer) { 1893 VLOG(3) << __func__; 1894 return Serialize_UINT32(value, buffer); 1895 } 1896 1897 TPM_RC Parse_TPMA_OBJECT(std::string* buffer, 1898 TPMA_OBJECT* value, 1899 std::string* value_bytes) { 1900 VLOG(3) << __func__; 1901 return Parse_UINT32(buffer, value, value_bytes); 1902 } 1903 1904 TPM_RC Serialize_TPMA_SESSION(const TPMA_SESSION& value, std::string* buffer) { 1905 VLOG(3) << __func__; 1906 return Serialize_UINT8(value, buffer); 1907 } 1908 1909 TPM_RC Parse_TPMA_SESSION(std::string* buffer, 1910 TPMA_SESSION* value, 1911 std::string* value_bytes) { 1912 VLOG(3) << __func__; 1913 return Parse_UINT8(buffer, value, value_bytes); 1914 } 1915 1916 TPM_RC Serialize_TPMA_LOCALITY(const TPMA_LOCALITY& value, 1917 std::string* buffer) { 1918 VLOG(3) << __func__; 1919 return Serialize_UINT8(value, buffer); 1920 } 1921 1922 TPM_RC Parse_TPMA_LOCALITY(std::string* buffer, 1923 TPMA_LOCALITY* value, 1924 std::string* value_bytes) { 1925 VLOG(3) << __func__; 1926 return Parse_UINT8(buffer, value, value_bytes); 1927 } 1928 1929 TPM_RC Serialize_TPMA_PERMANENT(const TPMA_PERMANENT& value, 1930 std::string* buffer) { 1931 VLOG(3) << __func__; 1932 return Serialize_UINT32(value, buffer); 1933 } 1934 1935 TPM_RC Parse_TPMA_PERMANENT(std::string* buffer, 1936 TPMA_PERMANENT* value, 1937 std::string* value_bytes) { 1938 VLOG(3) << __func__; 1939 return Parse_UINT32(buffer, value, value_bytes); 1940 } 1941 1942 TPM_RC Serialize_TPMA_STARTUP_CLEAR(const TPMA_STARTUP_CLEAR& value, 1943 std::string* buffer) { 1944 VLOG(3) << __func__; 1945 return Serialize_UINT32(value, buffer); 1946 } 1947 1948 TPM_RC Parse_TPMA_STARTUP_CLEAR(std::string* buffer, 1949 TPMA_STARTUP_CLEAR* value, 1950 std::string* value_bytes) { 1951 VLOG(3) << __func__; 1952 return Parse_UINT32(buffer, value, value_bytes); 1953 } 1954 1955 TPM_RC Serialize_TPMA_MEMORY(const TPMA_MEMORY& value, std::string* buffer) { 1956 VLOG(3) << __func__; 1957 return Serialize_UINT32(value, buffer); 1958 } 1959 1960 TPM_RC Parse_TPMA_MEMORY(std::string* buffer, 1961 TPMA_MEMORY* value, 1962 std::string* value_bytes) { 1963 VLOG(3) << __func__; 1964 return Parse_UINT32(buffer, value, value_bytes); 1965 } 1966 1967 TPM_RC Serialize_TPM_CC(const TPM_CC& value, std::string* buffer) { 1968 VLOG(3) << __func__; 1969 return Serialize_UINT32(value, buffer); 1970 } 1971 1972 TPM_RC Parse_TPM_CC(std::string* buffer, 1973 TPM_CC* value, 1974 std::string* value_bytes) { 1975 VLOG(3) << __func__; 1976 return Parse_UINT32(buffer, value, value_bytes); 1977 } 1978 1979 TPM_RC Serialize_TPMA_CC(const TPMA_CC& value, std::string* buffer) { 1980 VLOG(3) << __func__; 1981 return Serialize_TPM_CC(value, buffer); 1982 } 1983 1984 TPM_RC Parse_TPMA_CC(std::string* buffer, 1985 TPMA_CC* value, 1986 std::string* value_bytes) { 1987 VLOG(3) << __func__; 1988 return Parse_TPM_CC(buffer, value, value_bytes); 1989 } 1990 1991 TPM_RC Serialize_TPM_NV_INDEX(const TPM_NV_INDEX& value, std::string* buffer) { 1992 VLOG(3) << __func__; 1993 return Serialize_UINT32(value, buffer); 1994 } 1995 1996 TPM_RC Parse_TPM_NV_INDEX(std::string* buffer, 1997 TPM_NV_INDEX* value, 1998 std::string* value_bytes) { 1999 VLOG(3) << __func__; 2000 return Parse_UINT32(buffer, value, value_bytes); 2001 } 2002 2003 TPM_RC Serialize_TPMA_NV(const TPMA_NV& value, std::string* buffer) { 2004 VLOG(3) << __func__; 2005 return Serialize_UINT32(value, buffer); 2006 } 2007 2008 TPM_RC Parse_TPMA_NV(std::string* buffer, 2009 TPMA_NV* value, 2010 std::string* value_bytes) { 2011 VLOG(3) << __func__; 2012 return Parse_UINT32(buffer, value, value_bytes); 2013 } 2014 2015 TPM_RC Serialize_TPM_SPEC(const TPM_SPEC& value, std::string* buffer) { 2016 VLOG(3) << __func__; 2017 return Serialize_UINT32(value, buffer); 2018 } 2019 2020 TPM_RC Parse_TPM_SPEC(std::string* buffer, 2021 TPM_SPEC* value, 2022 std::string* value_bytes) { 2023 VLOG(3) << __func__; 2024 return Parse_UINT32(buffer, value, value_bytes); 2025 } 2026 2027 TPM_RC Serialize_TPM_GENERATED(const TPM_GENERATED& value, 2028 std::string* buffer) { 2029 VLOG(3) << __func__; 2030 return Serialize_UINT32(value, buffer); 2031 } 2032 2033 TPM_RC Parse_TPM_GENERATED(std::string* buffer, 2034 TPM_GENERATED* value, 2035 std::string* value_bytes) { 2036 VLOG(3) << __func__; 2037 return Parse_UINT32(buffer, value, value_bytes); 2038 } 2039 2040 TPM_RC Serialize_TPM_RC(const TPM_RC& value, std::string* buffer) { 2041 VLOG(3) << __func__; 2042 return Serialize_UINT32(value, buffer); 2043 } 2044 2045 TPM_RC Parse_TPM_RC(std::string* buffer, 2046 TPM_RC* value, 2047 std::string* value_bytes) { 2048 VLOG(3) << __func__; 2049 return Parse_UINT32(buffer, value, value_bytes); 2050 } 2051 2052 TPM_RC Serialize_TPM_CLOCK_ADJUST(const TPM_CLOCK_ADJUST& value, 2053 std::string* buffer) { 2054 VLOG(3) << __func__; 2055 return Serialize_INT8(value, buffer); 2056 } 2057 2058 TPM_RC Parse_TPM_CLOCK_ADJUST(std::string* buffer, 2059 TPM_CLOCK_ADJUST* value, 2060 std::string* value_bytes) { 2061 VLOG(3) << __func__; 2062 return Parse_INT8(buffer, value, value_bytes); 2063 } 2064 2065 TPM_RC Serialize_TPM_EO(const TPM_EO& value, std::string* buffer) { 2066 VLOG(3) << __func__; 2067 return Serialize_UINT16(value, buffer); 2068 } 2069 2070 TPM_RC Parse_TPM_EO(std::string* buffer, 2071 TPM_EO* value, 2072 std::string* value_bytes) { 2073 VLOG(3) << __func__; 2074 return Parse_UINT16(buffer, value, value_bytes); 2075 } 2076 2077 TPM_RC Serialize_TPM_SU(const TPM_SU& value, std::string* buffer) { 2078 VLOG(3) << __func__; 2079 return Serialize_UINT16(value, buffer); 2080 } 2081 2082 TPM_RC Parse_TPM_SU(std::string* buffer, 2083 TPM_SU* value, 2084 std::string* value_bytes) { 2085 VLOG(3) << __func__; 2086 return Parse_UINT16(buffer, value, value_bytes); 2087 } 2088 2089 TPM_RC Serialize_TPM_SE(const TPM_SE& value, std::string* buffer) { 2090 VLOG(3) << __func__; 2091 return Serialize_UINT8(value, buffer); 2092 } 2093 2094 TPM_RC Parse_TPM_SE(std::string* buffer, 2095 TPM_SE* value, 2096 std::string* value_bytes) { 2097 VLOG(3) << __func__; 2098 return Parse_UINT8(buffer, value, value_bytes); 2099 } 2100 2101 TPM_RC Serialize_TPM_CAP(const TPM_CAP& value, std::string* buffer) { 2102 VLOG(3) << __func__; 2103 return Serialize_UINT32(value, buffer); 2104 } 2105 2106 TPM_RC Parse_TPM_CAP(std::string* buffer, 2107 TPM_CAP* value, 2108 std::string* value_bytes) { 2109 VLOG(3) << __func__; 2110 return Parse_UINT32(buffer, value, value_bytes); 2111 } 2112 2113 TPM_RC Serialize_TPM_PT(const TPM_PT& value, std::string* buffer) { 2114 VLOG(3) << __func__; 2115 return Serialize_UINT32(value, buffer); 2116 } 2117 2118 TPM_RC Parse_TPM_PT(std::string* buffer, 2119 TPM_PT* value, 2120 std::string* value_bytes) { 2121 VLOG(3) << __func__; 2122 return Parse_UINT32(buffer, value, value_bytes); 2123 } 2124 2125 TPM_RC Serialize_TPM_PT_PCR(const TPM_PT_PCR& value, std::string* buffer) { 2126 VLOG(3) << __func__; 2127 return Serialize_UINT32(value, buffer); 2128 } 2129 2130 TPM_RC Parse_TPM_PT_PCR(std::string* buffer, 2131 TPM_PT_PCR* value, 2132 std::string* value_bytes) { 2133 VLOG(3) << __func__; 2134 return Parse_UINT32(buffer, value, value_bytes); 2135 } 2136 2137 TPM_RC Serialize_TPM_PS(const TPM_PS& value, std::string* buffer) { 2138 VLOG(3) << __func__; 2139 return Serialize_UINT32(value, buffer); 2140 } 2141 2142 TPM_RC Parse_TPM_PS(std::string* buffer, 2143 TPM_PS* value, 2144 std::string* value_bytes) { 2145 VLOG(3) << __func__; 2146 return Parse_UINT32(buffer, value, value_bytes); 2147 } 2148 2149 TPM_RC Serialize_TPM_HT(const TPM_HT& value, std::string* buffer) { 2150 VLOG(3) << __func__; 2151 return Serialize_UINT8(value, buffer); 2152 } 2153 2154 TPM_RC Parse_TPM_HT(std::string* buffer, 2155 TPM_HT* value, 2156 std::string* value_bytes) { 2157 VLOG(3) << __func__; 2158 return Parse_UINT8(buffer, value, value_bytes); 2159 } 2160 2161 TPM_RC Serialize_TPM_RH(const TPM_RH& value, std::string* buffer) { 2162 VLOG(3) << __func__; 2163 return Serialize_UINT32(value, buffer); 2164 } 2165 2166 TPM_RC Parse_TPM_RH(std::string* buffer, 2167 TPM_RH* value, 2168 std::string* value_bytes) { 2169 VLOG(3) << __func__; 2170 return Parse_UINT32(buffer, value, value_bytes); 2171 } 2172 2173 TPM_RC Serialize_TPM_HC(const TPM_HC& value, std::string* buffer) { 2174 VLOG(3) << __func__; 2175 return Serialize_TPM_HANDLE(value, buffer); 2176 } 2177 2178 TPM_RC Parse_TPM_HC(std::string* buffer, 2179 TPM_HC* value, 2180 std::string* value_bytes) { 2181 VLOG(3) << __func__; 2182 return Parse_TPM_HANDLE(buffer, value, value_bytes); 2183 } 2184 2185 TPM_RC Serialize_TPMS_ALGORITHM_DESCRIPTION( 2186 const TPMS_ALGORITHM_DESCRIPTION& value, 2187 std::string* buffer) { 2188 TPM_RC result = TPM_RC_SUCCESS; 2189 VLOG(3) << __func__; 2190 2191 result = Serialize_TPM_ALG_ID(value.alg, buffer); 2192 if (result) { 2193 return result; 2194 } 2195 2196 result = Serialize_TPMA_ALGORITHM(value.attributes, buffer); 2197 if (result) { 2198 return result; 2199 } 2200 return result; 2201 } 2202 2203 TPM_RC Parse_TPMS_ALGORITHM_DESCRIPTION(std::string* buffer, 2204 TPMS_ALGORITHM_DESCRIPTION* value, 2205 std::string* value_bytes) { 2206 TPM_RC result = TPM_RC_SUCCESS; 2207 VLOG(3) << __func__; 2208 2209 result = Parse_TPM_ALG_ID(buffer, &value->alg, value_bytes); 2210 if (result) { 2211 return result; 2212 } 2213 2214 result = Parse_TPMA_ALGORITHM(buffer, &value->attributes, value_bytes); 2215 if (result) { 2216 return result; 2217 } 2218 return result; 2219 } 2220 2221 TPM_RC Serialize_TPMU_HA(const TPMU_HA& value, 2222 TPMI_ALG_HASH selector, 2223 std::string* buffer) { 2224 TPM_RC result = TPM_RC_SUCCESS; 2225 VLOG(3) << __func__; 2226 2227 if (selector == TPM_ALG_SHA384) { 2228 if (arraysize(value.sha384) < SHA384_DIGEST_SIZE) { 2229 return TPM_RC_INSUFFICIENT; 2230 } 2231 for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) { 2232 result = Serialize_BYTE(value.sha384[i], buffer); 2233 if (result) { 2234 return result; 2235 } 2236 } 2237 } 2238 2239 if (selector == TPM_ALG_SHA1) { 2240 if (arraysize(value.sha1) < SHA1_DIGEST_SIZE) { 2241 return TPM_RC_INSUFFICIENT; 2242 } 2243 for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) { 2244 result = Serialize_BYTE(value.sha1[i], buffer); 2245 if (result) { 2246 return result; 2247 } 2248 } 2249 } 2250 2251 if (selector == TPM_ALG_SM3_256) { 2252 if (arraysize(value.sm3_256) < SM3_256_DIGEST_SIZE) { 2253 return TPM_RC_INSUFFICIENT; 2254 } 2255 for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) { 2256 result = Serialize_BYTE(value.sm3_256[i], buffer); 2257 if (result) { 2258 return result; 2259 } 2260 } 2261 } 2262 2263 if (selector == TPM_ALG_NULL) { 2264 // Do nothing. 2265 } 2266 2267 if (selector == TPM_ALG_SHA256) { 2268 if (arraysize(value.sha256) < SHA256_DIGEST_SIZE) { 2269 return TPM_RC_INSUFFICIENT; 2270 } 2271 for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) { 2272 result = Serialize_BYTE(value.sha256[i], buffer); 2273 if (result) { 2274 return result; 2275 } 2276 } 2277 } 2278 2279 if (selector == TPM_ALG_SHA512) { 2280 if (arraysize(value.sha512) < SHA512_DIGEST_SIZE) { 2281 return TPM_RC_INSUFFICIENT; 2282 } 2283 for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) { 2284 result = Serialize_BYTE(value.sha512[i], buffer); 2285 if (result) { 2286 return result; 2287 } 2288 } 2289 } 2290 return result; 2291 } 2292 2293 TPM_RC Parse_TPMU_HA(std::string* buffer, 2294 TPMI_ALG_HASH selector, 2295 TPMU_HA* value, 2296 std::string* value_bytes) { 2297 TPM_RC result = TPM_RC_SUCCESS; 2298 VLOG(3) << __func__; 2299 2300 if (selector == TPM_ALG_SHA384) { 2301 if (arraysize(value->sha384) < SHA384_DIGEST_SIZE) { 2302 return TPM_RC_INSUFFICIENT; 2303 } 2304 for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) { 2305 result = Parse_BYTE(buffer, &value->sha384[i], value_bytes); 2306 if (result) { 2307 return result; 2308 } 2309 } 2310 } 2311 2312 if (selector == TPM_ALG_SHA1) { 2313 if (arraysize(value->sha1) < SHA1_DIGEST_SIZE) { 2314 return TPM_RC_INSUFFICIENT; 2315 } 2316 for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) { 2317 result = Parse_BYTE(buffer, &value->sha1[i], value_bytes); 2318 if (result) { 2319 return result; 2320 } 2321 } 2322 } 2323 2324 if (selector == TPM_ALG_SM3_256) { 2325 if (arraysize(value->sm3_256) < SM3_256_DIGEST_SIZE) { 2326 return TPM_RC_INSUFFICIENT; 2327 } 2328 for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) { 2329 result = Parse_BYTE(buffer, &value->sm3_256[i], value_bytes); 2330 if (result) { 2331 return result; 2332 } 2333 } 2334 } 2335 2336 if (selector == TPM_ALG_NULL) { 2337 // Do nothing. 2338 } 2339 2340 if (selector == TPM_ALG_SHA256) { 2341 if (arraysize(value->sha256) < SHA256_DIGEST_SIZE) { 2342 return TPM_RC_INSUFFICIENT; 2343 } 2344 for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) { 2345 result = Parse_BYTE(buffer, &value->sha256[i], value_bytes); 2346 if (result) { 2347 return result; 2348 } 2349 } 2350 } 2351 2352 if (selector == TPM_ALG_SHA512) { 2353 if (arraysize(value->sha512) < SHA512_DIGEST_SIZE) { 2354 return TPM_RC_INSUFFICIENT; 2355 } 2356 for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) { 2357 result = Parse_BYTE(buffer, &value->sha512[i], value_bytes); 2358 if (result) { 2359 return result; 2360 } 2361 } 2362 } 2363 return result; 2364 } 2365 2366 TPM_RC Serialize_TPMT_HA(const TPMT_HA& value, std::string* buffer) { 2367 TPM_RC result = TPM_RC_SUCCESS; 2368 VLOG(3) << __func__; 2369 2370 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 2371 if (result) { 2372 return result; 2373 } 2374 2375 result = Serialize_TPMU_HA(value.digest, value.hash_alg, buffer); 2376 if (result) { 2377 return result; 2378 } 2379 return result; 2380 } 2381 2382 TPM_RC Parse_TPMT_HA(std::string* buffer, 2383 TPMT_HA* value, 2384 std::string* value_bytes) { 2385 TPM_RC result = TPM_RC_SUCCESS; 2386 VLOG(3) << __func__; 2387 2388 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 2389 if (result) { 2390 return result; 2391 } 2392 2393 result = Parse_TPMU_HA(buffer, value->hash_alg, &value->digest, value_bytes); 2394 if (result) { 2395 return result; 2396 } 2397 return result; 2398 } 2399 2400 TPM_RC Serialize_TPM2B_DATA(const TPM2B_DATA& value, std::string* buffer) { 2401 TPM_RC result = TPM_RC_SUCCESS; 2402 VLOG(3) << __func__; 2403 2404 result = Serialize_UINT16(value.size, buffer); 2405 if (result) { 2406 return result; 2407 } 2408 2409 if (arraysize(value.buffer) < value.size) { 2410 return TPM_RC_INSUFFICIENT; 2411 } 2412 for (uint32_t i = 0; i < value.size; ++i) { 2413 result = Serialize_BYTE(value.buffer[i], buffer); 2414 if (result) { 2415 return result; 2416 } 2417 } 2418 return result; 2419 } 2420 2421 TPM_RC Parse_TPM2B_DATA(std::string* buffer, 2422 TPM2B_DATA* value, 2423 std::string* value_bytes) { 2424 TPM_RC result = TPM_RC_SUCCESS; 2425 VLOG(3) << __func__; 2426 2427 result = Parse_UINT16(buffer, &value->size, value_bytes); 2428 if (result) { 2429 return result; 2430 } 2431 2432 if (arraysize(value->buffer) < value->size) { 2433 return TPM_RC_INSUFFICIENT; 2434 } 2435 for (uint32_t i = 0; i < value->size; ++i) { 2436 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2437 if (result) { 2438 return result; 2439 } 2440 } 2441 return result; 2442 } 2443 2444 TPM2B_DATA Make_TPM2B_DATA(const std::string& bytes) { 2445 TPM2B_DATA tpm2b; 2446 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2447 memset(&tpm2b, 0, sizeof(TPM2B_DATA)); 2448 tpm2b.size = bytes.size(); 2449 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2450 return tpm2b; 2451 } 2452 2453 std::string StringFrom_TPM2B_DATA(const TPM2B_DATA& tpm2b) { 2454 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2455 return std::string(char_buffer, tpm2b.size); 2456 } 2457 2458 TPM_RC Serialize_TPM2B_EVENT(const TPM2B_EVENT& value, std::string* buffer) { 2459 TPM_RC result = TPM_RC_SUCCESS; 2460 VLOG(3) << __func__; 2461 2462 result = Serialize_UINT16(value.size, buffer); 2463 if (result) { 2464 return result; 2465 } 2466 2467 if (arraysize(value.buffer) < value.size) { 2468 return TPM_RC_INSUFFICIENT; 2469 } 2470 for (uint32_t i = 0; i < value.size; ++i) { 2471 result = Serialize_BYTE(value.buffer[i], buffer); 2472 if (result) { 2473 return result; 2474 } 2475 } 2476 return result; 2477 } 2478 2479 TPM_RC Parse_TPM2B_EVENT(std::string* buffer, 2480 TPM2B_EVENT* value, 2481 std::string* value_bytes) { 2482 TPM_RC result = TPM_RC_SUCCESS; 2483 VLOG(3) << __func__; 2484 2485 result = Parse_UINT16(buffer, &value->size, value_bytes); 2486 if (result) { 2487 return result; 2488 } 2489 2490 if (arraysize(value->buffer) < value->size) { 2491 return TPM_RC_INSUFFICIENT; 2492 } 2493 for (uint32_t i = 0; i < value->size; ++i) { 2494 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2495 if (result) { 2496 return result; 2497 } 2498 } 2499 return result; 2500 } 2501 2502 TPM2B_EVENT Make_TPM2B_EVENT(const std::string& bytes) { 2503 TPM2B_EVENT tpm2b; 2504 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2505 memset(&tpm2b, 0, sizeof(TPM2B_EVENT)); 2506 tpm2b.size = bytes.size(); 2507 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2508 return tpm2b; 2509 } 2510 2511 std::string StringFrom_TPM2B_EVENT(const TPM2B_EVENT& tpm2b) { 2512 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2513 return std::string(char_buffer, tpm2b.size); 2514 } 2515 2516 TPM_RC Serialize_TPM2B_MAX_BUFFER(const TPM2B_MAX_BUFFER& value, 2517 std::string* buffer) { 2518 TPM_RC result = TPM_RC_SUCCESS; 2519 VLOG(3) << __func__; 2520 2521 result = Serialize_UINT16(value.size, buffer); 2522 if (result) { 2523 return result; 2524 } 2525 2526 if (arraysize(value.buffer) < value.size) { 2527 return TPM_RC_INSUFFICIENT; 2528 } 2529 for (uint32_t i = 0; i < value.size; ++i) { 2530 result = Serialize_BYTE(value.buffer[i], buffer); 2531 if (result) { 2532 return result; 2533 } 2534 } 2535 return result; 2536 } 2537 2538 TPM_RC Parse_TPM2B_MAX_BUFFER(std::string* buffer, 2539 TPM2B_MAX_BUFFER* value, 2540 std::string* value_bytes) { 2541 TPM_RC result = TPM_RC_SUCCESS; 2542 VLOG(3) << __func__; 2543 2544 result = Parse_UINT16(buffer, &value->size, value_bytes); 2545 if (result) { 2546 return result; 2547 } 2548 2549 if (arraysize(value->buffer) < value->size) { 2550 return TPM_RC_INSUFFICIENT; 2551 } 2552 for (uint32_t i = 0; i < value->size; ++i) { 2553 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2554 if (result) { 2555 return result; 2556 } 2557 } 2558 return result; 2559 } 2560 2561 TPM2B_MAX_BUFFER Make_TPM2B_MAX_BUFFER(const std::string& bytes) { 2562 TPM2B_MAX_BUFFER tpm2b; 2563 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2564 memset(&tpm2b, 0, sizeof(TPM2B_MAX_BUFFER)); 2565 tpm2b.size = bytes.size(); 2566 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2567 return tpm2b; 2568 } 2569 2570 std::string StringFrom_TPM2B_MAX_BUFFER(const TPM2B_MAX_BUFFER& tpm2b) { 2571 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2572 return std::string(char_buffer, tpm2b.size); 2573 } 2574 2575 TPM_RC Serialize_TPM2B_MAX_NV_BUFFER(const TPM2B_MAX_NV_BUFFER& value, 2576 std::string* buffer) { 2577 TPM_RC result = TPM_RC_SUCCESS; 2578 VLOG(3) << __func__; 2579 2580 result = Serialize_UINT16(value.size, buffer); 2581 if (result) { 2582 return result; 2583 } 2584 2585 if (arraysize(value.buffer) < value.size) { 2586 return TPM_RC_INSUFFICIENT; 2587 } 2588 for (uint32_t i = 0; i < value.size; ++i) { 2589 result = Serialize_BYTE(value.buffer[i], buffer); 2590 if (result) { 2591 return result; 2592 } 2593 } 2594 return result; 2595 } 2596 2597 TPM_RC Parse_TPM2B_MAX_NV_BUFFER(std::string* buffer, 2598 TPM2B_MAX_NV_BUFFER* value, 2599 std::string* value_bytes) { 2600 TPM_RC result = TPM_RC_SUCCESS; 2601 VLOG(3) << __func__; 2602 2603 result = Parse_UINT16(buffer, &value->size, value_bytes); 2604 if (result) { 2605 return result; 2606 } 2607 2608 if (arraysize(value->buffer) < value->size) { 2609 return TPM_RC_INSUFFICIENT; 2610 } 2611 for (uint32_t i = 0; i < value->size; ++i) { 2612 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2613 if (result) { 2614 return result; 2615 } 2616 } 2617 return result; 2618 } 2619 2620 TPM2B_MAX_NV_BUFFER Make_TPM2B_MAX_NV_BUFFER(const std::string& bytes) { 2621 TPM2B_MAX_NV_BUFFER tpm2b; 2622 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2623 memset(&tpm2b, 0, sizeof(TPM2B_MAX_NV_BUFFER)); 2624 tpm2b.size = bytes.size(); 2625 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2626 return tpm2b; 2627 } 2628 2629 std::string StringFrom_TPM2B_MAX_NV_BUFFER(const TPM2B_MAX_NV_BUFFER& tpm2b) { 2630 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2631 return std::string(char_buffer, tpm2b.size); 2632 } 2633 2634 TPM_RC Serialize_TPM2B_TIMEOUT(const TPM2B_TIMEOUT& value, 2635 std::string* buffer) { 2636 TPM_RC result = TPM_RC_SUCCESS; 2637 VLOG(3) << __func__; 2638 2639 result = Serialize_UINT16(value.size, buffer); 2640 if (result) { 2641 return result; 2642 } 2643 2644 if (arraysize(value.buffer) < value.size) { 2645 return TPM_RC_INSUFFICIENT; 2646 } 2647 for (uint32_t i = 0; i < value.size; ++i) { 2648 result = Serialize_BYTE(value.buffer[i], buffer); 2649 if (result) { 2650 return result; 2651 } 2652 } 2653 return result; 2654 } 2655 2656 TPM_RC Parse_TPM2B_TIMEOUT(std::string* buffer, 2657 TPM2B_TIMEOUT* value, 2658 std::string* value_bytes) { 2659 TPM_RC result = TPM_RC_SUCCESS; 2660 VLOG(3) << __func__; 2661 2662 result = Parse_UINT16(buffer, &value->size, value_bytes); 2663 if (result) { 2664 return result; 2665 } 2666 2667 if (arraysize(value->buffer) < value->size) { 2668 return TPM_RC_INSUFFICIENT; 2669 } 2670 for (uint32_t i = 0; i < value->size; ++i) { 2671 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2672 if (result) { 2673 return result; 2674 } 2675 } 2676 return result; 2677 } 2678 2679 TPM2B_TIMEOUT Make_TPM2B_TIMEOUT(const std::string& bytes) { 2680 TPM2B_TIMEOUT tpm2b; 2681 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2682 memset(&tpm2b, 0, sizeof(TPM2B_TIMEOUT)); 2683 tpm2b.size = bytes.size(); 2684 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2685 return tpm2b; 2686 } 2687 2688 std::string StringFrom_TPM2B_TIMEOUT(const TPM2B_TIMEOUT& tpm2b) { 2689 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2690 return std::string(char_buffer, tpm2b.size); 2691 } 2692 2693 TPM_RC Serialize_TPM2B_IV(const TPM2B_IV& value, std::string* buffer) { 2694 TPM_RC result = TPM_RC_SUCCESS; 2695 VLOG(3) << __func__; 2696 2697 result = Serialize_UINT16(value.size, buffer); 2698 if (result) { 2699 return result; 2700 } 2701 2702 if (arraysize(value.buffer) < value.size) { 2703 return TPM_RC_INSUFFICIENT; 2704 } 2705 for (uint32_t i = 0; i < value.size; ++i) { 2706 result = Serialize_BYTE(value.buffer[i], buffer); 2707 if (result) { 2708 return result; 2709 } 2710 } 2711 return result; 2712 } 2713 2714 TPM_RC Parse_TPM2B_IV(std::string* buffer, 2715 TPM2B_IV* value, 2716 std::string* value_bytes) { 2717 TPM_RC result = TPM_RC_SUCCESS; 2718 VLOG(3) << __func__; 2719 2720 result = Parse_UINT16(buffer, &value->size, value_bytes); 2721 if (result) { 2722 return result; 2723 } 2724 2725 if (arraysize(value->buffer) < value->size) { 2726 return TPM_RC_INSUFFICIENT; 2727 } 2728 for (uint32_t i = 0; i < value->size; ++i) { 2729 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 2730 if (result) { 2731 return result; 2732 } 2733 } 2734 return result; 2735 } 2736 2737 TPM2B_IV Make_TPM2B_IV(const std::string& bytes) { 2738 TPM2B_IV tpm2b; 2739 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2740 memset(&tpm2b, 0, sizeof(TPM2B_IV)); 2741 tpm2b.size = bytes.size(); 2742 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2743 return tpm2b; 2744 } 2745 2746 std::string StringFrom_TPM2B_IV(const TPM2B_IV& tpm2b) { 2747 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 2748 return std::string(char_buffer, tpm2b.size); 2749 } 2750 2751 TPM_RC Serialize_TPM2B_NAME(const TPM2B_NAME& value, std::string* buffer) { 2752 TPM_RC result = TPM_RC_SUCCESS; 2753 VLOG(3) << __func__; 2754 2755 result = Serialize_UINT16(value.size, buffer); 2756 if (result) { 2757 return result; 2758 } 2759 2760 if (arraysize(value.name) < value.size) { 2761 return TPM_RC_INSUFFICIENT; 2762 } 2763 for (uint32_t i = 0; i < value.size; ++i) { 2764 result = Serialize_BYTE(value.name[i], buffer); 2765 if (result) { 2766 return result; 2767 } 2768 } 2769 return result; 2770 } 2771 2772 TPM_RC Parse_TPM2B_NAME(std::string* buffer, 2773 TPM2B_NAME* value, 2774 std::string* value_bytes) { 2775 TPM_RC result = TPM_RC_SUCCESS; 2776 VLOG(3) << __func__; 2777 2778 result = Parse_UINT16(buffer, &value->size, value_bytes); 2779 if (result) { 2780 return result; 2781 } 2782 2783 if (arraysize(value->name) < value->size) { 2784 return TPM_RC_INSUFFICIENT; 2785 } 2786 for (uint32_t i = 0; i < value->size; ++i) { 2787 result = Parse_BYTE(buffer, &value->name[i], value_bytes); 2788 if (result) { 2789 return result; 2790 } 2791 } 2792 return result; 2793 } 2794 2795 TPM2B_NAME Make_TPM2B_NAME(const std::string& bytes) { 2796 TPM2B_NAME tpm2b; 2797 CHECK(bytes.size() <= sizeof(tpm2b.name)); 2798 memset(&tpm2b, 0, sizeof(TPM2B_NAME)); 2799 tpm2b.size = bytes.size(); 2800 memcpy(tpm2b.name, bytes.data(), bytes.size()); 2801 return tpm2b; 2802 } 2803 2804 std::string StringFrom_TPM2B_NAME(const TPM2B_NAME& tpm2b) { 2805 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.name); 2806 return std::string(char_buffer, tpm2b.size); 2807 } 2808 2809 TPM_RC Serialize_TPMS_PCR_SELECT(const TPMS_PCR_SELECT& value, 2810 std::string* buffer) { 2811 TPM_RC result = TPM_RC_SUCCESS; 2812 VLOG(3) << __func__; 2813 2814 result = Serialize_UINT8(value.sizeof_select, buffer); 2815 if (result) { 2816 return result; 2817 } 2818 2819 if (arraysize(value.pcr_select) < value.sizeof_select) { 2820 return TPM_RC_INSUFFICIENT; 2821 } 2822 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 2823 result = Serialize_BYTE(value.pcr_select[i], buffer); 2824 if (result) { 2825 return result; 2826 } 2827 } 2828 return result; 2829 } 2830 2831 TPM_RC Parse_TPMS_PCR_SELECT(std::string* buffer, 2832 TPMS_PCR_SELECT* value, 2833 std::string* value_bytes) { 2834 TPM_RC result = TPM_RC_SUCCESS; 2835 VLOG(3) << __func__; 2836 2837 result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes); 2838 if (result) { 2839 return result; 2840 } 2841 2842 if (arraysize(value->pcr_select) < value->sizeof_select) { 2843 return TPM_RC_INSUFFICIENT; 2844 } 2845 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 2846 result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes); 2847 if (result) { 2848 return result; 2849 } 2850 } 2851 return result; 2852 } 2853 2854 TPM_RC Serialize_TPMS_PCR_SELECTION(const TPMS_PCR_SELECTION& value, 2855 std::string* buffer) { 2856 TPM_RC result = TPM_RC_SUCCESS; 2857 VLOG(3) << __func__; 2858 2859 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 2860 if (result) { 2861 return result; 2862 } 2863 2864 result = Serialize_UINT8(value.sizeof_select, buffer); 2865 if (result) { 2866 return result; 2867 } 2868 2869 if (arraysize(value.pcr_select) < value.sizeof_select) { 2870 return TPM_RC_INSUFFICIENT; 2871 } 2872 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 2873 result = Serialize_BYTE(value.pcr_select[i], buffer); 2874 if (result) { 2875 return result; 2876 } 2877 } 2878 return result; 2879 } 2880 2881 TPM_RC Parse_TPMS_PCR_SELECTION(std::string* buffer, 2882 TPMS_PCR_SELECTION* value, 2883 std::string* value_bytes) { 2884 TPM_RC result = TPM_RC_SUCCESS; 2885 VLOG(3) << __func__; 2886 2887 result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes); 2888 if (result) { 2889 return result; 2890 } 2891 2892 result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes); 2893 if (result) { 2894 return result; 2895 } 2896 2897 if (arraysize(value->pcr_select) < value->sizeof_select) { 2898 return TPM_RC_INSUFFICIENT; 2899 } 2900 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 2901 result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes); 2902 if (result) { 2903 return result; 2904 } 2905 } 2906 return result; 2907 } 2908 2909 TPM_RC Serialize_TPMT_TK_CREATION(const TPMT_TK_CREATION& value, 2910 std::string* buffer) { 2911 TPM_RC result = TPM_RC_SUCCESS; 2912 VLOG(3) << __func__; 2913 2914 result = Serialize_TPM_ST(value.tag, buffer); 2915 if (result) { 2916 return result; 2917 } 2918 2919 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 2920 if (result) { 2921 return result; 2922 } 2923 2924 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 2925 if (result) { 2926 return result; 2927 } 2928 return result; 2929 } 2930 2931 TPM_RC Parse_TPMT_TK_CREATION(std::string* buffer, 2932 TPMT_TK_CREATION* value, 2933 std::string* value_bytes) { 2934 TPM_RC result = TPM_RC_SUCCESS; 2935 VLOG(3) << __func__; 2936 2937 result = Parse_TPM_ST(buffer, &value->tag, value_bytes); 2938 if (result) { 2939 return result; 2940 } 2941 2942 result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes); 2943 if (result) { 2944 return result; 2945 } 2946 2947 result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes); 2948 if (result) { 2949 return result; 2950 } 2951 return result; 2952 } 2953 2954 TPM_RC Serialize_TPMT_TK_VERIFIED(const TPMT_TK_VERIFIED& value, 2955 std::string* buffer) { 2956 TPM_RC result = TPM_RC_SUCCESS; 2957 VLOG(3) << __func__; 2958 2959 result = Serialize_TPM_ST(value.tag, buffer); 2960 if (result) { 2961 return result; 2962 } 2963 2964 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 2965 if (result) { 2966 return result; 2967 } 2968 2969 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 2970 if (result) { 2971 return result; 2972 } 2973 return result; 2974 } 2975 2976 TPM_RC Parse_TPMT_TK_VERIFIED(std::string* buffer, 2977 TPMT_TK_VERIFIED* value, 2978 std::string* value_bytes) { 2979 TPM_RC result = TPM_RC_SUCCESS; 2980 VLOG(3) << __func__; 2981 2982 result = Parse_TPM_ST(buffer, &value->tag, value_bytes); 2983 if (result) { 2984 return result; 2985 } 2986 2987 result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes); 2988 if (result) { 2989 return result; 2990 } 2991 2992 result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes); 2993 if (result) { 2994 return result; 2995 } 2996 return result; 2997 } 2998 2999 TPM_RC Serialize_TPMT_TK_AUTH(const TPMT_TK_AUTH& value, std::string* buffer) { 3000 TPM_RC result = TPM_RC_SUCCESS; 3001 VLOG(3) << __func__; 3002 3003 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3004 if (result) { 3005 return result; 3006 } 3007 3008 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3009 if (result) { 3010 return result; 3011 } 3012 return result; 3013 } 3014 3015 TPM_RC Parse_TPMT_TK_AUTH(std::string* buffer, 3016 TPMT_TK_AUTH* value, 3017 std::string* value_bytes) { 3018 TPM_RC result = TPM_RC_SUCCESS; 3019 VLOG(3) << __func__; 3020 3021 result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes); 3022 if (result) { 3023 return result; 3024 } 3025 3026 result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes); 3027 if (result) { 3028 return result; 3029 } 3030 return result; 3031 } 3032 3033 TPM_RC Serialize_TPMT_TK_HASHCHECK(const TPMT_TK_HASHCHECK& value, 3034 std::string* buffer) { 3035 TPM_RC result = TPM_RC_SUCCESS; 3036 VLOG(3) << __func__; 3037 3038 result = Serialize_TPM_ST(value.tag, buffer); 3039 if (result) { 3040 return result; 3041 } 3042 3043 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3044 if (result) { 3045 return result; 3046 } 3047 3048 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3049 if (result) { 3050 return result; 3051 } 3052 return result; 3053 } 3054 3055 TPM_RC Parse_TPMT_TK_HASHCHECK(std::string* buffer, 3056 TPMT_TK_HASHCHECK* value, 3057 std::string* value_bytes) { 3058 TPM_RC result = TPM_RC_SUCCESS; 3059 VLOG(3) << __func__; 3060 3061 result = Parse_TPM_ST(buffer, &value->tag, value_bytes); 3062 if (result) { 3063 return result; 3064 } 3065 3066 result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes); 3067 if (result) { 3068 return result; 3069 } 3070 3071 result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes); 3072 if (result) { 3073 return result; 3074 } 3075 return result; 3076 } 3077 3078 TPM_RC Serialize_TPMS_ALG_PROPERTY(const TPMS_ALG_PROPERTY& value, 3079 std::string* buffer) { 3080 TPM_RC result = TPM_RC_SUCCESS; 3081 VLOG(3) << __func__; 3082 3083 result = Serialize_TPM_ALG_ID(value.alg, buffer); 3084 if (result) { 3085 return result; 3086 } 3087 3088 result = Serialize_TPMA_ALGORITHM(value.alg_properties, buffer); 3089 if (result) { 3090 return result; 3091 } 3092 return result; 3093 } 3094 3095 TPM_RC Parse_TPMS_ALG_PROPERTY(std::string* buffer, 3096 TPMS_ALG_PROPERTY* value, 3097 std::string* value_bytes) { 3098 TPM_RC result = TPM_RC_SUCCESS; 3099 VLOG(3) << __func__; 3100 3101 result = Parse_TPM_ALG_ID(buffer, &value->alg, value_bytes); 3102 if (result) { 3103 return result; 3104 } 3105 3106 result = Parse_TPMA_ALGORITHM(buffer, &value->alg_properties, value_bytes); 3107 if (result) { 3108 return result; 3109 } 3110 return result; 3111 } 3112 3113 TPM_RC Serialize_TPMS_TAGGED_PROPERTY(const TPMS_TAGGED_PROPERTY& value, 3114 std::string* buffer) { 3115 TPM_RC result = TPM_RC_SUCCESS; 3116 VLOG(3) << __func__; 3117 3118 result = Serialize_TPM_PT(value.property, buffer); 3119 if (result) { 3120 return result; 3121 } 3122 3123 result = Serialize_UINT32(value.value, buffer); 3124 if (result) { 3125 return result; 3126 } 3127 return result; 3128 } 3129 3130 TPM_RC Parse_TPMS_TAGGED_PROPERTY(std::string* buffer, 3131 TPMS_TAGGED_PROPERTY* value, 3132 std::string* value_bytes) { 3133 TPM_RC result = TPM_RC_SUCCESS; 3134 VLOG(3) << __func__; 3135 3136 result = Parse_TPM_PT(buffer, &value->property, value_bytes); 3137 if (result) { 3138 return result; 3139 } 3140 3141 result = Parse_UINT32(buffer, &value->value, value_bytes); 3142 if (result) { 3143 return result; 3144 } 3145 return result; 3146 } 3147 3148 TPM_RC Serialize_TPMS_TAGGED_PCR_SELECT(const TPMS_TAGGED_PCR_SELECT& value, 3149 std::string* buffer) { 3150 TPM_RC result = TPM_RC_SUCCESS; 3151 VLOG(3) << __func__; 3152 3153 result = Serialize_TPM_PT(value.tag, buffer); 3154 if (result) { 3155 return result; 3156 } 3157 3158 result = Serialize_UINT8(value.sizeof_select, buffer); 3159 if (result) { 3160 return result; 3161 } 3162 3163 if (arraysize(value.pcr_select) < value.sizeof_select) { 3164 return TPM_RC_INSUFFICIENT; 3165 } 3166 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 3167 result = Serialize_BYTE(value.pcr_select[i], buffer); 3168 if (result) { 3169 return result; 3170 } 3171 } 3172 return result; 3173 } 3174 3175 TPM_RC Parse_TPMS_TAGGED_PCR_SELECT(std::string* buffer, 3176 TPMS_TAGGED_PCR_SELECT* value, 3177 std::string* value_bytes) { 3178 TPM_RC result = TPM_RC_SUCCESS; 3179 VLOG(3) << __func__; 3180 3181 result = Parse_TPM_PT(buffer, &value->tag, value_bytes); 3182 if (result) { 3183 return result; 3184 } 3185 3186 result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes); 3187 if (result) { 3188 return result; 3189 } 3190 3191 if (arraysize(value->pcr_select) < value->sizeof_select) { 3192 return TPM_RC_INSUFFICIENT; 3193 } 3194 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 3195 result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes); 3196 if (result) { 3197 return result; 3198 } 3199 } 3200 return result; 3201 } 3202 3203 TPM_RC Serialize_TPML_CC(const TPML_CC& value, std::string* buffer) { 3204 TPM_RC result = TPM_RC_SUCCESS; 3205 VLOG(3) << __func__; 3206 3207 result = Serialize_UINT32(value.count, buffer); 3208 if (result) { 3209 return result; 3210 } 3211 3212 if (arraysize(value.command_codes) < value.count) { 3213 return TPM_RC_INSUFFICIENT; 3214 } 3215 for (uint32_t i = 0; i < value.count; ++i) { 3216 result = Serialize_TPM_CC(value.command_codes[i], buffer); 3217 if (result) { 3218 return result; 3219 } 3220 } 3221 return result; 3222 } 3223 3224 TPM_RC Parse_TPML_CC(std::string* buffer, 3225 TPML_CC* value, 3226 std::string* value_bytes) { 3227 TPM_RC result = TPM_RC_SUCCESS; 3228 VLOG(3) << __func__; 3229 3230 result = Parse_UINT32(buffer, &value->count, value_bytes); 3231 if (result) { 3232 return result; 3233 } 3234 3235 if (arraysize(value->command_codes) < value->count) { 3236 return TPM_RC_INSUFFICIENT; 3237 } 3238 for (uint32_t i = 0; i < value->count; ++i) { 3239 result = Parse_TPM_CC(buffer, &value->command_codes[i], value_bytes); 3240 if (result) { 3241 return result; 3242 } 3243 } 3244 return result; 3245 } 3246 3247 TPM_RC Serialize_TPML_CCA(const TPML_CCA& value, std::string* buffer) { 3248 TPM_RC result = TPM_RC_SUCCESS; 3249 VLOG(3) << __func__; 3250 3251 result = Serialize_UINT32(value.count, buffer); 3252 if (result) { 3253 return result; 3254 } 3255 3256 if (arraysize(value.command_attributes) < value.count) { 3257 return TPM_RC_INSUFFICIENT; 3258 } 3259 for (uint32_t i = 0; i < value.count; ++i) { 3260 result = Serialize_TPMA_CC(value.command_attributes[i], buffer); 3261 if (result) { 3262 return result; 3263 } 3264 } 3265 return result; 3266 } 3267 3268 TPM_RC Parse_TPML_CCA(std::string* buffer, 3269 TPML_CCA* value, 3270 std::string* value_bytes) { 3271 TPM_RC result = TPM_RC_SUCCESS; 3272 VLOG(3) << __func__; 3273 3274 result = Parse_UINT32(buffer, &value->count, value_bytes); 3275 if (result) { 3276 return result; 3277 } 3278 3279 if (arraysize(value->command_attributes) < value->count) { 3280 return TPM_RC_INSUFFICIENT; 3281 } 3282 for (uint32_t i = 0; i < value->count; ++i) { 3283 result = Parse_TPMA_CC(buffer, &value->command_attributes[i], value_bytes); 3284 if (result) { 3285 return result; 3286 } 3287 } 3288 return result; 3289 } 3290 3291 TPM_RC Serialize_TPML_ALG(const TPML_ALG& value, std::string* buffer) { 3292 TPM_RC result = TPM_RC_SUCCESS; 3293 VLOG(3) << __func__; 3294 3295 result = Serialize_UINT32(value.count, buffer); 3296 if (result) { 3297 return result; 3298 } 3299 3300 if (arraysize(value.algorithms) < value.count) { 3301 return TPM_RC_INSUFFICIENT; 3302 } 3303 for (uint32_t i = 0; i < value.count; ++i) { 3304 result = Serialize_TPM_ALG_ID(value.algorithms[i], buffer); 3305 if (result) { 3306 return result; 3307 } 3308 } 3309 return result; 3310 } 3311 3312 TPM_RC Parse_TPML_ALG(std::string* buffer, 3313 TPML_ALG* value, 3314 std::string* value_bytes) { 3315 TPM_RC result = TPM_RC_SUCCESS; 3316 VLOG(3) << __func__; 3317 3318 result = Parse_UINT32(buffer, &value->count, value_bytes); 3319 if (result) { 3320 return result; 3321 } 3322 3323 if (arraysize(value->algorithms) < value->count) { 3324 return TPM_RC_INSUFFICIENT; 3325 } 3326 for (uint32_t i = 0; i < value->count; ++i) { 3327 result = Parse_TPM_ALG_ID(buffer, &value->algorithms[i], value_bytes); 3328 if (result) { 3329 return result; 3330 } 3331 } 3332 return result; 3333 } 3334 3335 TPM_RC Serialize_TPML_HANDLE(const TPML_HANDLE& value, std::string* buffer) { 3336 TPM_RC result = TPM_RC_SUCCESS; 3337 VLOG(3) << __func__; 3338 3339 result = Serialize_UINT32(value.count, buffer); 3340 if (result) { 3341 return result; 3342 } 3343 3344 if (arraysize(value.handle) < value.count) { 3345 return TPM_RC_INSUFFICIENT; 3346 } 3347 for (uint32_t i = 0; i < value.count; ++i) { 3348 result = Serialize_TPM_HANDLE(value.handle[i], buffer); 3349 if (result) { 3350 return result; 3351 } 3352 } 3353 return result; 3354 } 3355 3356 TPM_RC Parse_TPML_HANDLE(std::string* buffer, 3357 TPML_HANDLE* value, 3358 std::string* value_bytes) { 3359 TPM_RC result = TPM_RC_SUCCESS; 3360 VLOG(3) << __func__; 3361 3362 result = Parse_UINT32(buffer, &value->count, value_bytes); 3363 if (result) { 3364 return result; 3365 } 3366 3367 if (arraysize(value->handle) < value->count) { 3368 return TPM_RC_INSUFFICIENT; 3369 } 3370 for (uint32_t i = 0; i < value->count; ++i) { 3371 result = Parse_TPM_HANDLE(buffer, &value->handle[i], value_bytes); 3372 if (result) { 3373 return result; 3374 } 3375 } 3376 return result; 3377 } 3378 3379 TPM_RC Serialize_TPML_DIGEST(const TPML_DIGEST& value, std::string* buffer) { 3380 TPM_RC result = TPM_RC_SUCCESS; 3381 VLOG(3) << __func__; 3382 3383 result = Serialize_UINT32(value.count, buffer); 3384 if (result) { 3385 return result; 3386 } 3387 3388 if (arraysize(value.digests) < value.count) { 3389 return TPM_RC_INSUFFICIENT; 3390 } 3391 for (uint32_t i = 0; i < value.count; ++i) { 3392 result = Serialize_TPM2B_DIGEST(value.digests[i], buffer); 3393 if (result) { 3394 return result; 3395 } 3396 } 3397 return result; 3398 } 3399 3400 TPM_RC Parse_TPML_DIGEST(std::string* buffer, 3401 TPML_DIGEST* value, 3402 std::string* value_bytes) { 3403 TPM_RC result = TPM_RC_SUCCESS; 3404 VLOG(3) << __func__; 3405 3406 result = Parse_UINT32(buffer, &value->count, value_bytes); 3407 if (result) { 3408 return result; 3409 } 3410 3411 if (arraysize(value->digests) < value->count) { 3412 return TPM_RC_INSUFFICIENT; 3413 } 3414 for (uint32_t i = 0; i < value->count; ++i) { 3415 result = Parse_TPM2B_DIGEST(buffer, &value->digests[i], value_bytes); 3416 if (result) { 3417 return result; 3418 } 3419 } 3420 return result; 3421 } 3422 3423 TPM_RC Serialize_TPML_DIGEST_VALUES(const TPML_DIGEST_VALUES& value, 3424 std::string* buffer) { 3425 TPM_RC result = TPM_RC_SUCCESS; 3426 VLOG(3) << __func__; 3427 3428 result = Serialize_UINT32(value.count, buffer); 3429 if (result) { 3430 return result; 3431 } 3432 3433 if (arraysize(value.digests) < value.count) { 3434 return TPM_RC_INSUFFICIENT; 3435 } 3436 for (uint32_t i = 0; i < value.count; ++i) { 3437 result = Serialize_TPMT_HA(value.digests[i], buffer); 3438 if (result) { 3439 return result; 3440 } 3441 } 3442 return result; 3443 } 3444 3445 TPM_RC Parse_TPML_DIGEST_VALUES(std::string* buffer, 3446 TPML_DIGEST_VALUES* value, 3447 std::string* value_bytes) { 3448 TPM_RC result = TPM_RC_SUCCESS; 3449 VLOG(3) << __func__; 3450 3451 result = Parse_UINT32(buffer, &value->count, value_bytes); 3452 if (result) { 3453 return result; 3454 } 3455 3456 if (arraysize(value->digests) < value->count) { 3457 return TPM_RC_INSUFFICIENT; 3458 } 3459 for (uint32_t i = 0; i < value->count; ++i) { 3460 result = Parse_TPMT_HA(buffer, &value->digests[i], value_bytes); 3461 if (result) { 3462 return result; 3463 } 3464 } 3465 return result; 3466 } 3467 3468 TPM_RC Serialize_TPM2B_DIGEST_VALUES(const TPM2B_DIGEST_VALUES& value, 3469 std::string* buffer) { 3470 TPM_RC result = TPM_RC_SUCCESS; 3471 VLOG(3) << __func__; 3472 3473 result = Serialize_UINT16(value.size, buffer); 3474 if (result) { 3475 return result; 3476 } 3477 3478 if (arraysize(value.buffer) < value.size) { 3479 return TPM_RC_INSUFFICIENT; 3480 } 3481 for (uint32_t i = 0; i < value.size; ++i) { 3482 result = Serialize_BYTE(value.buffer[i], buffer); 3483 if (result) { 3484 return result; 3485 } 3486 } 3487 return result; 3488 } 3489 3490 TPM_RC Parse_TPM2B_DIGEST_VALUES(std::string* buffer, 3491 TPM2B_DIGEST_VALUES* value, 3492 std::string* value_bytes) { 3493 TPM_RC result = TPM_RC_SUCCESS; 3494 VLOG(3) << __func__; 3495 3496 result = Parse_UINT16(buffer, &value->size, value_bytes); 3497 if (result) { 3498 return result; 3499 } 3500 3501 if (arraysize(value->buffer) < value->size) { 3502 return TPM_RC_INSUFFICIENT; 3503 } 3504 for (uint32_t i = 0; i < value->size; ++i) { 3505 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 3506 if (result) { 3507 return result; 3508 } 3509 } 3510 return result; 3511 } 3512 3513 TPM2B_DIGEST_VALUES Make_TPM2B_DIGEST_VALUES(const std::string& bytes) { 3514 TPM2B_DIGEST_VALUES tpm2b; 3515 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 3516 memset(&tpm2b, 0, sizeof(TPM2B_DIGEST_VALUES)); 3517 tpm2b.size = bytes.size(); 3518 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 3519 return tpm2b; 3520 } 3521 3522 std::string StringFrom_TPM2B_DIGEST_VALUES(const TPM2B_DIGEST_VALUES& tpm2b) { 3523 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 3524 return std::string(char_buffer, tpm2b.size); 3525 } 3526 3527 TPM_RC Serialize_TPML_PCR_SELECTION(const TPML_PCR_SELECTION& value, 3528 std::string* buffer) { 3529 TPM_RC result = TPM_RC_SUCCESS; 3530 VLOG(3) << __func__; 3531 3532 result = Serialize_UINT32(value.count, buffer); 3533 if (result) { 3534 return result; 3535 } 3536 3537 if (arraysize(value.pcr_selections) < value.count) { 3538 return TPM_RC_INSUFFICIENT; 3539 } 3540 for (uint32_t i = 0; i < value.count; ++i) { 3541 result = Serialize_TPMS_PCR_SELECTION(value.pcr_selections[i], buffer); 3542 if (result) { 3543 return result; 3544 } 3545 } 3546 return result; 3547 } 3548 3549 TPM_RC Parse_TPML_PCR_SELECTION(std::string* buffer, 3550 TPML_PCR_SELECTION* value, 3551 std::string* value_bytes) { 3552 TPM_RC result = TPM_RC_SUCCESS; 3553 VLOG(3) << __func__; 3554 3555 result = Parse_UINT32(buffer, &value->count, value_bytes); 3556 if (result) { 3557 return result; 3558 } 3559 3560 if (arraysize(value->pcr_selections) < value->count) { 3561 return TPM_RC_INSUFFICIENT; 3562 } 3563 for (uint32_t i = 0; i < value->count; ++i) { 3564 result = Parse_TPMS_PCR_SELECTION(buffer, &value->pcr_selections[i], 3565 value_bytes); 3566 if (result) { 3567 return result; 3568 } 3569 } 3570 return result; 3571 } 3572 3573 TPM_RC Serialize_TPML_ALG_PROPERTY(const TPML_ALG_PROPERTY& value, 3574 std::string* buffer) { 3575 TPM_RC result = TPM_RC_SUCCESS; 3576 VLOG(3) << __func__; 3577 3578 result = Serialize_UINT32(value.count, buffer); 3579 if (result) { 3580 return result; 3581 } 3582 3583 if (arraysize(value.alg_properties) < value.count) { 3584 return TPM_RC_INSUFFICIENT; 3585 } 3586 for (uint32_t i = 0; i < value.count; ++i) { 3587 result = Serialize_TPMS_ALG_PROPERTY(value.alg_properties[i], buffer); 3588 if (result) { 3589 return result; 3590 } 3591 } 3592 return result; 3593 } 3594 3595 TPM_RC Parse_TPML_ALG_PROPERTY(std::string* buffer, 3596 TPML_ALG_PROPERTY* value, 3597 std::string* value_bytes) { 3598 TPM_RC result = TPM_RC_SUCCESS; 3599 VLOG(3) << __func__; 3600 3601 result = Parse_UINT32(buffer, &value->count, value_bytes); 3602 if (result) { 3603 return result; 3604 } 3605 3606 if (arraysize(value->alg_properties) < value->count) { 3607 return TPM_RC_INSUFFICIENT; 3608 } 3609 for (uint32_t i = 0; i < value->count; ++i) { 3610 result = 3611 Parse_TPMS_ALG_PROPERTY(buffer, &value->alg_properties[i], value_bytes); 3612 if (result) { 3613 return result; 3614 } 3615 } 3616 return result; 3617 } 3618 3619 TPM_RC Serialize_TPML_TAGGED_TPM_PROPERTY(const TPML_TAGGED_TPM_PROPERTY& value, 3620 std::string* buffer) { 3621 TPM_RC result = TPM_RC_SUCCESS; 3622 VLOG(3) << __func__; 3623 3624 result = Serialize_UINT32(value.count, buffer); 3625 if (result) { 3626 return result; 3627 } 3628 3629 if (arraysize(value.tpm_property) < value.count) { 3630 return TPM_RC_INSUFFICIENT; 3631 } 3632 for (uint32_t i = 0; i < value.count; ++i) { 3633 result = Serialize_TPMS_TAGGED_PROPERTY(value.tpm_property[i], buffer); 3634 if (result) { 3635 return result; 3636 } 3637 } 3638 return result; 3639 } 3640 3641 TPM_RC Parse_TPML_TAGGED_TPM_PROPERTY(std::string* buffer, 3642 TPML_TAGGED_TPM_PROPERTY* value, 3643 std::string* value_bytes) { 3644 TPM_RC result = TPM_RC_SUCCESS; 3645 VLOG(3) << __func__; 3646 3647 result = Parse_UINT32(buffer, &value->count, value_bytes); 3648 if (result) { 3649 return result; 3650 } 3651 3652 if (arraysize(value->tpm_property) < value->count) { 3653 return TPM_RC_INSUFFICIENT; 3654 } 3655 for (uint32_t i = 0; i < value->count; ++i) { 3656 result = Parse_TPMS_TAGGED_PROPERTY(buffer, &value->tpm_property[i], 3657 value_bytes); 3658 if (result) { 3659 return result; 3660 } 3661 } 3662 return result; 3663 } 3664 3665 TPM_RC Serialize_TPML_TAGGED_PCR_PROPERTY(const TPML_TAGGED_PCR_PROPERTY& value, 3666 std::string* buffer) { 3667 TPM_RC result = TPM_RC_SUCCESS; 3668 VLOG(3) << __func__; 3669 3670 result = Serialize_UINT32(value.count, buffer); 3671 if (result) { 3672 return result; 3673 } 3674 3675 if (arraysize(value.pcr_property) < value.count) { 3676 return TPM_RC_INSUFFICIENT; 3677 } 3678 for (uint32_t i = 0; i < value.count; ++i) { 3679 result = Serialize_TPMS_TAGGED_PCR_SELECT(value.pcr_property[i], buffer); 3680 if (result) { 3681 return result; 3682 } 3683 } 3684 return result; 3685 } 3686 3687 TPM_RC Parse_TPML_TAGGED_PCR_PROPERTY(std::string* buffer, 3688 TPML_TAGGED_PCR_PROPERTY* value, 3689 std::string* value_bytes) { 3690 TPM_RC result = TPM_RC_SUCCESS; 3691 VLOG(3) << __func__; 3692 3693 result = Parse_UINT32(buffer, &value->count, value_bytes); 3694 if (result) { 3695 return result; 3696 } 3697 3698 if (arraysize(value->pcr_property) < value->count) { 3699 return TPM_RC_INSUFFICIENT; 3700 } 3701 for (uint32_t i = 0; i < value->count; ++i) { 3702 result = Parse_TPMS_TAGGED_PCR_SELECT(buffer, &value->pcr_property[i], 3703 value_bytes); 3704 if (result) { 3705 return result; 3706 } 3707 } 3708 return result; 3709 } 3710 3711 TPM_RC Serialize_TPML_ECC_CURVE(const TPML_ECC_CURVE& value, 3712 std::string* buffer) { 3713 TPM_RC result = TPM_RC_SUCCESS; 3714 VLOG(3) << __func__; 3715 3716 result = Serialize_UINT32(value.count, buffer); 3717 if (result) { 3718 return result; 3719 } 3720 3721 if (arraysize(value.ecc_curves) < value.count) { 3722 return TPM_RC_INSUFFICIENT; 3723 } 3724 for (uint32_t i = 0; i < value.count; ++i) { 3725 result = Serialize_TPM_ECC_CURVE(value.ecc_curves[i], buffer); 3726 if (result) { 3727 return result; 3728 } 3729 } 3730 return result; 3731 } 3732 3733 TPM_RC Parse_TPML_ECC_CURVE(std::string* buffer, 3734 TPML_ECC_CURVE* value, 3735 std::string* value_bytes) { 3736 TPM_RC result = TPM_RC_SUCCESS; 3737 VLOG(3) << __func__; 3738 3739 result = Parse_UINT32(buffer, &value->count, value_bytes); 3740 if (result) { 3741 return result; 3742 } 3743 3744 if (arraysize(value->ecc_curves) < value->count) { 3745 return TPM_RC_INSUFFICIENT; 3746 } 3747 for (uint32_t i = 0; i < value->count; ++i) { 3748 result = Parse_TPM_ECC_CURVE(buffer, &value->ecc_curves[i], value_bytes); 3749 if (result) { 3750 return result; 3751 } 3752 } 3753 return result; 3754 } 3755 3756 TPM_RC Serialize_TPMU_CAPABILITIES(const TPMU_CAPABILITIES& value, 3757 TPM_CAP selector, 3758 std::string* buffer) { 3759 TPM_RC result = TPM_RC_SUCCESS; 3760 VLOG(3) << __func__; 3761 3762 if (selector == TPM_CAP_PCRS) { 3763 result = Serialize_TPML_PCR_SELECTION(value.assigned_pcr, buffer); 3764 if (result) { 3765 return result; 3766 } 3767 } 3768 3769 if (selector == TPM_CAP_TPM_PROPERTIES) { 3770 result = Serialize_TPML_TAGGED_TPM_PROPERTY(value.tpm_properties, buffer); 3771 if (result) { 3772 return result; 3773 } 3774 } 3775 3776 if (selector == TPM_CAP_PP_COMMANDS) { 3777 result = Serialize_TPML_CC(value.pp_commands, buffer); 3778 if (result) { 3779 return result; 3780 } 3781 } 3782 3783 if (selector == TPM_CAP_AUDIT_COMMANDS) { 3784 result = Serialize_TPML_CC(value.audit_commands, buffer); 3785 if (result) { 3786 return result; 3787 } 3788 } 3789 3790 if (selector == TPM_CAP_COMMANDS) { 3791 result = Serialize_TPML_CCA(value.command, buffer); 3792 if (result) { 3793 return result; 3794 } 3795 } 3796 3797 if (selector == TPM_CAP_ECC_CURVES) { 3798 result = Serialize_TPML_ECC_CURVE(value.ecc_curves, buffer); 3799 if (result) { 3800 return result; 3801 } 3802 } 3803 3804 if (selector == TPM_CAP_PCR_PROPERTIES) { 3805 result = Serialize_TPML_TAGGED_PCR_PROPERTY(value.pcr_properties, buffer); 3806 if (result) { 3807 return result; 3808 } 3809 } 3810 3811 if (selector == TPM_CAP_HANDLES) { 3812 result = Serialize_TPML_HANDLE(value.handles, buffer); 3813 if (result) { 3814 return result; 3815 } 3816 } 3817 3818 if (selector == TPM_CAP_ALGS) { 3819 result = Serialize_TPML_ALG_PROPERTY(value.algorithms, buffer); 3820 if (result) { 3821 return result; 3822 } 3823 } 3824 return result; 3825 } 3826 3827 TPM_RC Parse_TPMU_CAPABILITIES(std::string* buffer, 3828 TPM_CAP selector, 3829 TPMU_CAPABILITIES* value, 3830 std::string* value_bytes) { 3831 TPM_RC result = TPM_RC_SUCCESS; 3832 VLOG(3) << __func__; 3833 3834 if (selector == TPM_CAP_PCRS) { 3835 result = 3836 Parse_TPML_PCR_SELECTION(buffer, &value->assigned_pcr, value_bytes); 3837 if (result) { 3838 return result; 3839 } 3840 } 3841 3842 if (selector == TPM_CAP_TPM_PROPERTIES) { 3843 result = Parse_TPML_TAGGED_TPM_PROPERTY(buffer, &value->tpm_properties, 3844 value_bytes); 3845 if (result) { 3846 return result; 3847 } 3848 } 3849 3850 if (selector == TPM_CAP_PP_COMMANDS) { 3851 result = Parse_TPML_CC(buffer, &value->pp_commands, value_bytes); 3852 if (result) { 3853 return result; 3854 } 3855 } 3856 3857 if (selector == TPM_CAP_AUDIT_COMMANDS) { 3858 result = Parse_TPML_CC(buffer, &value->audit_commands, value_bytes); 3859 if (result) { 3860 return result; 3861 } 3862 } 3863 3864 if (selector == TPM_CAP_COMMANDS) { 3865 result = Parse_TPML_CCA(buffer, &value->command, value_bytes); 3866 if (result) { 3867 return result; 3868 } 3869 } 3870 3871 if (selector == TPM_CAP_ECC_CURVES) { 3872 result = Parse_TPML_ECC_CURVE(buffer, &value->ecc_curves, value_bytes); 3873 if (result) { 3874 return result; 3875 } 3876 } 3877 3878 if (selector == TPM_CAP_PCR_PROPERTIES) { 3879 result = Parse_TPML_TAGGED_PCR_PROPERTY(buffer, &value->pcr_properties, 3880 value_bytes); 3881 if (result) { 3882 return result; 3883 } 3884 } 3885 3886 if (selector == TPM_CAP_HANDLES) { 3887 result = Parse_TPML_HANDLE(buffer, &value->handles, value_bytes); 3888 if (result) { 3889 return result; 3890 } 3891 } 3892 3893 if (selector == TPM_CAP_ALGS) { 3894 result = Parse_TPML_ALG_PROPERTY(buffer, &value->algorithms, value_bytes); 3895 if (result) { 3896 return result; 3897 } 3898 } 3899 return result; 3900 } 3901 3902 TPM_RC Serialize_TPMS_CAPABILITY_DATA(const TPMS_CAPABILITY_DATA& value, 3903 std::string* buffer) { 3904 TPM_RC result = TPM_RC_SUCCESS; 3905 VLOG(3) << __func__; 3906 3907 result = Serialize_TPM_CAP(value.capability, buffer); 3908 if (result) { 3909 return result; 3910 } 3911 3912 result = Serialize_TPMU_CAPABILITIES(value.data, value.capability, buffer); 3913 if (result) { 3914 return result; 3915 } 3916 return result; 3917 } 3918 3919 TPM_RC Parse_TPMS_CAPABILITY_DATA(std::string* buffer, 3920 TPMS_CAPABILITY_DATA* value, 3921 std::string* value_bytes) { 3922 TPM_RC result = TPM_RC_SUCCESS; 3923 VLOG(3) << __func__; 3924 3925 result = Parse_TPM_CAP(buffer, &value->capability, value_bytes); 3926 if (result) { 3927 return result; 3928 } 3929 3930 result = Parse_TPMU_CAPABILITIES(buffer, value->capability, &value->data, 3931 value_bytes); 3932 if (result) { 3933 return result; 3934 } 3935 return result; 3936 } 3937 3938 TPM_RC Serialize_TPMS_CLOCK_INFO(const TPMS_CLOCK_INFO& value, 3939 std::string* buffer) { 3940 TPM_RC result = TPM_RC_SUCCESS; 3941 VLOG(3) << __func__; 3942 3943 result = Serialize_UINT64(value.clock, buffer); 3944 if (result) { 3945 return result; 3946 } 3947 3948 result = Serialize_UINT32(value.reset_count, buffer); 3949 if (result) { 3950 return result; 3951 } 3952 3953 result = Serialize_UINT32(value.restart_count, buffer); 3954 if (result) { 3955 return result; 3956 } 3957 3958 result = Serialize_TPMI_YES_NO(value.safe, buffer); 3959 if (result) { 3960 return result; 3961 } 3962 return result; 3963 } 3964 3965 TPM_RC Parse_TPMS_CLOCK_INFO(std::string* buffer, 3966 TPMS_CLOCK_INFO* value, 3967 std::string* value_bytes) { 3968 TPM_RC result = TPM_RC_SUCCESS; 3969 VLOG(3) << __func__; 3970 3971 result = Parse_UINT64(buffer, &value->clock, value_bytes); 3972 if (result) { 3973 return result; 3974 } 3975 3976 result = Parse_UINT32(buffer, &value->reset_count, value_bytes); 3977 if (result) { 3978 return result; 3979 } 3980 3981 result = Parse_UINT32(buffer, &value->restart_count, value_bytes); 3982 if (result) { 3983 return result; 3984 } 3985 3986 result = Parse_TPMI_YES_NO(buffer, &value->safe, value_bytes); 3987 if (result) { 3988 return result; 3989 } 3990 return result; 3991 } 3992 3993 TPM_RC Serialize_TPMS_TIME_INFO(const TPMS_TIME_INFO& value, 3994 std::string* buffer) { 3995 TPM_RC result = TPM_RC_SUCCESS; 3996 VLOG(3) << __func__; 3997 3998 result = Serialize_UINT64(value.time, buffer); 3999 if (result) { 4000 return result; 4001 } 4002 4003 result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer); 4004 if (result) { 4005 return result; 4006 } 4007 return result; 4008 } 4009 4010 TPM_RC Parse_TPMS_TIME_INFO(std::string* buffer, 4011 TPMS_TIME_INFO* value, 4012 std::string* value_bytes) { 4013 TPM_RC result = TPM_RC_SUCCESS; 4014 VLOG(3) << __func__; 4015 4016 result = Parse_UINT64(buffer, &value->time, value_bytes); 4017 if (result) { 4018 return result; 4019 } 4020 4021 result = Parse_TPMS_CLOCK_INFO(buffer, &value->clock_info, value_bytes); 4022 if (result) { 4023 return result; 4024 } 4025 return result; 4026 } 4027 4028 TPM_RC Serialize_TPMS_TIME_ATTEST_INFO(const TPMS_TIME_ATTEST_INFO& value, 4029 std::string* buffer) { 4030 TPM_RC result = TPM_RC_SUCCESS; 4031 VLOG(3) << __func__; 4032 4033 result = Serialize_TPMS_TIME_INFO(value.time, buffer); 4034 if (result) { 4035 return result; 4036 } 4037 4038 result = Serialize_UINT64(value.firmware_version, buffer); 4039 if (result) { 4040 return result; 4041 } 4042 return result; 4043 } 4044 4045 TPM_RC Parse_TPMS_TIME_ATTEST_INFO(std::string* buffer, 4046 TPMS_TIME_ATTEST_INFO* value, 4047 std::string* value_bytes) { 4048 TPM_RC result = TPM_RC_SUCCESS; 4049 VLOG(3) << __func__; 4050 4051 result = Parse_TPMS_TIME_INFO(buffer, &value->time, value_bytes); 4052 if (result) { 4053 return result; 4054 } 4055 4056 result = Parse_UINT64(buffer, &value->firmware_version, value_bytes); 4057 if (result) { 4058 return result; 4059 } 4060 return result; 4061 } 4062 4063 TPM_RC Serialize_TPMS_CERTIFY_INFO(const TPMS_CERTIFY_INFO& value, 4064 std::string* buffer) { 4065 TPM_RC result = TPM_RC_SUCCESS; 4066 VLOG(3) << __func__; 4067 4068 result = Serialize_TPM2B_NAME(value.name, buffer); 4069 if (result) { 4070 return result; 4071 } 4072 4073 result = Serialize_TPM2B_NAME(value.qualified_name, buffer); 4074 if (result) { 4075 return result; 4076 } 4077 return result; 4078 } 4079 4080 TPM_RC Parse_TPMS_CERTIFY_INFO(std::string* buffer, 4081 TPMS_CERTIFY_INFO* value, 4082 std::string* value_bytes) { 4083 TPM_RC result = TPM_RC_SUCCESS; 4084 VLOG(3) << __func__; 4085 4086 result = Parse_TPM2B_NAME(buffer, &value->name, value_bytes); 4087 if (result) { 4088 return result; 4089 } 4090 4091 result = Parse_TPM2B_NAME(buffer, &value->qualified_name, value_bytes); 4092 if (result) { 4093 return result; 4094 } 4095 return result; 4096 } 4097 4098 TPM_RC Serialize_TPMS_QUOTE_INFO(const TPMS_QUOTE_INFO& value, 4099 std::string* buffer) { 4100 TPM_RC result = TPM_RC_SUCCESS; 4101 VLOG(3) << __func__; 4102 4103 result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer); 4104 if (result) { 4105 return result; 4106 } 4107 4108 result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer); 4109 if (result) { 4110 return result; 4111 } 4112 return result; 4113 } 4114 4115 TPM_RC Parse_TPMS_QUOTE_INFO(std::string* buffer, 4116 TPMS_QUOTE_INFO* value, 4117 std::string* value_bytes) { 4118 TPM_RC result = TPM_RC_SUCCESS; 4119 VLOG(3) << __func__; 4120 4121 result = Parse_TPML_PCR_SELECTION(buffer, &value->pcr_select, value_bytes); 4122 if (result) { 4123 return result; 4124 } 4125 4126 result = Parse_TPM2B_DIGEST(buffer, &value->pcr_digest, value_bytes); 4127 if (result) { 4128 return result; 4129 } 4130 return result; 4131 } 4132 4133 TPM_RC Serialize_TPMS_COMMAND_AUDIT_INFO(const TPMS_COMMAND_AUDIT_INFO& value, 4134 std::string* buffer) { 4135 TPM_RC result = TPM_RC_SUCCESS; 4136 VLOG(3) << __func__; 4137 4138 result = Serialize_UINT64(value.audit_counter, buffer); 4139 if (result) { 4140 return result; 4141 } 4142 4143 result = Serialize_TPM_ALG_ID(value.digest_alg, buffer); 4144 if (result) { 4145 return result; 4146 } 4147 4148 result = Serialize_TPM2B_DIGEST(value.audit_digest, buffer); 4149 if (result) { 4150 return result; 4151 } 4152 4153 result = Serialize_TPM2B_DIGEST(value.command_digest, buffer); 4154 if (result) { 4155 return result; 4156 } 4157 return result; 4158 } 4159 4160 TPM_RC Parse_TPMS_COMMAND_AUDIT_INFO(std::string* buffer, 4161 TPMS_COMMAND_AUDIT_INFO* value, 4162 std::string* value_bytes) { 4163 TPM_RC result = TPM_RC_SUCCESS; 4164 VLOG(3) << __func__; 4165 4166 result = Parse_UINT64(buffer, &value->audit_counter, value_bytes); 4167 if (result) { 4168 return result; 4169 } 4170 4171 result = Parse_TPM_ALG_ID(buffer, &value->digest_alg, value_bytes); 4172 if (result) { 4173 return result; 4174 } 4175 4176 result = Parse_TPM2B_DIGEST(buffer, &value->audit_digest, value_bytes); 4177 if (result) { 4178 return result; 4179 } 4180 4181 result = Parse_TPM2B_DIGEST(buffer, &value->command_digest, value_bytes); 4182 if (result) { 4183 return result; 4184 } 4185 return result; 4186 } 4187 4188 TPM_RC Serialize_TPMS_SESSION_AUDIT_INFO(const TPMS_SESSION_AUDIT_INFO& value, 4189 std::string* buffer) { 4190 TPM_RC result = TPM_RC_SUCCESS; 4191 VLOG(3) << __func__; 4192 4193 result = Serialize_TPMI_YES_NO(value.exclusive_session, buffer); 4194 if (result) { 4195 return result; 4196 } 4197 4198 result = Serialize_TPM2B_DIGEST(value.session_digest, buffer); 4199 if (result) { 4200 return result; 4201 } 4202 return result; 4203 } 4204 4205 TPM_RC Parse_TPMS_SESSION_AUDIT_INFO(std::string* buffer, 4206 TPMS_SESSION_AUDIT_INFO* value, 4207 std::string* value_bytes) { 4208 TPM_RC result = TPM_RC_SUCCESS; 4209 VLOG(3) << __func__; 4210 4211 result = Parse_TPMI_YES_NO(buffer, &value->exclusive_session, value_bytes); 4212 if (result) { 4213 return result; 4214 } 4215 4216 result = Parse_TPM2B_DIGEST(buffer, &value->session_digest, value_bytes); 4217 if (result) { 4218 return result; 4219 } 4220 return result; 4221 } 4222 4223 TPM_RC Serialize_TPMS_CREATION_INFO(const TPMS_CREATION_INFO& value, 4224 std::string* buffer) { 4225 TPM_RC result = TPM_RC_SUCCESS; 4226 VLOG(3) << __func__; 4227 4228 result = Serialize_TPM2B_NAME(value.object_name, buffer); 4229 if (result) { 4230 return result; 4231 } 4232 4233 result = Serialize_TPM2B_DIGEST(value.creation_hash, buffer); 4234 if (result) { 4235 return result; 4236 } 4237 return result; 4238 } 4239 4240 TPM_RC Parse_TPMS_CREATION_INFO(std::string* buffer, 4241 TPMS_CREATION_INFO* value, 4242 std::string* value_bytes) { 4243 TPM_RC result = TPM_RC_SUCCESS; 4244 VLOG(3) << __func__; 4245 4246 result = Parse_TPM2B_NAME(buffer, &value->object_name, value_bytes); 4247 if (result) { 4248 return result; 4249 } 4250 4251 result = Parse_TPM2B_DIGEST(buffer, &value->creation_hash, value_bytes); 4252 if (result) { 4253 return result; 4254 } 4255 return result; 4256 } 4257 4258 TPM_RC Serialize_TPMS_NV_CERTIFY_INFO(const TPMS_NV_CERTIFY_INFO& value, 4259 std::string* buffer) { 4260 TPM_RC result = TPM_RC_SUCCESS; 4261 VLOG(3) << __func__; 4262 4263 result = Serialize_TPM2B_NAME(value.index_name, buffer); 4264 if (result) { 4265 return result; 4266 } 4267 4268 result = Serialize_UINT16(value.offset, buffer); 4269 if (result) { 4270 return result; 4271 } 4272 4273 result = Serialize_TPM2B_MAX_NV_BUFFER(value.nv_contents, buffer); 4274 if (result) { 4275 return result; 4276 } 4277 return result; 4278 } 4279 4280 TPM_RC Parse_TPMS_NV_CERTIFY_INFO(std::string* buffer, 4281 TPMS_NV_CERTIFY_INFO* value, 4282 std::string* value_bytes) { 4283 TPM_RC result = TPM_RC_SUCCESS; 4284 VLOG(3) << __func__; 4285 4286 result = Parse_TPM2B_NAME(buffer, &value->index_name, value_bytes); 4287 if (result) { 4288 return result; 4289 } 4290 4291 result = Parse_UINT16(buffer, &value->offset, value_bytes); 4292 if (result) { 4293 return result; 4294 } 4295 4296 result = Parse_TPM2B_MAX_NV_BUFFER(buffer, &value->nv_contents, value_bytes); 4297 if (result) { 4298 return result; 4299 } 4300 return result; 4301 } 4302 4303 TPM_RC Serialize_TPMU_ATTEST(const TPMU_ATTEST& value, 4304 TPMI_ST_ATTEST selector, 4305 std::string* buffer) { 4306 TPM_RC result = TPM_RC_SUCCESS; 4307 VLOG(3) << __func__; 4308 4309 if (selector == TPM_ST_ATTEST_SESSION_AUDIT) { 4310 result = Serialize_TPMS_SESSION_AUDIT_INFO(value.session_audit, buffer); 4311 if (result) { 4312 return result; 4313 } 4314 } 4315 4316 if (selector == TPM_ST_ATTEST_QUOTE) { 4317 result = Serialize_TPMS_QUOTE_INFO(value.quote, buffer); 4318 if (result) { 4319 return result; 4320 } 4321 } 4322 4323 if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) { 4324 result = Serialize_TPMS_COMMAND_AUDIT_INFO(value.command_audit, buffer); 4325 if (result) { 4326 return result; 4327 } 4328 } 4329 4330 if (selector == TPM_ST_ATTEST_CERTIFY) { 4331 result = Serialize_TPMS_CERTIFY_INFO(value.certify, buffer); 4332 if (result) { 4333 return result; 4334 } 4335 } 4336 4337 if (selector == TPM_ST_ATTEST_NV) { 4338 result = Serialize_TPMS_NV_CERTIFY_INFO(value.nv, buffer); 4339 if (result) { 4340 return result; 4341 } 4342 } 4343 4344 if (selector == TPM_ST_ATTEST_TIME) { 4345 result = Serialize_TPMS_TIME_ATTEST_INFO(value.time, buffer); 4346 if (result) { 4347 return result; 4348 } 4349 } 4350 4351 if (selector == TPM_ST_ATTEST_CREATION) { 4352 result = Serialize_TPMS_CREATION_INFO(value.creation, buffer); 4353 if (result) { 4354 return result; 4355 } 4356 } 4357 return result; 4358 } 4359 4360 TPM_RC Parse_TPMU_ATTEST(std::string* buffer, 4361 TPMI_ST_ATTEST selector, 4362 TPMU_ATTEST* value, 4363 std::string* value_bytes) { 4364 TPM_RC result = TPM_RC_SUCCESS; 4365 VLOG(3) << __func__; 4366 4367 if (selector == TPM_ST_ATTEST_SESSION_AUDIT) { 4368 result = Parse_TPMS_SESSION_AUDIT_INFO(buffer, &value->session_audit, 4369 value_bytes); 4370 if (result) { 4371 return result; 4372 } 4373 } 4374 4375 if (selector == TPM_ST_ATTEST_QUOTE) { 4376 result = Parse_TPMS_QUOTE_INFO(buffer, &value->quote, value_bytes); 4377 if (result) { 4378 return result; 4379 } 4380 } 4381 4382 if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) { 4383 result = Parse_TPMS_COMMAND_AUDIT_INFO(buffer, &value->command_audit, 4384 value_bytes); 4385 if (result) { 4386 return result; 4387 } 4388 } 4389 4390 if (selector == TPM_ST_ATTEST_CERTIFY) { 4391 result = Parse_TPMS_CERTIFY_INFO(buffer, &value->certify, value_bytes); 4392 if (result) { 4393 return result; 4394 } 4395 } 4396 4397 if (selector == TPM_ST_ATTEST_NV) { 4398 result = Parse_TPMS_NV_CERTIFY_INFO(buffer, &value->nv, value_bytes); 4399 if (result) { 4400 return result; 4401 } 4402 } 4403 4404 if (selector == TPM_ST_ATTEST_TIME) { 4405 result = Parse_TPMS_TIME_ATTEST_INFO(buffer, &value->time, value_bytes); 4406 if (result) { 4407 return result; 4408 } 4409 } 4410 4411 if (selector == TPM_ST_ATTEST_CREATION) { 4412 result = Parse_TPMS_CREATION_INFO(buffer, &value->creation, value_bytes); 4413 if (result) { 4414 return result; 4415 } 4416 } 4417 return result; 4418 } 4419 4420 TPM_RC Serialize_TPMS_ATTEST(const TPMS_ATTEST& value, std::string* buffer) { 4421 TPM_RC result = TPM_RC_SUCCESS; 4422 VLOG(3) << __func__; 4423 4424 result = Serialize_TPM_GENERATED(value.magic, buffer); 4425 if (result) { 4426 return result; 4427 } 4428 4429 result = Serialize_TPMI_ST_ATTEST(value.type, buffer); 4430 if (result) { 4431 return result; 4432 } 4433 4434 result = Serialize_TPM2B_NAME(value.qualified_signer, buffer); 4435 if (result) { 4436 return result; 4437 } 4438 4439 result = Serialize_TPM2B_DATA(value.extra_data, buffer); 4440 if (result) { 4441 return result; 4442 } 4443 4444 result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer); 4445 if (result) { 4446 return result; 4447 } 4448 4449 result = Serialize_UINT64(value.firmware_version, buffer); 4450 if (result) { 4451 return result; 4452 } 4453 4454 result = Serialize_TPMU_ATTEST(value.attested, value.type, buffer); 4455 if (result) { 4456 return result; 4457 } 4458 return result; 4459 } 4460 4461 TPM_RC Parse_TPMS_ATTEST(std::string* buffer, 4462 TPMS_ATTEST* value, 4463 std::string* value_bytes) { 4464 TPM_RC result = TPM_RC_SUCCESS; 4465 VLOG(3) << __func__; 4466 4467 result = Parse_TPM_GENERATED(buffer, &value->magic, value_bytes); 4468 if (result) { 4469 return result; 4470 } 4471 4472 result = Parse_TPMI_ST_ATTEST(buffer, &value->type, value_bytes); 4473 if (result) { 4474 return result; 4475 } 4476 4477 result = Parse_TPM2B_NAME(buffer, &value->qualified_signer, value_bytes); 4478 if (result) { 4479 return result; 4480 } 4481 4482 result = Parse_TPM2B_DATA(buffer, &value->extra_data, value_bytes); 4483 if (result) { 4484 return result; 4485 } 4486 4487 result = Parse_TPMS_CLOCK_INFO(buffer, &value->clock_info, value_bytes); 4488 if (result) { 4489 return result; 4490 } 4491 4492 result = Parse_UINT64(buffer, &value->firmware_version, value_bytes); 4493 if (result) { 4494 return result; 4495 } 4496 4497 result = 4498 Parse_TPMU_ATTEST(buffer, value->type, &value->attested, value_bytes); 4499 if (result) { 4500 return result; 4501 } 4502 return result; 4503 } 4504 4505 TPM_RC Serialize_TPM2B_ATTEST(const TPM2B_ATTEST& value, std::string* buffer) { 4506 TPM_RC result = TPM_RC_SUCCESS; 4507 VLOG(3) << __func__; 4508 4509 result = Serialize_UINT16(value.size, buffer); 4510 if (result) { 4511 return result; 4512 } 4513 4514 if (arraysize(value.attestation_data) < value.size) { 4515 return TPM_RC_INSUFFICIENT; 4516 } 4517 for (uint32_t i = 0; i < value.size; ++i) { 4518 result = Serialize_BYTE(value.attestation_data[i], buffer); 4519 if (result) { 4520 return result; 4521 } 4522 } 4523 return result; 4524 } 4525 4526 TPM_RC Parse_TPM2B_ATTEST(std::string* buffer, 4527 TPM2B_ATTEST* value, 4528 std::string* value_bytes) { 4529 TPM_RC result = TPM_RC_SUCCESS; 4530 VLOG(3) << __func__; 4531 4532 result = Parse_UINT16(buffer, &value->size, value_bytes); 4533 if (result) { 4534 return result; 4535 } 4536 4537 if (arraysize(value->attestation_data) < value->size) { 4538 return TPM_RC_INSUFFICIENT; 4539 } 4540 for (uint32_t i = 0; i < value->size; ++i) { 4541 result = Parse_BYTE(buffer, &value->attestation_data[i], value_bytes); 4542 if (result) { 4543 return result; 4544 } 4545 } 4546 return result; 4547 } 4548 4549 TPM2B_ATTEST Make_TPM2B_ATTEST(const std::string& bytes) { 4550 TPM2B_ATTEST tpm2b; 4551 CHECK(bytes.size() <= sizeof(tpm2b.attestation_data)); 4552 memset(&tpm2b, 0, sizeof(TPM2B_ATTEST)); 4553 tpm2b.size = bytes.size(); 4554 memcpy(tpm2b.attestation_data, bytes.data(), bytes.size()); 4555 return tpm2b; 4556 } 4557 4558 std::string StringFrom_TPM2B_ATTEST(const TPM2B_ATTEST& tpm2b) { 4559 const char* char_buffer = 4560 reinterpret_cast<const char*>(tpm2b.attestation_data); 4561 return std::string(char_buffer, tpm2b.size); 4562 } 4563 4564 TPM_RC Serialize_TPMS_AUTH_COMMAND(const TPMS_AUTH_COMMAND& value, 4565 std::string* buffer) { 4566 TPM_RC result = TPM_RC_SUCCESS; 4567 VLOG(3) << __func__; 4568 4569 result = Serialize_TPMI_SH_AUTH_SESSION(value.session_handle, buffer); 4570 if (result) { 4571 return result; 4572 } 4573 4574 result = Serialize_TPM2B_NONCE(value.nonce, buffer); 4575 if (result) { 4576 return result; 4577 } 4578 4579 result = Serialize_TPMA_SESSION(value.session_attributes, buffer); 4580 if (result) { 4581 return result; 4582 } 4583 4584 result = Serialize_TPM2B_AUTH(value.hmac, buffer); 4585 if (result) { 4586 return result; 4587 } 4588 return result; 4589 } 4590 4591 TPM_RC Parse_TPMS_AUTH_COMMAND(std::string* buffer, 4592 TPMS_AUTH_COMMAND* value, 4593 std::string* value_bytes) { 4594 TPM_RC result = TPM_RC_SUCCESS; 4595 VLOG(3) << __func__; 4596 4597 result = 4598 Parse_TPMI_SH_AUTH_SESSION(buffer, &value->session_handle, value_bytes); 4599 if (result) { 4600 return result; 4601 } 4602 4603 result = Parse_TPM2B_NONCE(buffer, &value->nonce, value_bytes); 4604 if (result) { 4605 return result; 4606 } 4607 4608 result = Parse_TPMA_SESSION(buffer, &value->session_attributes, value_bytes); 4609 if (result) { 4610 return result; 4611 } 4612 4613 result = Parse_TPM2B_AUTH(buffer, &value->hmac, value_bytes); 4614 if (result) { 4615 return result; 4616 } 4617 return result; 4618 } 4619 4620 TPM_RC Serialize_TPMS_AUTH_RESPONSE(const TPMS_AUTH_RESPONSE& value, 4621 std::string* buffer) { 4622 TPM_RC result = TPM_RC_SUCCESS; 4623 VLOG(3) << __func__; 4624 4625 result = Serialize_TPM2B_NONCE(value.nonce, buffer); 4626 if (result) { 4627 return result; 4628 } 4629 4630 result = Serialize_TPMA_SESSION(value.session_attributes, buffer); 4631 if (result) { 4632 return result; 4633 } 4634 4635 result = Serialize_TPM2B_AUTH(value.hmac, buffer); 4636 if (result) { 4637 return result; 4638 } 4639 return result; 4640 } 4641 4642 TPM_RC Parse_TPMS_AUTH_RESPONSE(std::string* buffer, 4643 TPMS_AUTH_RESPONSE* value, 4644 std::string* value_bytes) { 4645 TPM_RC result = TPM_RC_SUCCESS; 4646 VLOG(3) << __func__; 4647 4648 result = Parse_TPM2B_NONCE(buffer, &value->nonce, value_bytes); 4649 if (result) { 4650 return result; 4651 } 4652 4653 result = Parse_TPMA_SESSION(buffer, &value->session_attributes, value_bytes); 4654 if (result) { 4655 return result; 4656 } 4657 4658 result = Parse_TPM2B_AUTH(buffer, &value->hmac, value_bytes); 4659 if (result) { 4660 return result; 4661 } 4662 return result; 4663 } 4664 4665 TPM_RC Serialize_TPMU_SYM_KEY_BITS(const TPMU_SYM_KEY_BITS& value, 4666 TPMI_ALG_SYM selector, 4667 std::string* buffer) { 4668 TPM_RC result = TPM_RC_SUCCESS; 4669 VLOG(3) << __func__; 4670 4671 if (selector == TPM_ALG_NULL) { 4672 // Do nothing. 4673 } 4674 4675 if (selector == TPM_ALG_SM4) { 4676 result = Serialize_TPMI_SM4_KEY_BITS(value.sm4, buffer); 4677 if (result) { 4678 return result; 4679 } 4680 } 4681 4682 if (selector == TPM_ALG_AES) { 4683 result = Serialize_TPMI_AES_KEY_BITS(value.aes, buffer); 4684 if (result) { 4685 return result; 4686 } 4687 } 4688 4689 if (selector == TPM_ALG_XOR) { 4690 result = Serialize_TPMI_ALG_HASH(value.xor_, buffer); 4691 if (result) { 4692 return result; 4693 } 4694 } 4695 return result; 4696 } 4697 4698 TPM_RC Parse_TPMU_SYM_KEY_BITS(std::string* buffer, 4699 TPMI_ALG_SYM selector, 4700 TPMU_SYM_KEY_BITS* value, 4701 std::string* value_bytes) { 4702 TPM_RC result = TPM_RC_SUCCESS; 4703 VLOG(3) << __func__; 4704 4705 if (selector == TPM_ALG_NULL) { 4706 // Do nothing. 4707 } 4708 4709 if (selector == TPM_ALG_SM4) { 4710 result = Parse_TPMI_SM4_KEY_BITS(buffer, &value->sm4, value_bytes); 4711 if (result) { 4712 return result; 4713 } 4714 } 4715 4716 if (selector == TPM_ALG_AES) { 4717 result = Parse_TPMI_AES_KEY_BITS(buffer, &value->aes, value_bytes); 4718 if (result) { 4719 return result; 4720 } 4721 } 4722 4723 if (selector == TPM_ALG_XOR) { 4724 result = Parse_TPMI_ALG_HASH(buffer, &value->xor_, value_bytes); 4725 if (result) { 4726 return result; 4727 } 4728 } 4729 return result; 4730 } 4731 4732 TPM_RC Serialize_TPMU_SYM_MODE(const TPMU_SYM_MODE& value, 4733 TPMI_ALG_SYM selector, 4734 std::string* buffer) { 4735 TPM_RC result = TPM_RC_SUCCESS; 4736 VLOG(3) << __func__; 4737 4738 if (selector == TPM_ALG_NULL) { 4739 // Do nothing. 4740 } 4741 4742 if (selector == TPM_ALG_SM4) { 4743 result = Serialize_TPMI_ALG_SYM_MODE(value.sm4, buffer); 4744 if (result) { 4745 return result; 4746 } 4747 } 4748 4749 if (selector == TPM_ALG_AES) { 4750 result = Serialize_TPMI_ALG_SYM_MODE(value.aes, buffer); 4751 if (result) { 4752 return result; 4753 } 4754 } 4755 4756 if (selector == TPM_ALG_XOR) { 4757 // Do nothing. 4758 } 4759 return result; 4760 } 4761 4762 TPM_RC Parse_TPMU_SYM_MODE(std::string* buffer, 4763 TPMI_ALG_SYM selector, 4764 TPMU_SYM_MODE* value, 4765 std::string* value_bytes) { 4766 TPM_RC result = TPM_RC_SUCCESS; 4767 VLOG(3) << __func__; 4768 4769 if (selector == TPM_ALG_NULL) { 4770 // Do nothing. 4771 } 4772 4773 if (selector == TPM_ALG_SM4) { 4774 result = Parse_TPMI_ALG_SYM_MODE(buffer, &value->sm4, value_bytes); 4775 if (result) { 4776 return result; 4777 } 4778 } 4779 4780 if (selector == TPM_ALG_AES) { 4781 result = Parse_TPMI_ALG_SYM_MODE(buffer, &value->aes, value_bytes); 4782 if (result) { 4783 return result; 4784 } 4785 } 4786 4787 if (selector == TPM_ALG_XOR) { 4788 // Do nothing. 4789 } 4790 return result; 4791 } 4792 4793 TPM_RC Serialize_TPMU_SYM_DETAILS(const TPMU_SYM_DETAILS& value, 4794 TPMI_ALG_SYM selector, 4795 std::string* buffer) { 4796 TPM_RC result = TPM_RC_SUCCESS; 4797 VLOG(3) << __func__; 4798 return result; 4799 } 4800 4801 TPM_RC Parse_TPMU_SYM_DETAILS(std::string* buffer, 4802 TPMI_ALG_SYM selector, 4803 TPMU_SYM_DETAILS* value, 4804 std::string* value_bytes) { 4805 TPM_RC result = TPM_RC_SUCCESS; 4806 VLOG(3) << __func__; 4807 return result; 4808 } 4809 4810 TPM_RC Serialize_TPMT_SYM_DEF(const TPMT_SYM_DEF& value, std::string* buffer) { 4811 TPM_RC result = TPM_RC_SUCCESS; 4812 VLOG(3) << __func__; 4813 4814 result = Serialize_TPMI_ALG_SYM(value.algorithm, buffer); 4815 if (result) { 4816 return result; 4817 } 4818 4819 result = Serialize_TPMU_SYM_KEY_BITS(value.key_bits, value.algorithm, buffer); 4820 if (result) { 4821 return result; 4822 } 4823 4824 result = Serialize_TPMU_SYM_MODE(value.mode, value.algorithm, buffer); 4825 if (result) { 4826 return result; 4827 } 4828 4829 result = Serialize_TPMU_SYM_DETAILS(value.details, value.algorithm, buffer); 4830 if (result) { 4831 return result; 4832 } 4833 return result; 4834 } 4835 4836 TPM_RC Parse_TPMT_SYM_DEF(std::string* buffer, 4837 TPMT_SYM_DEF* value, 4838 std::string* value_bytes) { 4839 TPM_RC result = TPM_RC_SUCCESS; 4840 VLOG(3) << __func__; 4841 4842 result = Parse_TPMI_ALG_SYM(buffer, &value->algorithm, value_bytes); 4843 if (result) { 4844 return result; 4845 } 4846 4847 result = Parse_TPMU_SYM_KEY_BITS(buffer, value->algorithm, &value->key_bits, 4848 value_bytes); 4849 if (result) { 4850 return result; 4851 } 4852 4853 result = 4854 Parse_TPMU_SYM_MODE(buffer, value->algorithm, &value->mode, value_bytes); 4855 if (result) { 4856 return result; 4857 } 4858 4859 result = Parse_TPMU_SYM_DETAILS(buffer, value->algorithm, &value->details, 4860 value_bytes); 4861 if (result) { 4862 return result; 4863 } 4864 return result; 4865 } 4866 4867 TPM_RC Serialize_TPMT_SYM_DEF_OBJECT(const TPMT_SYM_DEF_OBJECT& value, 4868 std::string* buffer) { 4869 TPM_RC result = TPM_RC_SUCCESS; 4870 VLOG(3) << __func__; 4871 4872 result = Serialize_TPMI_ALG_SYM_OBJECT(value.algorithm, buffer); 4873 if (result) { 4874 return result; 4875 } 4876 4877 result = Serialize_TPMU_SYM_KEY_BITS(value.key_bits, value.algorithm, buffer); 4878 if (result) { 4879 return result; 4880 } 4881 4882 result = Serialize_TPMU_SYM_MODE(value.mode, value.algorithm, buffer); 4883 if (result) { 4884 return result; 4885 } 4886 4887 result = Serialize_TPMU_SYM_DETAILS(value.details, value.algorithm, buffer); 4888 if (result) { 4889 return result; 4890 } 4891 return result; 4892 } 4893 4894 TPM_RC Parse_TPMT_SYM_DEF_OBJECT(std::string* buffer, 4895 TPMT_SYM_DEF_OBJECT* value, 4896 std::string* value_bytes) { 4897 TPM_RC result = TPM_RC_SUCCESS; 4898 VLOG(3) << __func__; 4899 4900 result = Parse_TPMI_ALG_SYM_OBJECT(buffer, &value->algorithm, value_bytes); 4901 if (result) { 4902 return result; 4903 } 4904 4905 result = Parse_TPMU_SYM_KEY_BITS(buffer, value->algorithm, &value->key_bits, 4906 value_bytes); 4907 if (result) { 4908 return result; 4909 } 4910 4911 result = 4912 Parse_TPMU_SYM_MODE(buffer, value->algorithm, &value->mode, value_bytes); 4913 if (result) { 4914 return result; 4915 } 4916 4917 result = Parse_TPMU_SYM_DETAILS(buffer, value->algorithm, &value->details, 4918 value_bytes); 4919 if (result) { 4920 return result; 4921 } 4922 return result; 4923 } 4924 4925 TPM_RC Serialize_TPM2B_SYM_KEY(const TPM2B_SYM_KEY& value, 4926 std::string* buffer) { 4927 TPM_RC result = TPM_RC_SUCCESS; 4928 VLOG(3) << __func__; 4929 4930 result = Serialize_UINT16(value.size, buffer); 4931 if (result) { 4932 return result; 4933 } 4934 4935 if (arraysize(value.buffer) < value.size) { 4936 return TPM_RC_INSUFFICIENT; 4937 } 4938 for (uint32_t i = 0; i < value.size; ++i) { 4939 result = Serialize_BYTE(value.buffer[i], buffer); 4940 if (result) { 4941 return result; 4942 } 4943 } 4944 return result; 4945 } 4946 4947 TPM_RC Parse_TPM2B_SYM_KEY(std::string* buffer, 4948 TPM2B_SYM_KEY* value, 4949 std::string* value_bytes) { 4950 TPM_RC result = TPM_RC_SUCCESS; 4951 VLOG(3) << __func__; 4952 4953 result = Parse_UINT16(buffer, &value->size, value_bytes); 4954 if (result) { 4955 return result; 4956 } 4957 4958 if (arraysize(value->buffer) < value->size) { 4959 return TPM_RC_INSUFFICIENT; 4960 } 4961 for (uint32_t i = 0; i < value->size; ++i) { 4962 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 4963 if (result) { 4964 return result; 4965 } 4966 } 4967 return result; 4968 } 4969 4970 TPM2B_SYM_KEY Make_TPM2B_SYM_KEY(const std::string& bytes) { 4971 TPM2B_SYM_KEY tpm2b; 4972 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 4973 memset(&tpm2b, 0, sizeof(TPM2B_SYM_KEY)); 4974 tpm2b.size = bytes.size(); 4975 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 4976 return tpm2b; 4977 } 4978 4979 std::string StringFrom_TPM2B_SYM_KEY(const TPM2B_SYM_KEY& tpm2b) { 4980 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 4981 return std::string(char_buffer, tpm2b.size); 4982 } 4983 4984 TPM_RC Serialize_TPMS_SYMCIPHER_PARMS(const TPMS_SYMCIPHER_PARMS& value, 4985 std::string* buffer) { 4986 TPM_RC result = TPM_RC_SUCCESS; 4987 VLOG(3) << __func__; 4988 4989 result = Serialize_TPMT_SYM_DEF_OBJECT(value.sym, buffer); 4990 if (result) { 4991 return result; 4992 } 4993 return result; 4994 } 4995 4996 TPM_RC Parse_TPMS_SYMCIPHER_PARMS(std::string* buffer, 4997 TPMS_SYMCIPHER_PARMS* value, 4998 std::string* value_bytes) { 4999 TPM_RC result = TPM_RC_SUCCESS; 5000 VLOG(3) << __func__; 5001 5002 result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->sym, value_bytes); 5003 if (result) { 5004 return result; 5005 } 5006 return result; 5007 } 5008 5009 TPM_RC Serialize_TPM2B_SENSITIVE_DATA(const TPM2B_SENSITIVE_DATA& value, 5010 std::string* buffer) { 5011 TPM_RC result = TPM_RC_SUCCESS; 5012 VLOG(3) << __func__; 5013 5014 result = Serialize_UINT16(value.size, buffer); 5015 if (result) { 5016 return result; 5017 } 5018 5019 if (arraysize(value.buffer) < value.size) { 5020 return TPM_RC_INSUFFICIENT; 5021 } 5022 for (uint32_t i = 0; i < value.size; ++i) { 5023 result = Serialize_BYTE(value.buffer[i], buffer); 5024 if (result) { 5025 return result; 5026 } 5027 } 5028 return result; 5029 } 5030 5031 TPM_RC Parse_TPM2B_SENSITIVE_DATA(std::string* buffer, 5032 TPM2B_SENSITIVE_DATA* value, 5033 std::string* value_bytes) { 5034 TPM_RC result = TPM_RC_SUCCESS; 5035 VLOG(3) << __func__; 5036 5037 result = Parse_UINT16(buffer, &value->size, value_bytes); 5038 if (result) { 5039 return result; 5040 } 5041 5042 if (arraysize(value->buffer) < value->size) { 5043 return TPM_RC_INSUFFICIENT; 5044 } 5045 for (uint32_t i = 0; i < value->size; ++i) { 5046 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 5047 if (result) { 5048 return result; 5049 } 5050 } 5051 return result; 5052 } 5053 5054 TPM2B_SENSITIVE_DATA Make_TPM2B_SENSITIVE_DATA(const std::string& bytes) { 5055 TPM2B_SENSITIVE_DATA tpm2b; 5056 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 5057 memset(&tpm2b, 0, sizeof(TPM2B_SENSITIVE_DATA)); 5058 tpm2b.size = bytes.size(); 5059 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 5060 return tpm2b; 5061 } 5062 5063 std::string StringFrom_TPM2B_SENSITIVE_DATA(const TPM2B_SENSITIVE_DATA& tpm2b) { 5064 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 5065 return std::string(char_buffer, tpm2b.size); 5066 } 5067 5068 TPM_RC Serialize_TPMS_SENSITIVE_CREATE(const TPMS_SENSITIVE_CREATE& value, 5069 std::string* buffer) { 5070 TPM_RC result = TPM_RC_SUCCESS; 5071 VLOG(3) << __func__; 5072 5073 result = Serialize_TPM2B_AUTH(value.user_auth, buffer); 5074 if (result) { 5075 return result; 5076 } 5077 5078 result = Serialize_TPM2B_SENSITIVE_DATA(value.data, buffer); 5079 if (result) { 5080 return result; 5081 } 5082 return result; 5083 } 5084 5085 TPM_RC Parse_TPMS_SENSITIVE_CREATE(std::string* buffer, 5086 TPMS_SENSITIVE_CREATE* value, 5087 std::string* value_bytes) { 5088 TPM_RC result = TPM_RC_SUCCESS; 5089 VLOG(3) << __func__; 5090 5091 result = Parse_TPM2B_AUTH(buffer, &value->user_auth, value_bytes); 5092 if (result) { 5093 return result; 5094 } 5095 5096 result = Parse_TPM2B_SENSITIVE_DATA(buffer, &value->data, value_bytes); 5097 if (result) { 5098 return result; 5099 } 5100 return result; 5101 } 5102 5103 TPM_RC Serialize_TPM2B_SENSITIVE_CREATE(const TPM2B_SENSITIVE_CREATE& value, 5104 std::string* buffer) { 5105 TPM_RC result = TPM_RC_SUCCESS; 5106 VLOG(3) << __func__; 5107 5108 std::string field_bytes; 5109 result = Serialize_TPMS_SENSITIVE_CREATE(value.sensitive, &field_bytes); 5110 if (result) { 5111 return result; 5112 } 5113 std::string size_bytes; 5114 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 5115 if (result) { 5116 return result; 5117 } 5118 buffer->append(size_bytes + field_bytes); 5119 return result; 5120 } 5121 5122 TPM_RC Parse_TPM2B_SENSITIVE_CREATE(std::string* buffer, 5123 TPM2B_SENSITIVE_CREATE* value, 5124 std::string* value_bytes) { 5125 TPM_RC result = TPM_RC_SUCCESS; 5126 VLOG(3) << __func__; 5127 5128 result = Parse_UINT16(buffer, &value->size, value_bytes); 5129 if (result) { 5130 return result; 5131 } 5132 5133 result = Parse_TPMS_SENSITIVE_CREATE(buffer, &value->sensitive, value_bytes); 5134 if (result) { 5135 return result; 5136 } 5137 return result; 5138 } 5139 5140 TPM2B_SENSITIVE_CREATE Make_TPM2B_SENSITIVE_CREATE( 5141 const TPMS_SENSITIVE_CREATE& inner) { 5142 TPM2B_SENSITIVE_CREATE tpm2b; 5143 tpm2b.size = sizeof(TPMS_SENSITIVE_CREATE); 5144 tpm2b.sensitive = inner; 5145 return tpm2b; 5146 } 5147 5148 TPM_RC Serialize_TPMS_SCHEME_XOR(const TPMS_SCHEME_XOR& value, 5149 std::string* buffer) { 5150 TPM_RC result = TPM_RC_SUCCESS; 5151 VLOG(3) << __func__; 5152 5153 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5154 if (result) { 5155 return result; 5156 } 5157 5158 result = Serialize_TPMI_ALG_KDF(value.kdf, buffer); 5159 if (result) { 5160 return result; 5161 } 5162 return result; 5163 } 5164 5165 TPM_RC Parse_TPMS_SCHEME_XOR(std::string* buffer, 5166 TPMS_SCHEME_XOR* value, 5167 std::string* value_bytes) { 5168 TPM_RC result = TPM_RC_SUCCESS; 5169 VLOG(3) << __func__; 5170 5171 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5172 if (result) { 5173 return result; 5174 } 5175 5176 result = Parse_TPMI_ALG_KDF(buffer, &value->kdf, value_bytes); 5177 if (result) { 5178 return result; 5179 } 5180 return result; 5181 } 5182 5183 TPM_RC Serialize_TPMU_SCHEME_KEYEDHASH(const TPMU_SCHEME_KEYEDHASH& value, 5184 TPMI_ALG_KEYEDHASH_SCHEME selector, 5185 std::string* buffer) { 5186 TPM_RC result = TPM_RC_SUCCESS; 5187 VLOG(3) << __func__; 5188 5189 if (selector == TPM_ALG_NULL) { 5190 // Do nothing. 5191 } 5192 5193 if (selector == TPM_ALG_HMAC) { 5194 result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer); 5195 if (result) { 5196 return result; 5197 } 5198 } 5199 5200 if (selector == TPM_ALG_XOR) { 5201 result = Serialize_TPMS_SCHEME_XOR(value.xor_, buffer); 5202 if (result) { 5203 return result; 5204 } 5205 } 5206 return result; 5207 } 5208 5209 TPM_RC Parse_TPMU_SCHEME_KEYEDHASH(std::string* buffer, 5210 TPMI_ALG_KEYEDHASH_SCHEME selector, 5211 TPMU_SCHEME_KEYEDHASH* value, 5212 std::string* value_bytes) { 5213 TPM_RC result = TPM_RC_SUCCESS; 5214 VLOG(3) << __func__; 5215 5216 if (selector == TPM_ALG_NULL) { 5217 // Do nothing. 5218 } 5219 5220 if (selector == TPM_ALG_HMAC) { 5221 result = Parse_TPMS_SCHEME_HMAC(buffer, &value->hmac, value_bytes); 5222 if (result) { 5223 return result; 5224 } 5225 } 5226 5227 if (selector == TPM_ALG_XOR) { 5228 result = Parse_TPMS_SCHEME_XOR(buffer, &value->xor_, value_bytes); 5229 if (result) { 5230 return result; 5231 } 5232 } 5233 return result; 5234 } 5235 5236 TPM_RC Serialize_TPMT_KEYEDHASH_SCHEME(const TPMT_KEYEDHASH_SCHEME& value, 5237 std::string* buffer) { 5238 TPM_RC result = TPM_RC_SUCCESS; 5239 VLOG(3) << __func__; 5240 5241 result = Serialize_TPMI_ALG_KEYEDHASH_SCHEME(value.scheme, buffer); 5242 if (result) { 5243 return result; 5244 } 5245 5246 result = Serialize_TPMU_SCHEME_KEYEDHASH(value.details, value.scheme, buffer); 5247 if (result) { 5248 return result; 5249 } 5250 return result; 5251 } 5252 5253 TPM_RC Parse_TPMT_KEYEDHASH_SCHEME(std::string* buffer, 5254 TPMT_KEYEDHASH_SCHEME* value, 5255 std::string* value_bytes) { 5256 TPM_RC result = TPM_RC_SUCCESS; 5257 VLOG(3) << __func__; 5258 5259 result = Parse_TPMI_ALG_KEYEDHASH_SCHEME(buffer, &value->scheme, value_bytes); 5260 if (result) { 5261 return result; 5262 } 5263 5264 result = Parse_TPMU_SCHEME_KEYEDHASH(buffer, value->scheme, &value->details, 5265 value_bytes); 5266 if (result) { 5267 return result; 5268 } 5269 return result; 5270 } 5271 5272 TPM_RC Serialize_TPMS_SCHEME_ECDAA(const TPMS_SCHEME_ECDAA& value, 5273 std::string* buffer) { 5274 TPM_RC result = TPM_RC_SUCCESS; 5275 VLOG(3) << __func__; 5276 5277 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5278 if (result) { 5279 return result; 5280 } 5281 5282 result = Serialize_UINT16(value.count, buffer); 5283 if (result) { 5284 return result; 5285 } 5286 return result; 5287 } 5288 5289 TPM_RC Parse_TPMS_SCHEME_ECDAA(std::string* buffer, 5290 TPMS_SCHEME_ECDAA* value, 5291 std::string* value_bytes) { 5292 TPM_RC result = TPM_RC_SUCCESS; 5293 VLOG(3) << __func__; 5294 5295 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5296 if (result) { 5297 return result; 5298 } 5299 5300 result = Parse_UINT16(buffer, &value->count, value_bytes); 5301 if (result) { 5302 return result; 5303 } 5304 return result; 5305 } 5306 5307 TPM_RC Serialize_TPMU_SIG_SCHEME(const TPMU_SIG_SCHEME& value, 5308 TPMI_ALG_SIG_SCHEME selector, 5309 std::string* buffer) { 5310 TPM_RC result = TPM_RC_SUCCESS; 5311 VLOG(3) << __func__; 5312 5313 if (selector == TPM_ALG_HMAC) { 5314 result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer); 5315 if (result) { 5316 return result; 5317 } 5318 } 5319 5320 if (selector == TPM_ALG_ECSCHNORR) { 5321 result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer); 5322 if (result) { 5323 return result; 5324 } 5325 } 5326 5327 if (selector == TPM_ALG_RSAPSS) { 5328 result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer); 5329 if (result) { 5330 return result; 5331 } 5332 } 5333 5334 if (selector == TPM_ALG_ECDAA) { 5335 result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer); 5336 if (result) { 5337 return result; 5338 } 5339 } 5340 5341 if (selector == TPM_ALG_RSASSA) { 5342 result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer); 5343 if (result) { 5344 return result; 5345 } 5346 } 5347 5348 if (selector == TPM_ALG_SM2) { 5349 result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer); 5350 if (result) { 5351 return result; 5352 } 5353 } 5354 5355 if (selector == TPM_ALG_ECDSA) { 5356 result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer); 5357 if (result) { 5358 return result; 5359 } 5360 } 5361 5362 if (selector == TPM_ALG_NULL) { 5363 // Do nothing. 5364 } 5365 return result; 5366 } 5367 5368 TPM_RC Parse_TPMU_SIG_SCHEME(std::string* buffer, 5369 TPMI_ALG_SIG_SCHEME selector, 5370 TPMU_SIG_SCHEME* value, 5371 std::string* value_bytes) { 5372 TPM_RC result = TPM_RC_SUCCESS; 5373 VLOG(3) << __func__; 5374 5375 if (selector == TPM_ALG_HMAC) { 5376 result = Parse_TPMS_SCHEME_HMAC(buffer, &value->hmac, value_bytes); 5377 if (result) { 5378 return result; 5379 } 5380 } 5381 5382 if (selector == TPM_ALG_ECSCHNORR) { 5383 result = 5384 Parse_TPMS_SCHEME_ECSCHNORR(buffer, &value->ec_schnorr, value_bytes); 5385 if (result) { 5386 return result; 5387 } 5388 } 5389 5390 if (selector == TPM_ALG_RSAPSS) { 5391 result = Parse_TPMS_SCHEME_RSAPSS(buffer, &value->rsapss, value_bytes); 5392 if (result) { 5393 return result; 5394 } 5395 } 5396 5397 if (selector == TPM_ALG_ECDAA) { 5398 result = Parse_TPMS_SCHEME_ECDAA(buffer, &value->ecdaa, value_bytes); 5399 if (result) { 5400 return result; 5401 } 5402 } 5403 5404 if (selector == TPM_ALG_RSASSA) { 5405 result = Parse_TPMS_SCHEME_RSASSA(buffer, &value->rsassa, value_bytes); 5406 if (result) { 5407 return result; 5408 } 5409 } 5410 5411 if (selector == TPM_ALG_SM2) { 5412 result = Parse_TPMS_SCHEME_SM2(buffer, &value->sm2, value_bytes); 5413 if (result) { 5414 return result; 5415 } 5416 } 5417 5418 if (selector == TPM_ALG_ECDSA) { 5419 result = Parse_TPMS_SCHEME_ECDSA(buffer, &value->ecdsa, value_bytes); 5420 if (result) { 5421 return result; 5422 } 5423 } 5424 5425 if (selector == TPM_ALG_NULL) { 5426 // Do nothing. 5427 } 5428 return result; 5429 } 5430 5431 TPM_RC Serialize_TPMT_SIG_SCHEME(const TPMT_SIG_SCHEME& value, 5432 std::string* buffer) { 5433 TPM_RC result = TPM_RC_SUCCESS; 5434 VLOG(3) << __func__; 5435 5436 result = Serialize_TPMI_ALG_SIG_SCHEME(value.scheme, buffer); 5437 if (result) { 5438 return result; 5439 } 5440 5441 result = Serialize_TPMU_SIG_SCHEME(value.details, value.scheme, buffer); 5442 if (result) { 5443 return result; 5444 } 5445 return result; 5446 } 5447 5448 TPM_RC Parse_TPMT_SIG_SCHEME(std::string* buffer, 5449 TPMT_SIG_SCHEME* value, 5450 std::string* value_bytes) { 5451 TPM_RC result = TPM_RC_SUCCESS; 5452 VLOG(3) << __func__; 5453 5454 result = Parse_TPMI_ALG_SIG_SCHEME(buffer, &value->scheme, value_bytes); 5455 if (result) { 5456 return result; 5457 } 5458 5459 result = Parse_TPMU_SIG_SCHEME(buffer, value->scheme, &value->details, 5460 value_bytes); 5461 if (result) { 5462 return result; 5463 } 5464 return result; 5465 } 5466 5467 TPM_RC Serialize_TPMS_SCHEME_OAEP(const TPMS_SCHEME_OAEP& value, 5468 std::string* buffer) { 5469 TPM_RC result = TPM_RC_SUCCESS; 5470 VLOG(3) << __func__; 5471 5472 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5473 if (result) { 5474 return result; 5475 } 5476 return result; 5477 } 5478 5479 TPM_RC Parse_TPMS_SCHEME_OAEP(std::string* buffer, 5480 TPMS_SCHEME_OAEP* value, 5481 std::string* value_bytes) { 5482 TPM_RC result = TPM_RC_SUCCESS; 5483 VLOG(3) << __func__; 5484 5485 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5486 if (result) { 5487 return result; 5488 } 5489 return result; 5490 } 5491 5492 TPM_RC Serialize_TPMS_SCHEME_ECDH(const TPMS_SCHEME_ECDH& value, 5493 std::string* buffer) { 5494 TPM_RC result = TPM_RC_SUCCESS; 5495 VLOG(3) << __func__; 5496 5497 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5498 if (result) { 5499 return result; 5500 } 5501 return result; 5502 } 5503 5504 TPM_RC Parse_TPMS_SCHEME_ECDH(std::string* buffer, 5505 TPMS_SCHEME_ECDH* value, 5506 std::string* value_bytes) { 5507 TPM_RC result = TPM_RC_SUCCESS; 5508 VLOG(3) << __func__; 5509 5510 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5511 if (result) { 5512 return result; 5513 } 5514 return result; 5515 } 5516 5517 TPM_RC Serialize_TPMS_SCHEME_MGF1(const TPMS_SCHEME_MGF1& value, 5518 std::string* buffer) { 5519 TPM_RC result = TPM_RC_SUCCESS; 5520 VLOG(3) << __func__; 5521 5522 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5523 if (result) { 5524 return result; 5525 } 5526 return result; 5527 } 5528 5529 TPM_RC Parse_TPMS_SCHEME_MGF1(std::string* buffer, 5530 TPMS_SCHEME_MGF1* value, 5531 std::string* value_bytes) { 5532 TPM_RC result = TPM_RC_SUCCESS; 5533 VLOG(3) << __func__; 5534 5535 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5536 if (result) { 5537 return result; 5538 } 5539 return result; 5540 } 5541 5542 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_56a( 5543 const TPMS_SCHEME_KDF1_SP800_56a& value, 5544 std::string* buffer) { 5545 TPM_RC result = TPM_RC_SUCCESS; 5546 VLOG(3) << __func__; 5547 5548 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5549 if (result) { 5550 return result; 5551 } 5552 return result; 5553 } 5554 5555 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_56a(std::string* buffer, 5556 TPMS_SCHEME_KDF1_SP800_56a* value, 5557 std::string* value_bytes) { 5558 TPM_RC result = TPM_RC_SUCCESS; 5559 VLOG(3) << __func__; 5560 5561 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5562 if (result) { 5563 return result; 5564 } 5565 return result; 5566 } 5567 5568 TPM_RC Serialize_TPMS_SCHEME_KDF2(const TPMS_SCHEME_KDF2& value, 5569 std::string* buffer) { 5570 TPM_RC result = TPM_RC_SUCCESS; 5571 VLOG(3) << __func__; 5572 5573 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5574 if (result) { 5575 return result; 5576 } 5577 return result; 5578 } 5579 5580 TPM_RC Parse_TPMS_SCHEME_KDF2(std::string* buffer, 5581 TPMS_SCHEME_KDF2* value, 5582 std::string* value_bytes) { 5583 TPM_RC result = TPM_RC_SUCCESS; 5584 VLOG(3) << __func__; 5585 5586 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5587 if (result) { 5588 return result; 5589 } 5590 return result; 5591 } 5592 5593 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_108( 5594 const TPMS_SCHEME_KDF1_SP800_108& value, 5595 std::string* buffer) { 5596 TPM_RC result = TPM_RC_SUCCESS; 5597 VLOG(3) << __func__; 5598 5599 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5600 if (result) { 5601 return result; 5602 } 5603 return result; 5604 } 5605 5606 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_108(std::string* buffer, 5607 TPMS_SCHEME_KDF1_SP800_108* value, 5608 std::string* value_bytes) { 5609 TPM_RC result = TPM_RC_SUCCESS; 5610 VLOG(3) << __func__; 5611 5612 result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes); 5613 if (result) { 5614 return result; 5615 } 5616 return result; 5617 } 5618 5619 TPM_RC Serialize_TPMU_KDF_SCHEME(const TPMU_KDF_SCHEME& value, 5620 TPMI_ALG_KDF selector, 5621 std::string* buffer) { 5622 TPM_RC result = TPM_RC_SUCCESS; 5623 VLOG(3) << __func__; 5624 5625 if (selector == TPM_ALG_KDF1_SP800_56a) { 5626 result = Serialize_TPMS_SCHEME_KDF1_SP800_56a(value.kdf1_sp800_56a, buffer); 5627 if (result) { 5628 return result; 5629 } 5630 } 5631 5632 if (selector == TPM_ALG_MGF1) { 5633 result = Serialize_TPMS_SCHEME_MGF1(value.mgf1, buffer); 5634 if (result) { 5635 return result; 5636 } 5637 } 5638 5639 if (selector == TPM_ALG_KDF1_SP800_108) { 5640 result = Serialize_TPMS_SCHEME_KDF1_SP800_108(value.kdf1_sp800_108, buffer); 5641 if (result) { 5642 return result; 5643 } 5644 } 5645 5646 if (selector == TPM_ALG_KDF2) { 5647 result = Serialize_TPMS_SCHEME_KDF2(value.kdf2, buffer); 5648 if (result) { 5649 return result; 5650 } 5651 } 5652 5653 if (selector == TPM_ALG_NULL) { 5654 // Do nothing. 5655 } 5656 return result; 5657 } 5658 5659 TPM_RC Parse_TPMU_KDF_SCHEME(std::string* buffer, 5660 TPMI_ALG_KDF selector, 5661 TPMU_KDF_SCHEME* value, 5662 std::string* value_bytes) { 5663 TPM_RC result = TPM_RC_SUCCESS; 5664 VLOG(3) << __func__; 5665 5666 if (selector == TPM_ALG_KDF1_SP800_56a) { 5667 result = Parse_TPMS_SCHEME_KDF1_SP800_56a(buffer, &value->kdf1_sp800_56a, 5668 value_bytes); 5669 if (result) { 5670 return result; 5671 } 5672 } 5673 5674 if (selector == TPM_ALG_MGF1) { 5675 result = Parse_TPMS_SCHEME_MGF1(buffer, &value->mgf1, value_bytes); 5676 if (result) { 5677 return result; 5678 } 5679 } 5680 5681 if (selector == TPM_ALG_KDF1_SP800_108) { 5682 result = Parse_TPMS_SCHEME_KDF1_SP800_108(buffer, &value->kdf1_sp800_108, 5683 value_bytes); 5684 if (result) { 5685 return result; 5686 } 5687 } 5688 5689 if (selector == TPM_ALG_KDF2) { 5690 result = Parse_TPMS_SCHEME_KDF2(buffer, &value->kdf2, value_bytes); 5691 if (result) { 5692 return result; 5693 } 5694 } 5695 5696 if (selector == TPM_ALG_NULL) { 5697 // Do nothing. 5698 } 5699 return result; 5700 } 5701 5702 TPM_RC Serialize_TPMT_KDF_SCHEME(const TPMT_KDF_SCHEME& value, 5703 std::string* buffer) { 5704 TPM_RC result = TPM_RC_SUCCESS; 5705 VLOG(3) << __func__; 5706 5707 result = Serialize_TPMI_ALG_KDF(value.scheme, buffer); 5708 if (result) { 5709 return result; 5710 } 5711 5712 result = Serialize_TPMU_KDF_SCHEME(value.details, value.scheme, buffer); 5713 if (result) { 5714 return result; 5715 } 5716 return result; 5717 } 5718 5719 TPM_RC Parse_TPMT_KDF_SCHEME(std::string* buffer, 5720 TPMT_KDF_SCHEME* value, 5721 std::string* value_bytes) { 5722 TPM_RC result = TPM_RC_SUCCESS; 5723 VLOG(3) << __func__; 5724 5725 result = Parse_TPMI_ALG_KDF(buffer, &value->scheme, value_bytes); 5726 if (result) { 5727 return result; 5728 } 5729 5730 result = Parse_TPMU_KDF_SCHEME(buffer, value->scheme, &value->details, 5731 value_bytes); 5732 if (result) { 5733 return result; 5734 } 5735 return result; 5736 } 5737 5738 TPM_RC Serialize_TPMU_ASYM_SCHEME(const TPMU_ASYM_SCHEME& value, 5739 TPMI_ALG_ASYM_SCHEME selector, 5740 std::string* buffer) { 5741 TPM_RC result = TPM_RC_SUCCESS; 5742 VLOG(3) << __func__; 5743 5744 if (selector == TPM_ALG_RSAES) { 5745 // Do nothing. 5746 } 5747 5748 if (selector == TPM_ALG_ECSCHNORR) { 5749 result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer); 5750 if (result) { 5751 return result; 5752 } 5753 } 5754 5755 if (selector == TPM_ALG_NULL) { 5756 // Do nothing. 5757 } 5758 5759 if (selector == TPM_ALG_ECDH) { 5760 result = Serialize_TPMS_SCHEME_ECDH(value.ecdh, buffer); 5761 if (result) { 5762 return result; 5763 } 5764 } 5765 5766 if (selector == TPM_ALG_OAEP) { 5767 result = Serialize_TPMS_SCHEME_OAEP(value.oaep, buffer); 5768 if (result) { 5769 return result; 5770 } 5771 } 5772 5773 if (selector == TPM_ALG_RSAPSS) { 5774 result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer); 5775 if (result) { 5776 return result; 5777 } 5778 } 5779 5780 if (selector == TPM_ALG_ECDAA) { 5781 result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer); 5782 if (result) { 5783 return result; 5784 } 5785 } 5786 5787 if (selector == TPM_ALG_RSASSA) { 5788 result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer); 5789 if (result) { 5790 return result; 5791 } 5792 } 5793 5794 if (selector == TPM_ALG_SM2) { 5795 result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer); 5796 if (result) { 5797 return result; 5798 } 5799 } 5800 5801 if (selector == TPM_ALG_ECDSA) { 5802 result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer); 5803 if (result) { 5804 return result; 5805 } 5806 } 5807 return result; 5808 } 5809 5810 TPM_RC Parse_TPMU_ASYM_SCHEME(std::string* buffer, 5811 TPMI_ALG_ASYM_SCHEME selector, 5812 TPMU_ASYM_SCHEME* value, 5813 std::string* value_bytes) { 5814 TPM_RC result = TPM_RC_SUCCESS; 5815 VLOG(3) << __func__; 5816 5817 if (selector == TPM_ALG_RSAES) { 5818 // Do nothing. 5819 } 5820 5821 if (selector == TPM_ALG_ECSCHNORR) { 5822 result = 5823 Parse_TPMS_SCHEME_ECSCHNORR(buffer, &value->ec_schnorr, value_bytes); 5824 if (result) { 5825 return result; 5826 } 5827 } 5828 5829 if (selector == TPM_ALG_NULL) { 5830 // Do nothing. 5831 } 5832 5833 if (selector == TPM_ALG_ECDH) { 5834 result = Parse_TPMS_SCHEME_ECDH(buffer, &value->ecdh, value_bytes); 5835 if (result) { 5836 return result; 5837 } 5838 } 5839 5840 if (selector == TPM_ALG_OAEP) { 5841 result = Parse_TPMS_SCHEME_OAEP(buffer, &value->oaep, value_bytes); 5842 if (result) { 5843 return result; 5844 } 5845 } 5846 5847 if (selector == TPM_ALG_RSAPSS) { 5848 result = Parse_TPMS_SCHEME_RSAPSS(buffer, &value->rsapss, value_bytes); 5849 if (result) { 5850 return result; 5851 } 5852 } 5853 5854 if (selector == TPM_ALG_ECDAA) { 5855 result = Parse_TPMS_SCHEME_ECDAA(buffer, &value->ecdaa, value_bytes); 5856 if (result) { 5857 return result; 5858 } 5859 } 5860 5861 if (selector == TPM_ALG_RSASSA) { 5862 result = Parse_TPMS_SCHEME_RSASSA(buffer, &value->rsassa, value_bytes); 5863 if (result) { 5864 return result; 5865 } 5866 } 5867 5868 if (selector == TPM_ALG_SM2) { 5869 result = Parse_TPMS_SCHEME_SM2(buffer, &value->sm2, value_bytes); 5870 if (result) { 5871 return result; 5872 } 5873 } 5874 5875 if (selector == TPM_ALG_ECDSA) { 5876 result = Parse_TPMS_SCHEME_ECDSA(buffer, &value->ecdsa, value_bytes); 5877 if (result) { 5878 return result; 5879 } 5880 } 5881 return result; 5882 } 5883 5884 TPM_RC Serialize_TPMT_ASYM_SCHEME(const TPMT_ASYM_SCHEME& value, 5885 std::string* buffer) { 5886 TPM_RC result = TPM_RC_SUCCESS; 5887 VLOG(3) << __func__; 5888 5889 result = Serialize_TPMI_ALG_ASYM_SCHEME(value.scheme, buffer); 5890 if (result) { 5891 return result; 5892 } 5893 5894 result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer); 5895 if (result) { 5896 return result; 5897 } 5898 return result; 5899 } 5900 5901 TPM_RC Parse_TPMT_ASYM_SCHEME(std::string* buffer, 5902 TPMT_ASYM_SCHEME* value, 5903 std::string* value_bytes) { 5904 TPM_RC result = TPM_RC_SUCCESS; 5905 VLOG(3) << __func__; 5906 5907 result = Parse_TPMI_ALG_ASYM_SCHEME(buffer, &value->scheme, value_bytes); 5908 if (result) { 5909 return result; 5910 } 5911 5912 result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details, 5913 value_bytes); 5914 if (result) { 5915 return result; 5916 } 5917 return result; 5918 } 5919 5920 TPM_RC Serialize_TPMT_RSA_SCHEME(const TPMT_RSA_SCHEME& value, 5921 std::string* buffer) { 5922 TPM_RC result = TPM_RC_SUCCESS; 5923 VLOG(3) << __func__; 5924 5925 result = Serialize_TPMI_ALG_RSA_SCHEME(value.scheme, buffer); 5926 if (result) { 5927 return result; 5928 } 5929 5930 result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer); 5931 if (result) { 5932 return result; 5933 } 5934 return result; 5935 } 5936 5937 TPM_RC Parse_TPMT_RSA_SCHEME(std::string* buffer, 5938 TPMT_RSA_SCHEME* value, 5939 std::string* value_bytes) { 5940 TPM_RC result = TPM_RC_SUCCESS; 5941 VLOG(3) << __func__; 5942 5943 result = Parse_TPMI_ALG_RSA_SCHEME(buffer, &value->scheme, value_bytes); 5944 if (result) { 5945 return result; 5946 } 5947 5948 result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details, 5949 value_bytes); 5950 if (result) { 5951 return result; 5952 } 5953 return result; 5954 } 5955 5956 TPM_RC Serialize_TPMT_RSA_DECRYPT(const TPMT_RSA_DECRYPT& value, 5957 std::string* buffer) { 5958 TPM_RC result = TPM_RC_SUCCESS; 5959 VLOG(3) << __func__; 5960 5961 result = Serialize_TPMI_ALG_RSA_DECRYPT(value.scheme, buffer); 5962 if (result) { 5963 return result; 5964 } 5965 5966 result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer); 5967 if (result) { 5968 return result; 5969 } 5970 return result; 5971 } 5972 5973 TPM_RC Parse_TPMT_RSA_DECRYPT(std::string* buffer, 5974 TPMT_RSA_DECRYPT* value, 5975 std::string* value_bytes) { 5976 TPM_RC result = TPM_RC_SUCCESS; 5977 VLOG(3) << __func__; 5978 5979 result = Parse_TPMI_ALG_RSA_DECRYPT(buffer, &value->scheme, value_bytes); 5980 if (result) { 5981 return result; 5982 } 5983 5984 result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details, 5985 value_bytes); 5986 if (result) { 5987 return result; 5988 } 5989 return result; 5990 } 5991 5992 TPM_RC Serialize_TPM2B_PUBLIC_KEY_RSA(const TPM2B_PUBLIC_KEY_RSA& value, 5993 std::string* buffer) { 5994 TPM_RC result = TPM_RC_SUCCESS; 5995 VLOG(3) << __func__; 5996 5997 result = Serialize_UINT16(value.size, buffer); 5998 if (result) { 5999 return result; 6000 } 6001 6002 if (arraysize(value.buffer) < value.size) { 6003 return TPM_RC_INSUFFICIENT; 6004 } 6005 for (uint32_t i = 0; i < value.size; ++i) { 6006 result = Serialize_BYTE(value.buffer[i], buffer); 6007 if (result) { 6008 return result; 6009 } 6010 } 6011 return result; 6012 } 6013 6014 TPM_RC Parse_TPM2B_PUBLIC_KEY_RSA(std::string* buffer, 6015 TPM2B_PUBLIC_KEY_RSA* value, 6016 std::string* value_bytes) { 6017 TPM_RC result = TPM_RC_SUCCESS; 6018 VLOG(3) << __func__; 6019 6020 result = Parse_UINT16(buffer, &value->size, value_bytes); 6021 if (result) { 6022 return result; 6023 } 6024 6025 if (arraysize(value->buffer) < value->size) { 6026 return TPM_RC_INSUFFICIENT; 6027 } 6028 for (uint32_t i = 0; i < value->size; ++i) { 6029 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 6030 if (result) { 6031 return result; 6032 } 6033 } 6034 return result; 6035 } 6036 6037 TPM2B_PUBLIC_KEY_RSA Make_TPM2B_PUBLIC_KEY_RSA(const std::string& bytes) { 6038 TPM2B_PUBLIC_KEY_RSA tpm2b; 6039 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 6040 memset(&tpm2b, 0, sizeof(TPM2B_PUBLIC_KEY_RSA)); 6041 tpm2b.size = bytes.size(); 6042 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 6043 return tpm2b; 6044 } 6045 6046 std::string StringFrom_TPM2B_PUBLIC_KEY_RSA(const TPM2B_PUBLIC_KEY_RSA& tpm2b) { 6047 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 6048 return std::string(char_buffer, tpm2b.size); 6049 } 6050 6051 TPM_RC Serialize_TPM2B_PRIVATE_KEY_RSA(const TPM2B_PRIVATE_KEY_RSA& value, 6052 std::string* buffer) { 6053 TPM_RC result = TPM_RC_SUCCESS; 6054 VLOG(3) << __func__; 6055 6056 result = Serialize_UINT16(value.size, buffer); 6057 if (result) { 6058 return result; 6059 } 6060 6061 if (arraysize(value.buffer) < value.size) { 6062 return TPM_RC_INSUFFICIENT; 6063 } 6064 for (uint32_t i = 0; i < value.size; ++i) { 6065 result = Serialize_BYTE(value.buffer[i], buffer); 6066 if (result) { 6067 return result; 6068 } 6069 } 6070 return result; 6071 } 6072 6073 TPM_RC Parse_TPM2B_PRIVATE_KEY_RSA(std::string* buffer, 6074 TPM2B_PRIVATE_KEY_RSA* value, 6075 std::string* value_bytes) { 6076 TPM_RC result = TPM_RC_SUCCESS; 6077 VLOG(3) << __func__; 6078 6079 result = Parse_UINT16(buffer, &value->size, value_bytes); 6080 if (result) { 6081 return result; 6082 } 6083 6084 if (arraysize(value->buffer) < value->size) { 6085 return TPM_RC_INSUFFICIENT; 6086 } 6087 for (uint32_t i = 0; i < value->size; ++i) { 6088 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 6089 if (result) { 6090 return result; 6091 } 6092 } 6093 return result; 6094 } 6095 6096 TPM2B_PRIVATE_KEY_RSA Make_TPM2B_PRIVATE_KEY_RSA(const std::string& bytes) { 6097 TPM2B_PRIVATE_KEY_RSA tpm2b; 6098 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 6099 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_KEY_RSA)); 6100 tpm2b.size = bytes.size(); 6101 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 6102 return tpm2b; 6103 } 6104 6105 std::string StringFrom_TPM2B_PRIVATE_KEY_RSA( 6106 const TPM2B_PRIVATE_KEY_RSA& tpm2b) { 6107 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 6108 return std::string(char_buffer, tpm2b.size); 6109 } 6110 6111 TPM_RC Serialize_TPM2B_ECC_PARAMETER(const TPM2B_ECC_PARAMETER& value, 6112 std::string* buffer) { 6113 TPM_RC result = TPM_RC_SUCCESS; 6114 VLOG(3) << __func__; 6115 6116 result = Serialize_UINT16(value.size, buffer); 6117 if (result) { 6118 return result; 6119 } 6120 6121 if (arraysize(value.buffer) < value.size) { 6122 return TPM_RC_INSUFFICIENT; 6123 } 6124 for (uint32_t i = 0; i < value.size; ++i) { 6125 result = Serialize_BYTE(value.buffer[i], buffer); 6126 if (result) { 6127 return result; 6128 } 6129 } 6130 return result; 6131 } 6132 6133 TPM_RC Parse_TPM2B_ECC_PARAMETER(std::string* buffer, 6134 TPM2B_ECC_PARAMETER* value, 6135 std::string* value_bytes) { 6136 TPM_RC result = TPM_RC_SUCCESS; 6137 VLOG(3) << __func__; 6138 6139 result = Parse_UINT16(buffer, &value->size, value_bytes); 6140 if (result) { 6141 return result; 6142 } 6143 6144 if (arraysize(value->buffer) < value->size) { 6145 return TPM_RC_INSUFFICIENT; 6146 } 6147 for (uint32_t i = 0; i < value->size; ++i) { 6148 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 6149 if (result) { 6150 return result; 6151 } 6152 } 6153 return result; 6154 } 6155 6156 TPM2B_ECC_PARAMETER Make_TPM2B_ECC_PARAMETER(const std::string& bytes) { 6157 TPM2B_ECC_PARAMETER tpm2b; 6158 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 6159 memset(&tpm2b, 0, sizeof(TPM2B_ECC_PARAMETER)); 6160 tpm2b.size = bytes.size(); 6161 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 6162 return tpm2b; 6163 } 6164 6165 std::string StringFrom_TPM2B_ECC_PARAMETER(const TPM2B_ECC_PARAMETER& tpm2b) { 6166 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 6167 return std::string(char_buffer, tpm2b.size); 6168 } 6169 6170 TPM_RC Serialize_TPMS_ECC_POINT(const TPMS_ECC_POINT& value, 6171 std::string* buffer) { 6172 TPM_RC result = TPM_RC_SUCCESS; 6173 VLOG(3) << __func__; 6174 6175 result = Serialize_TPM2B_ECC_PARAMETER(value.x, buffer); 6176 if (result) { 6177 return result; 6178 } 6179 6180 result = Serialize_TPM2B_ECC_PARAMETER(value.y, buffer); 6181 if (result) { 6182 return result; 6183 } 6184 return result; 6185 } 6186 6187 TPM_RC Parse_TPMS_ECC_POINT(std::string* buffer, 6188 TPMS_ECC_POINT* value, 6189 std::string* value_bytes) { 6190 TPM_RC result = TPM_RC_SUCCESS; 6191 VLOG(3) << __func__; 6192 6193 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->x, value_bytes); 6194 if (result) { 6195 return result; 6196 } 6197 6198 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->y, value_bytes); 6199 if (result) { 6200 return result; 6201 } 6202 return result; 6203 } 6204 6205 TPM_RC Serialize_TPM2B_ECC_POINT(const TPM2B_ECC_POINT& value, 6206 std::string* buffer) { 6207 TPM_RC result = TPM_RC_SUCCESS; 6208 VLOG(3) << __func__; 6209 6210 std::string field_bytes; 6211 result = Serialize_TPMS_ECC_POINT(value.point, &field_bytes); 6212 if (result) { 6213 return result; 6214 } 6215 std::string size_bytes; 6216 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 6217 if (result) { 6218 return result; 6219 } 6220 buffer->append(size_bytes + field_bytes); 6221 return result; 6222 } 6223 6224 TPM_RC Parse_TPM2B_ECC_POINT(std::string* buffer, 6225 TPM2B_ECC_POINT* value, 6226 std::string* value_bytes) { 6227 TPM_RC result = TPM_RC_SUCCESS; 6228 VLOG(3) << __func__; 6229 6230 result = Parse_UINT16(buffer, &value->size, value_bytes); 6231 if (result) { 6232 return result; 6233 } 6234 6235 result = Parse_TPMS_ECC_POINT(buffer, &value->point, value_bytes); 6236 if (result) { 6237 return result; 6238 } 6239 return result; 6240 } 6241 6242 TPM2B_ECC_POINT Make_TPM2B_ECC_POINT(const TPMS_ECC_POINT& inner) { 6243 TPM2B_ECC_POINT tpm2b; 6244 tpm2b.size = sizeof(TPMS_ECC_POINT); 6245 tpm2b.point = inner; 6246 return tpm2b; 6247 } 6248 6249 TPM_RC Serialize_TPMT_ECC_SCHEME(const TPMT_ECC_SCHEME& value, 6250 std::string* buffer) { 6251 TPM_RC result = TPM_RC_SUCCESS; 6252 VLOG(3) << __func__; 6253 6254 result = Serialize_TPMI_ALG_ECC_SCHEME(value.scheme, buffer); 6255 if (result) { 6256 return result; 6257 } 6258 6259 result = Serialize_TPMU_SIG_SCHEME(value.details, value.scheme, buffer); 6260 if (result) { 6261 return result; 6262 } 6263 return result; 6264 } 6265 6266 TPM_RC Parse_TPMT_ECC_SCHEME(std::string* buffer, 6267 TPMT_ECC_SCHEME* value, 6268 std::string* value_bytes) { 6269 TPM_RC result = TPM_RC_SUCCESS; 6270 VLOG(3) << __func__; 6271 6272 result = Parse_TPMI_ALG_ECC_SCHEME(buffer, &value->scheme, value_bytes); 6273 if (result) { 6274 return result; 6275 } 6276 6277 result = Parse_TPMU_SIG_SCHEME(buffer, value->scheme, &value->details, 6278 value_bytes); 6279 if (result) { 6280 return result; 6281 } 6282 return result; 6283 } 6284 6285 TPM_RC Serialize_TPMS_ALGORITHM_DETAIL_ECC( 6286 const TPMS_ALGORITHM_DETAIL_ECC& value, 6287 std::string* buffer) { 6288 TPM_RC result = TPM_RC_SUCCESS; 6289 VLOG(3) << __func__; 6290 6291 result = Serialize_TPM_ECC_CURVE(value.curve_id, buffer); 6292 if (result) { 6293 return result; 6294 } 6295 6296 result = Serialize_UINT16(value.key_size, buffer); 6297 if (result) { 6298 return result; 6299 } 6300 6301 result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer); 6302 if (result) { 6303 return result; 6304 } 6305 6306 result = Serialize_TPMT_ECC_SCHEME(value.sign, buffer); 6307 if (result) { 6308 return result; 6309 } 6310 6311 result = Serialize_TPM2B_ECC_PARAMETER(value.p, buffer); 6312 if (result) { 6313 return result; 6314 } 6315 6316 result = Serialize_TPM2B_ECC_PARAMETER(value.a, buffer); 6317 if (result) { 6318 return result; 6319 } 6320 6321 result = Serialize_TPM2B_ECC_PARAMETER(value.b, buffer); 6322 if (result) { 6323 return result; 6324 } 6325 6326 result = Serialize_TPM2B_ECC_PARAMETER(value.g_x, buffer); 6327 if (result) { 6328 return result; 6329 } 6330 6331 result = Serialize_TPM2B_ECC_PARAMETER(value.g_y, buffer); 6332 if (result) { 6333 return result; 6334 } 6335 6336 result = Serialize_TPM2B_ECC_PARAMETER(value.n, buffer); 6337 if (result) { 6338 return result; 6339 } 6340 6341 result = Serialize_TPM2B_ECC_PARAMETER(value.h, buffer); 6342 if (result) { 6343 return result; 6344 } 6345 return result; 6346 } 6347 6348 TPM_RC Parse_TPMS_ALGORITHM_DETAIL_ECC(std::string* buffer, 6349 TPMS_ALGORITHM_DETAIL_ECC* value, 6350 std::string* value_bytes) { 6351 TPM_RC result = TPM_RC_SUCCESS; 6352 VLOG(3) << __func__; 6353 6354 result = Parse_TPM_ECC_CURVE(buffer, &value->curve_id, value_bytes); 6355 if (result) { 6356 return result; 6357 } 6358 6359 result = Parse_UINT16(buffer, &value->key_size, value_bytes); 6360 if (result) { 6361 return result; 6362 } 6363 6364 result = Parse_TPMT_KDF_SCHEME(buffer, &value->kdf, value_bytes); 6365 if (result) { 6366 return result; 6367 } 6368 6369 result = Parse_TPMT_ECC_SCHEME(buffer, &value->sign, value_bytes); 6370 if (result) { 6371 return result; 6372 } 6373 6374 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->p, value_bytes); 6375 if (result) { 6376 return result; 6377 } 6378 6379 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->a, value_bytes); 6380 if (result) { 6381 return result; 6382 } 6383 6384 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->b, value_bytes); 6385 if (result) { 6386 return result; 6387 } 6388 6389 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->g_x, value_bytes); 6390 if (result) { 6391 return result; 6392 } 6393 6394 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->g_y, value_bytes); 6395 if (result) { 6396 return result; 6397 } 6398 6399 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->n, value_bytes); 6400 if (result) { 6401 return result; 6402 } 6403 6404 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->h, value_bytes); 6405 if (result) { 6406 return result; 6407 } 6408 return result; 6409 } 6410 6411 TPM_RC Serialize_TPMS_SIGNATURE_RSASSA(const TPMS_SIGNATURE_RSASSA& value, 6412 std::string* buffer) { 6413 TPM_RC result = TPM_RC_SUCCESS; 6414 VLOG(3) << __func__; 6415 6416 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 6417 if (result) { 6418 return result; 6419 } 6420 6421 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer); 6422 if (result) { 6423 return result; 6424 } 6425 return result; 6426 } 6427 6428 TPM_RC Parse_TPMS_SIGNATURE_RSASSA(std::string* buffer, 6429 TPMS_SIGNATURE_RSASSA* value, 6430 std::string* value_bytes) { 6431 TPM_RC result = TPM_RC_SUCCESS; 6432 VLOG(3) << __func__; 6433 6434 result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes); 6435 if (result) { 6436 return result; 6437 } 6438 6439 result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->sig, value_bytes); 6440 if (result) { 6441 return result; 6442 } 6443 return result; 6444 } 6445 6446 TPM_RC Serialize_TPMS_SIGNATURE_RSAPSS(const TPMS_SIGNATURE_RSAPSS& value, 6447 std::string* buffer) { 6448 TPM_RC result = TPM_RC_SUCCESS; 6449 VLOG(3) << __func__; 6450 6451 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 6452 if (result) { 6453 return result; 6454 } 6455 6456 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer); 6457 if (result) { 6458 return result; 6459 } 6460 return result; 6461 } 6462 6463 TPM_RC Parse_TPMS_SIGNATURE_RSAPSS(std::string* buffer, 6464 TPMS_SIGNATURE_RSAPSS* value, 6465 std::string* value_bytes) { 6466 TPM_RC result = TPM_RC_SUCCESS; 6467 VLOG(3) << __func__; 6468 6469 result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes); 6470 if (result) { 6471 return result; 6472 } 6473 6474 result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->sig, value_bytes); 6475 if (result) { 6476 return result; 6477 } 6478 return result; 6479 } 6480 6481 TPM_RC Serialize_TPMS_SIGNATURE_ECDSA(const TPMS_SIGNATURE_ECDSA& value, 6482 std::string* buffer) { 6483 TPM_RC result = TPM_RC_SUCCESS; 6484 VLOG(3) << __func__; 6485 6486 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 6487 if (result) { 6488 return result; 6489 } 6490 6491 result = Serialize_TPM2B_ECC_PARAMETER(value.signature_r, buffer); 6492 if (result) { 6493 return result; 6494 } 6495 6496 result = Serialize_TPM2B_ECC_PARAMETER(value.signature_s, buffer); 6497 if (result) { 6498 return result; 6499 } 6500 return result; 6501 } 6502 6503 TPM_RC Parse_TPMS_SIGNATURE_ECDSA(std::string* buffer, 6504 TPMS_SIGNATURE_ECDSA* value, 6505 std::string* value_bytes) { 6506 TPM_RC result = TPM_RC_SUCCESS; 6507 VLOG(3) << __func__; 6508 6509 result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes); 6510 if (result) { 6511 return result; 6512 } 6513 6514 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->signature_r, value_bytes); 6515 if (result) { 6516 return result; 6517 } 6518 6519 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->signature_s, value_bytes); 6520 if (result) { 6521 return result; 6522 } 6523 return result; 6524 } 6525 6526 TPM_RC Serialize_TPMU_SIGNATURE(const TPMU_SIGNATURE& value, 6527 TPMI_ALG_SIG_SCHEME selector, 6528 std::string* buffer) { 6529 TPM_RC result = TPM_RC_SUCCESS; 6530 VLOG(3) << __func__; 6531 6532 if (selector == TPM_ALG_HMAC) { 6533 result = Serialize_TPMT_HA(value.hmac, buffer); 6534 if (result) { 6535 return result; 6536 } 6537 } 6538 6539 if (selector == TPM_ALG_ECSCHNORR) { 6540 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecschnorr, buffer); 6541 if (result) { 6542 return result; 6543 } 6544 } 6545 6546 if (selector == TPM_ALG_RSAPSS) { 6547 result = Serialize_TPMS_SIGNATURE_RSAPSS(value.rsapss, buffer); 6548 if (result) { 6549 return result; 6550 } 6551 } 6552 6553 if (selector == TPM_ALG_ECDAA) { 6554 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdaa, buffer); 6555 if (result) { 6556 return result; 6557 } 6558 } 6559 6560 if (selector == TPM_ALG_RSASSA) { 6561 result = Serialize_TPMS_SIGNATURE_RSASSA(value.rsassa, buffer); 6562 if (result) { 6563 return result; 6564 } 6565 } 6566 6567 if (selector == TPM_ALG_SM2) { 6568 result = Serialize_TPMS_SIGNATURE_ECDSA(value.sm2, buffer); 6569 if (result) { 6570 return result; 6571 } 6572 } 6573 6574 if (selector == TPM_ALG_ECDSA) { 6575 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdsa, buffer); 6576 if (result) { 6577 return result; 6578 } 6579 } 6580 6581 if (selector == TPM_ALG_NULL) { 6582 // Do nothing. 6583 } 6584 return result; 6585 } 6586 6587 TPM_RC Parse_TPMU_SIGNATURE(std::string* buffer, 6588 TPMI_ALG_SIG_SCHEME selector, 6589 TPMU_SIGNATURE* value, 6590 std::string* value_bytes) { 6591 TPM_RC result = TPM_RC_SUCCESS; 6592 VLOG(3) << __func__; 6593 6594 if (selector == TPM_ALG_HMAC) { 6595 result = Parse_TPMT_HA(buffer, &value->hmac, value_bytes); 6596 if (result) { 6597 return result; 6598 } 6599 } 6600 6601 if (selector == TPM_ALG_ECSCHNORR) { 6602 result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecschnorr, value_bytes); 6603 if (result) { 6604 return result; 6605 } 6606 } 6607 6608 if (selector == TPM_ALG_RSAPSS) { 6609 result = Parse_TPMS_SIGNATURE_RSAPSS(buffer, &value->rsapss, value_bytes); 6610 if (result) { 6611 return result; 6612 } 6613 } 6614 6615 if (selector == TPM_ALG_ECDAA) { 6616 result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecdaa, value_bytes); 6617 if (result) { 6618 return result; 6619 } 6620 } 6621 6622 if (selector == TPM_ALG_RSASSA) { 6623 result = Parse_TPMS_SIGNATURE_RSASSA(buffer, &value->rsassa, value_bytes); 6624 if (result) { 6625 return result; 6626 } 6627 } 6628 6629 if (selector == TPM_ALG_SM2) { 6630 result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->sm2, value_bytes); 6631 if (result) { 6632 return result; 6633 } 6634 } 6635 6636 if (selector == TPM_ALG_ECDSA) { 6637 result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecdsa, value_bytes); 6638 if (result) { 6639 return result; 6640 } 6641 } 6642 6643 if (selector == TPM_ALG_NULL) { 6644 // Do nothing. 6645 } 6646 return result; 6647 } 6648 6649 TPM_RC Serialize_TPMT_SIGNATURE(const TPMT_SIGNATURE& value, 6650 std::string* buffer) { 6651 TPM_RC result = TPM_RC_SUCCESS; 6652 VLOG(3) << __func__; 6653 6654 result = Serialize_TPMI_ALG_SIG_SCHEME(value.sig_alg, buffer); 6655 if (result) { 6656 return result; 6657 } 6658 6659 result = Serialize_TPMU_SIGNATURE(value.signature, value.sig_alg, buffer); 6660 if (result) { 6661 return result; 6662 } 6663 return result; 6664 } 6665 6666 TPM_RC Parse_TPMT_SIGNATURE(std::string* buffer, 6667 TPMT_SIGNATURE* value, 6668 std::string* value_bytes) { 6669 TPM_RC result = TPM_RC_SUCCESS; 6670 VLOG(3) << __func__; 6671 6672 result = Parse_TPMI_ALG_SIG_SCHEME(buffer, &value->sig_alg, value_bytes); 6673 if (result) { 6674 return result; 6675 } 6676 6677 result = Parse_TPMU_SIGNATURE(buffer, value->sig_alg, &value->signature, 6678 value_bytes); 6679 if (result) { 6680 return result; 6681 } 6682 return result; 6683 } 6684 6685 TPM_RC Serialize_TPM2B_ENCRYPTED_SECRET(const TPM2B_ENCRYPTED_SECRET& value, 6686 std::string* buffer) { 6687 TPM_RC result = TPM_RC_SUCCESS; 6688 VLOG(3) << __func__; 6689 6690 result = Serialize_UINT16(value.size, buffer); 6691 if (result) { 6692 return result; 6693 } 6694 6695 if (arraysize(value.secret) < value.size) { 6696 return TPM_RC_INSUFFICIENT; 6697 } 6698 for (uint32_t i = 0; i < value.size; ++i) { 6699 result = Serialize_BYTE(value.secret[i], buffer); 6700 if (result) { 6701 return result; 6702 } 6703 } 6704 return result; 6705 } 6706 6707 TPM_RC Parse_TPM2B_ENCRYPTED_SECRET(std::string* buffer, 6708 TPM2B_ENCRYPTED_SECRET* value, 6709 std::string* value_bytes) { 6710 TPM_RC result = TPM_RC_SUCCESS; 6711 VLOG(3) << __func__; 6712 6713 result = Parse_UINT16(buffer, &value->size, value_bytes); 6714 if (result) { 6715 return result; 6716 } 6717 6718 if (arraysize(value->secret) < value->size) { 6719 return TPM_RC_INSUFFICIENT; 6720 } 6721 for (uint32_t i = 0; i < value->size; ++i) { 6722 result = Parse_BYTE(buffer, &value->secret[i], value_bytes); 6723 if (result) { 6724 return result; 6725 } 6726 } 6727 return result; 6728 } 6729 6730 TPM2B_ENCRYPTED_SECRET Make_TPM2B_ENCRYPTED_SECRET(const std::string& bytes) { 6731 TPM2B_ENCRYPTED_SECRET tpm2b; 6732 CHECK(bytes.size() <= sizeof(tpm2b.secret)); 6733 memset(&tpm2b, 0, sizeof(TPM2B_ENCRYPTED_SECRET)); 6734 tpm2b.size = bytes.size(); 6735 memcpy(tpm2b.secret, bytes.data(), bytes.size()); 6736 return tpm2b; 6737 } 6738 6739 std::string StringFrom_TPM2B_ENCRYPTED_SECRET( 6740 const TPM2B_ENCRYPTED_SECRET& tpm2b) { 6741 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.secret); 6742 return std::string(char_buffer, tpm2b.size); 6743 } 6744 6745 TPM_RC Serialize_TPMS_KEYEDHASH_PARMS(const TPMS_KEYEDHASH_PARMS& value, 6746 std::string* buffer) { 6747 TPM_RC result = TPM_RC_SUCCESS; 6748 VLOG(3) << __func__; 6749 6750 result = Serialize_TPMT_KEYEDHASH_SCHEME(value.scheme, buffer); 6751 if (result) { 6752 return result; 6753 } 6754 return result; 6755 } 6756 6757 TPM_RC Parse_TPMS_KEYEDHASH_PARMS(std::string* buffer, 6758 TPMS_KEYEDHASH_PARMS* value, 6759 std::string* value_bytes) { 6760 TPM_RC result = TPM_RC_SUCCESS; 6761 VLOG(3) << __func__; 6762 6763 result = Parse_TPMT_KEYEDHASH_SCHEME(buffer, &value->scheme, value_bytes); 6764 if (result) { 6765 return result; 6766 } 6767 return result; 6768 } 6769 6770 TPM_RC Serialize_TPMS_ASYM_PARMS(const TPMS_ASYM_PARMS& value, 6771 std::string* buffer) { 6772 TPM_RC result = TPM_RC_SUCCESS; 6773 VLOG(3) << __func__; 6774 6775 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 6776 if (result) { 6777 return result; 6778 } 6779 6780 result = Serialize_TPMT_ASYM_SCHEME(value.scheme, buffer); 6781 if (result) { 6782 return result; 6783 } 6784 return result; 6785 } 6786 6787 TPM_RC Parse_TPMS_ASYM_PARMS(std::string* buffer, 6788 TPMS_ASYM_PARMS* value, 6789 std::string* value_bytes) { 6790 TPM_RC result = TPM_RC_SUCCESS; 6791 VLOG(3) << __func__; 6792 6793 result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes); 6794 if (result) { 6795 return result; 6796 } 6797 6798 result = Parse_TPMT_ASYM_SCHEME(buffer, &value->scheme, value_bytes); 6799 if (result) { 6800 return result; 6801 } 6802 return result; 6803 } 6804 6805 TPM_RC Serialize_TPMS_RSA_PARMS(const TPMS_RSA_PARMS& value, 6806 std::string* buffer) { 6807 TPM_RC result = TPM_RC_SUCCESS; 6808 VLOG(3) << __func__; 6809 6810 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 6811 if (result) { 6812 return result; 6813 } 6814 6815 result = Serialize_TPMT_RSA_SCHEME(value.scheme, buffer); 6816 if (result) { 6817 return result; 6818 } 6819 6820 result = Serialize_TPMI_RSA_KEY_BITS(value.key_bits, buffer); 6821 if (result) { 6822 return result; 6823 } 6824 6825 result = Serialize_UINT32(value.exponent, buffer); 6826 if (result) { 6827 return result; 6828 } 6829 return result; 6830 } 6831 6832 TPM_RC Parse_TPMS_RSA_PARMS(std::string* buffer, 6833 TPMS_RSA_PARMS* value, 6834 std::string* value_bytes) { 6835 TPM_RC result = TPM_RC_SUCCESS; 6836 VLOG(3) << __func__; 6837 6838 result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes); 6839 if (result) { 6840 return result; 6841 } 6842 6843 result = Parse_TPMT_RSA_SCHEME(buffer, &value->scheme, value_bytes); 6844 if (result) { 6845 return result; 6846 } 6847 6848 result = Parse_TPMI_RSA_KEY_BITS(buffer, &value->key_bits, value_bytes); 6849 if (result) { 6850 return result; 6851 } 6852 6853 result = Parse_UINT32(buffer, &value->exponent, value_bytes); 6854 if (result) { 6855 return result; 6856 } 6857 return result; 6858 } 6859 6860 TPM_RC Serialize_TPMS_ECC_PARMS(const TPMS_ECC_PARMS& value, 6861 std::string* buffer) { 6862 TPM_RC result = TPM_RC_SUCCESS; 6863 VLOG(3) << __func__; 6864 6865 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 6866 if (result) { 6867 return result; 6868 } 6869 6870 result = Serialize_TPMT_ECC_SCHEME(value.scheme, buffer); 6871 if (result) { 6872 return result; 6873 } 6874 6875 result = Serialize_TPMI_ECC_CURVE(value.curve_id, buffer); 6876 if (result) { 6877 return result; 6878 } 6879 6880 result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer); 6881 if (result) { 6882 return result; 6883 } 6884 return result; 6885 } 6886 6887 TPM_RC Parse_TPMS_ECC_PARMS(std::string* buffer, 6888 TPMS_ECC_PARMS* value, 6889 std::string* value_bytes) { 6890 TPM_RC result = TPM_RC_SUCCESS; 6891 VLOG(3) << __func__; 6892 6893 result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes); 6894 if (result) { 6895 return result; 6896 } 6897 6898 result = Parse_TPMT_ECC_SCHEME(buffer, &value->scheme, value_bytes); 6899 if (result) { 6900 return result; 6901 } 6902 6903 result = Parse_TPMI_ECC_CURVE(buffer, &value->curve_id, value_bytes); 6904 if (result) { 6905 return result; 6906 } 6907 6908 result = Parse_TPMT_KDF_SCHEME(buffer, &value->kdf, value_bytes); 6909 if (result) { 6910 return result; 6911 } 6912 return result; 6913 } 6914 6915 TPM_RC Serialize_TPMU_PUBLIC_PARMS(const TPMU_PUBLIC_PARMS& value, 6916 TPMI_ALG_PUBLIC selector, 6917 std::string* buffer) { 6918 TPM_RC result = TPM_RC_SUCCESS; 6919 VLOG(3) << __func__; 6920 6921 if (selector == TPM_ALG_KEYEDHASH) { 6922 result = Serialize_TPMS_KEYEDHASH_PARMS(value.keyed_hash_detail, buffer); 6923 if (result) { 6924 return result; 6925 } 6926 } 6927 6928 if (selector == TPM_ALG_RSA) { 6929 result = Serialize_TPMS_RSA_PARMS(value.rsa_detail, buffer); 6930 if (result) { 6931 return result; 6932 } 6933 } 6934 6935 if (selector == TPM_ALG_SYMCIPHER) { 6936 result = Serialize_TPMS_SYMCIPHER_PARMS(value.sym_detail, buffer); 6937 if (result) { 6938 return result; 6939 } 6940 } 6941 6942 if (selector == TPM_ALG_ECC) { 6943 result = Serialize_TPMS_ECC_PARMS(value.ecc_detail, buffer); 6944 if (result) { 6945 return result; 6946 } 6947 } 6948 return result; 6949 } 6950 6951 TPM_RC Parse_TPMU_PUBLIC_PARMS(std::string* buffer, 6952 TPMI_ALG_PUBLIC selector, 6953 TPMU_PUBLIC_PARMS* value, 6954 std::string* value_bytes) { 6955 TPM_RC result = TPM_RC_SUCCESS; 6956 VLOG(3) << __func__; 6957 6958 if (selector == TPM_ALG_KEYEDHASH) { 6959 result = Parse_TPMS_KEYEDHASH_PARMS(buffer, &value->keyed_hash_detail, 6960 value_bytes); 6961 if (result) { 6962 return result; 6963 } 6964 } 6965 6966 if (selector == TPM_ALG_RSA) { 6967 result = Parse_TPMS_RSA_PARMS(buffer, &value->rsa_detail, value_bytes); 6968 if (result) { 6969 return result; 6970 } 6971 } 6972 6973 if (selector == TPM_ALG_SYMCIPHER) { 6974 result = 6975 Parse_TPMS_SYMCIPHER_PARMS(buffer, &value->sym_detail, value_bytes); 6976 if (result) { 6977 return result; 6978 } 6979 } 6980 6981 if (selector == TPM_ALG_ECC) { 6982 result = Parse_TPMS_ECC_PARMS(buffer, &value->ecc_detail, value_bytes); 6983 if (result) { 6984 return result; 6985 } 6986 } 6987 return result; 6988 } 6989 6990 TPM_RC Serialize_TPMT_PUBLIC_PARMS(const TPMT_PUBLIC_PARMS& value, 6991 std::string* buffer) { 6992 TPM_RC result = TPM_RC_SUCCESS; 6993 VLOG(3) << __func__; 6994 6995 result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer); 6996 if (result) { 6997 return result; 6998 } 6999 7000 result = Serialize_TPMU_PUBLIC_PARMS(value.parameters, value.type, buffer); 7001 if (result) { 7002 return result; 7003 } 7004 return result; 7005 } 7006 7007 TPM_RC Parse_TPMT_PUBLIC_PARMS(std::string* buffer, 7008 TPMT_PUBLIC_PARMS* value, 7009 std::string* value_bytes) { 7010 TPM_RC result = TPM_RC_SUCCESS; 7011 VLOG(3) << __func__; 7012 7013 result = Parse_TPMI_ALG_PUBLIC(buffer, &value->type, value_bytes); 7014 if (result) { 7015 return result; 7016 } 7017 7018 result = Parse_TPMU_PUBLIC_PARMS(buffer, value->type, &value->parameters, 7019 value_bytes); 7020 if (result) { 7021 return result; 7022 } 7023 return result; 7024 } 7025 7026 TPM_RC Serialize_TPMU_PUBLIC_ID(const TPMU_PUBLIC_ID& value, 7027 TPMI_ALG_PUBLIC selector, 7028 std::string* buffer) { 7029 TPM_RC result = TPM_RC_SUCCESS; 7030 VLOG(3) << __func__; 7031 7032 if (selector == TPM_ALG_KEYEDHASH) { 7033 result = Serialize_TPM2B_DIGEST(value.keyed_hash, buffer); 7034 if (result) { 7035 return result; 7036 } 7037 } 7038 7039 if (selector == TPM_ALG_RSA) { 7040 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.rsa, buffer); 7041 if (result) { 7042 return result; 7043 } 7044 } 7045 7046 if (selector == TPM_ALG_SYMCIPHER) { 7047 result = Serialize_TPM2B_DIGEST(value.sym, buffer); 7048 if (result) { 7049 return result; 7050 } 7051 } 7052 7053 if (selector == TPM_ALG_ECC) { 7054 result = Serialize_TPMS_ECC_POINT(value.ecc, buffer); 7055 if (result) { 7056 return result; 7057 } 7058 } 7059 return result; 7060 } 7061 7062 TPM_RC Parse_TPMU_PUBLIC_ID(std::string* buffer, 7063 TPMI_ALG_PUBLIC selector, 7064 TPMU_PUBLIC_ID* value, 7065 std::string* value_bytes) { 7066 TPM_RC result = TPM_RC_SUCCESS; 7067 VLOG(3) << __func__; 7068 7069 if (selector == TPM_ALG_KEYEDHASH) { 7070 result = Parse_TPM2B_DIGEST(buffer, &value->keyed_hash, value_bytes); 7071 if (result) { 7072 return result; 7073 } 7074 } 7075 7076 if (selector == TPM_ALG_RSA) { 7077 result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->rsa, value_bytes); 7078 if (result) { 7079 return result; 7080 } 7081 } 7082 7083 if (selector == TPM_ALG_SYMCIPHER) { 7084 result = Parse_TPM2B_DIGEST(buffer, &value->sym, value_bytes); 7085 if (result) { 7086 return result; 7087 } 7088 } 7089 7090 if (selector == TPM_ALG_ECC) { 7091 result = Parse_TPMS_ECC_POINT(buffer, &value->ecc, value_bytes); 7092 if (result) { 7093 return result; 7094 } 7095 } 7096 return result; 7097 } 7098 7099 TPM_RC Serialize_TPMT_PUBLIC(const TPMT_PUBLIC& value, std::string* buffer) { 7100 TPM_RC result = TPM_RC_SUCCESS; 7101 VLOG(3) << __func__; 7102 7103 result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer); 7104 if (result) { 7105 return result; 7106 } 7107 7108 result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer); 7109 if (result) { 7110 return result; 7111 } 7112 7113 result = Serialize_TPMA_OBJECT(value.object_attributes, buffer); 7114 if (result) { 7115 return result; 7116 } 7117 7118 result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer); 7119 if (result) { 7120 return result; 7121 } 7122 7123 result = Serialize_TPMU_PUBLIC_PARMS(value.parameters, value.type, buffer); 7124 if (result) { 7125 return result; 7126 } 7127 7128 result = Serialize_TPMU_PUBLIC_ID(value.unique, value.type, buffer); 7129 if (result) { 7130 return result; 7131 } 7132 return result; 7133 } 7134 7135 TPM_RC Parse_TPMT_PUBLIC(std::string* buffer, 7136 TPMT_PUBLIC* value, 7137 std::string* value_bytes) { 7138 TPM_RC result = TPM_RC_SUCCESS; 7139 VLOG(3) << __func__; 7140 7141 result = Parse_TPMI_ALG_PUBLIC(buffer, &value->type, value_bytes); 7142 if (result) { 7143 return result; 7144 } 7145 7146 result = Parse_TPMI_ALG_HASH(buffer, &value->name_alg, value_bytes); 7147 if (result) { 7148 return result; 7149 } 7150 7151 result = Parse_TPMA_OBJECT(buffer, &value->object_attributes, value_bytes); 7152 if (result) { 7153 return result; 7154 } 7155 7156 result = Parse_TPM2B_DIGEST(buffer, &value->auth_policy, value_bytes); 7157 if (result) { 7158 return result; 7159 } 7160 7161 result = Parse_TPMU_PUBLIC_PARMS(buffer, value->type, &value->parameters, 7162 value_bytes); 7163 if (result) { 7164 return result; 7165 } 7166 7167 result = 7168 Parse_TPMU_PUBLIC_ID(buffer, value->type, &value->unique, value_bytes); 7169 if (result) { 7170 return result; 7171 } 7172 return result; 7173 } 7174 7175 TPM_RC Serialize_TPM2B_PUBLIC(const TPM2B_PUBLIC& value, std::string* buffer) { 7176 TPM_RC result = TPM_RC_SUCCESS; 7177 VLOG(3) << __func__; 7178 7179 std::string field_bytes; 7180 result = Serialize_TPMT_PUBLIC(value.public_area, &field_bytes); 7181 if (result) { 7182 return result; 7183 } 7184 std::string size_bytes; 7185 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 7186 if (result) { 7187 return result; 7188 } 7189 buffer->append(size_bytes + field_bytes); 7190 return result; 7191 } 7192 7193 TPM_RC Parse_TPM2B_PUBLIC(std::string* buffer, 7194 TPM2B_PUBLIC* value, 7195 std::string* value_bytes) { 7196 TPM_RC result = TPM_RC_SUCCESS; 7197 VLOG(3) << __func__; 7198 7199 result = Parse_UINT16(buffer, &value->size, value_bytes); 7200 if (result) { 7201 return result; 7202 } 7203 7204 result = Parse_TPMT_PUBLIC(buffer, &value->public_area, value_bytes); 7205 if (result) { 7206 return result; 7207 } 7208 return result; 7209 } 7210 7211 TPM2B_PUBLIC Make_TPM2B_PUBLIC(const TPMT_PUBLIC& inner) { 7212 TPM2B_PUBLIC tpm2b; 7213 tpm2b.size = sizeof(TPMT_PUBLIC); 7214 tpm2b.public_area = inner; 7215 return tpm2b; 7216 } 7217 7218 TPM_RC Serialize_TPM2B_PRIVATE_VENDOR_SPECIFIC( 7219 const TPM2B_PRIVATE_VENDOR_SPECIFIC& value, 7220 std::string* buffer) { 7221 TPM_RC result = TPM_RC_SUCCESS; 7222 VLOG(3) << __func__; 7223 7224 result = Serialize_UINT16(value.size, buffer); 7225 if (result) { 7226 return result; 7227 } 7228 7229 if (arraysize(value.buffer) < value.size) { 7230 return TPM_RC_INSUFFICIENT; 7231 } 7232 for (uint32_t i = 0; i < value.size; ++i) { 7233 result = Serialize_BYTE(value.buffer[i], buffer); 7234 if (result) { 7235 return result; 7236 } 7237 } 7238 return result; 7239 } 7240 7241 TPM_RC Parse_TPM2B_PRIVATE_VENDOR_SPECIFIC(std::string* buffer, 7242 TPM2B_PRIVATE_VENDOR_SPECIFIC* value, 7243 std::string* value_bytes) { 7244 TPM_RC result = TPM_RC_SUCCESS; 7245 VLOG(3) << __func__; 7246 7247 result = Parse_UINT16(buffer, &value->size, value_bytes); 7248 if (result) { 7249 return result; 7250 } 7251 7252 if (arraysize(value->buffer) < value->size) { 7253 return TPM_RC_INSUFFICIENT; 7254 } 7255 for (uint32_t i = 0; i < value->size; ++i) { 7256 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 7257 if (result) { 7258 return result; 7259 } 7260 } 7261 return result; 7262 } 7263 7264 TPM2B_PRIVATE_VENDOR_SPECIFIC Make_TPM2B_PRIVATE_VENDOR_SPECIFIC( 7265 const std::string& bytes) { 7266 TPM2B_PRIVATE_VENDOR_SPECIFIC tpm2b; 7267 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 7268 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_VENDOR_SPECIFIC)); 7269 tpm2b.size = bytes.size(); 7270 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 7271 return tpm2b; 7272 } 7273 7274 std::string StringFrom_TPM2B_PRIVATE_VENDOR_SPECIFIC( 7275 const TPM2B_PRIVATE_VENDOR_SPECIFIC& tpm2b) { 7276 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 7277 return std::string(char_buffer, tpm2b.size); 7278 } 7279 7280 TPM_RC Serialize_TPMU_SENSITIVE_COMPOSITE(const TPMU_SENSITIVE_COMPOSITE& value, 7281 TPMI_ALG_PUBLIC selector, 7282 std::string* buffer) { 7283 TPM_RC result = TPM_RC_SUCCESS; 7284 VLOG(3) << __func__; 7285 7286 if (selector == TPM_ALG_KEYEDHASH) { 7287 result = Serialize_TPM2B_SENSITIVE_DATA(value.bits, buffer); 7288 if (result) { 7289 return result; 7290 } 7291 } 7292 7293 if (selector == TPM_ALG_RSA) { 7294 result = Serialize_TPM2B_PRIVATE_KEY_RSA(value.rsa, buffer); 7295 if (result) { 7296 return result; 7297 } 7298 } 7299 7300 if (selector == TPM_ALG_SYMCIPHER) { 7301 result = Serialize_TPM2B_SYM_KEY(value.sym, buffer); 7302 if (result) { 7303 return result; 7304 } 7305 } 7306 7307 if (selector == TPM_ALG_ECC) { 7308 result = Serialize_TPM2B_ECC_PARAMETER(value.ecc, buffer); 7309 if (result) { 7310 return result; 7311 } 7312 } 7313 return result; 7314 } 7315 7316 TPM_RC Parse_TPMU_SENSITIVE_COMPOSITE(std::string* buffer, 7317 TPMI_ALG_PUBLIC selector, 7318 TPMU_SENSITIVE_COMPOSITE* value, 7319 std::string* value_bytes) { 7320 TPM_RC result = TPM_RC_SUCCESS; 7321 VLOG(3) << __func__; 7322 7323 if (selector == TPM_ALG_KEYEDHASH) { 7324 result = Parse_TPM2B_SENSITIVE_DATA(buffer, &value->bits, value_bytes); 7325 if (result) { 7326 return result; 7327 } 7328 } 7329 7330 if (selector == TPM_ALG_RSA) { 7331 result = Parse_TPM2B_PRIVATE_KEY_RSA(buffer, &value->rsa, value_bytes); 7332 if (result) { 7333 return result; 7334 } 7335 } 7336 7337 if (selector == TPM_ALG_SYMCIPHER) { 7338 result = Parse_TPM2B_SYM_KEY(buffer, &value->sym, value_bytes); 7339 if (result) { 7340 return result; 7341 } 7342 } 7343 7344 if (selector == TPM_ALG_ECC) { 7345 result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->ecc, value_bytes); 7346 if (result) { 7347 return result; 7348 } 7349 } 7350 return result; 7351 } 7352 7353 TPM_RC Serialize_TPMT_SENSITIVE(const TPMT_SENSITIVE& value, 7354 std::string* buffer) { 7355 TPM_RC result = TPM_RC_SUCCESS; 7356 VLOG(3) << __func__; 7357 7358 result = Serialize_TPMI_ALG_PUBLIC(value.sensitive_type, buffer); 7359 if (result) { 7360 return result; 7361 } 7362 7363 result = Serialize_TPM2B_AUTH(value.auth_value, buffer); 7364 if (result) { 7365 return result; 7366 } 7367 7368 result = Serialize_TPM2B_DIGEST(value.seed_value, buffer); 7369 if (result) { 7370 return result; 7371 } 7372 7373 result = Serialize_TPMU_SENSITIVE_COMPOSITE(value.sensitive, 7374 value.sensitive_type, buffer); 7375 if (result) { 7376 return result; 7377 } 7378 return result; 7379 } 7380 7381 TPM_RC Parse_TPMT_SENSITIVE(std::string* buffer, 7382 TPMT_SENSITIVE* value, 7383 std::string* value_bytes) { 7384 TPM_RC result = TPM_RC_SUCCESS; 7385 VLOG(3) << __func__; 7386 7387 result = Parse_TPMI_ALG_PUBLIC(buffer, &value->sensitive_type, value_bytes); 7388 if (result) { 7389 return result; 7390 } 7391 7392 result = Parse_TPM2B_AUTH(buffer, &value->auth_value, value_bytes); 7393 if (result) { 7394 return result; 7395 } 7396 7397 result = Parse_TPM2B_DIGEST(buffer, &value->seed_value, value_bytes); 7398 if (result) { 7399 return result; 7400 } 7401 7402 result = Parse_TPMU_SENSITIVE_COMPOSITE(buffer, value->sensitive_type, 7403 &value->sensitive, value_bytes); 7404 if (result) { 7405 return result; 7406 } 7407 return result; 7408 } 7409 7410 TPM_RC Serialize_TPM2B_SENSITIVE(const TPM2B_SENSITIVE& value, 7411 std::string* buffer) { 7412 TPM_RC result = TPM_RC_SUCCESS; 7413 VLOG(3) << __func__; 7414 7415 std::string field_bytes; 7416 result = Serialize_TPMT_SENSITIVE(value.sensitive_area, &field_bytes); 7417 if (result) { 7418 return result; 7419 } 7420 std::string size_bytes; 7421 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 7422 if (result) { 7423 return result; 7424 } 7425 buffer->append(size_bytes + field_bytes); 7426 return result; 7427 } 7428 7429 TPM_RC Parse_TPM2B_SENSITIVE(std::string* buffer, 7430 TPM2B_SENSITIVE* value, 7431 std::string* value_bytes) { 7432 TPM_RC result = TPM_RC_SUCCESS; 7433 VLOG(3) << __func__; 7434 7435 result = Parse_UINT16(buffer, &value->size, value_bytes); 7436 if (result) { 7437 return result; 7438 } 7439 7440 result = Parse_TPMT_SENSITIVE(buffer, &value->sensitive_area, value_bytes); 7441 if (result) { 7442 return result; 7443 } 7444 return result; 7445 } 7446 7447 TPM2B_SENSITIVE Make_TPM2B_SENSITIVE(const TPMT_SENSITIVE& inner) { 7448 TPM2B_SENSITIVE tpm2b; 7449 tpm2b.size = sizeof(TPMT_SENSITIVE); 7450 tpm2b.sensitive_area = inner; 7451 return tpm2b; 7452 } 7453 7454 TPM_RC Serialize__PRIVATE(const _PRIVATE& value, std::string* buffer) { 7455 TPM_RC result = TPM_RC_SUCCESS; 7456 VLOG(3) << __func__; 7457 7458 result = Serialize_TPM2B_DIGEST(value.integrity_outer, buffer); 7459 if (result) { 7460 return result; 7461 } 7462 7463 result = Serialize_TPM2B_DIGEST(value.integrity_inner, buffer); 7464 if (result) { 7465 return result; 7466 } 7467 7468 result = Serialize_TPMT_SENSITIVE(value.sensitive, buffer); 7469 if (result) { 7470 return result; 7471 } 7472 return result; 7473 } 7474 7475 TPM_RC Parse__PRIVATE(std::string* buffer, 7476 _PRIVATE* value, 7477 std::string* value_bytes) { 7478 TPM_RC result = TPM_RC_SUCCESS; 7479 VLOG(3) << __func__; 7480 7481 result = Parse_TPM2B_DIGEST(buffer, &value->integrity_outer, value_bytes); 7482 if (result) { 7483 return result; 7484 } 7485 7486 result = Parse_TPM2B_DIGEST(buffer, &value->integrity_inner, value_bytes); 7487 if (result) { 7488 return result; 7489 } 7490 7491 result = Parse_TPMT_SENSITIVE(buffer, &value->sensitive, value_bytes); 7492 if (result) { 7493 return result; 7494 } 7495 return result; 7496 } 7497 7498 TPM_RC Serialize_TPM2B_PRIVATE(const TPM2B_PRIVATE& value, 7499 std::string* buffer) { 7500 TPM_RC result = TPM_RC_SUCCESS; 7501 VLOG(3) << __func__; 7502 7503 result = Serialize_UINT16(value.size, buffer); 7504 if (result) { 7505 return result; 7506 } 7507 7508 if (arraysize(value.buffer) < value.size) { 7509 return TPM_RC_INSUFFICIENT; 7510 } 7511 for (uint32_t i = 0; i < value.size; ++i) { 7512 result = Serialize_BYTE(value.buffer[i], buffer); 7513 if (result) { 7514 return result; 7515 } 7516 } 7517 return result; 7518 } 7519 7520 TPM_RC Parse_TPM2B_PRIVATE(std::string* buffer, 7521 TPM2B_PRIVATE* value, 7522 std::string* value_bytes) { 7523 TPM_RC result = TPM_RC_SUCCESS; 7524 VLOG(3) << __func__; 7525 7526 result = Parse_UINT16(buffer, &value->size, value_bytes); 7527 if (result) { 7528 return result; 7529 } 7530 7531 if (arraysize(value->buffer) < value->size) { 7532 return TPM_RC_INSUFFICIENT; 7533 } 7534 for (uint32_t i = 0; i < value->size; ++i) { 7535 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 7536 if (result) { 7537 return result; 7538 } 7539 } 7540 return result; 7541 } 7542 7543 TPM2B_PRIVATE Make_TPM2B_PRIVATE(const std::string& bytes) { 7544 TPM2B_PRIVATE tpm2b; 7545 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 7546 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE)); 7547 tpm2b.size = bytes.size(); 7548 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 7549 return tpm2b; 7550 } 7551 7552 std::string StringFrom_TPM2B_PRIVATE(const TPM2B_PRIVATE& tpm2b) { 7553 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 7554 return std::string(char_buffer, tpm2b.size); 7555 } 7556 7557 TPM_RC Serialize__ID_OBJECT(const _ID_OBJECT& value, std::string* buffer) { 7558 TPM_RC result = TPM_RC_SUCCESS; 7559 VLOG(3) << __func__; 7560 7561 result = Serialize_TPM2B_DIGEST(value.integrity_hmac, buffer); 7562 if (result) { 7563 return result; 7564 } 7565 7566 result = Serialize_TPM2B_DIGEST(value.enc_identity, buffer); 7567 if (result) { 7568 return result; 7569 } 7570 return result; 7571 } 7572 7573 TPM_RC Parse__ID_OBJECT(std::string* buffer, 7574 _ID_OBJECT* value, 7575 std::string* value_bytes) { 7576 TPM_RC result = TPM_RC_SUCCESS; 7577 VLOG(3) << __func__; 7578 7579 result = Parse_TPM2B_DIGEST(buffer, &value->integrity_hmac, value_bytes); 7580 if (result) { 7581 return result; 7582 } 7583 7584 result = Parse_TPM2B_DIGEST(buffer, &value->enc_identity, value_bytes); 7585 if (result) { 7586 return result; 7587 } 7588 return result; 7589 } 7590 7591 TPM_RC Serialize_TPM2B_ID_OBJECT(const TPM2B_ID_OBJECT& value, 7592 std::string* buffer) { 7593 TPM_RC result = TPM_RC_SUCCESS; 7594 VLOG(3) << __func__; 7595 7596 result = Serialize_UINT16(value.size, buffer); 7597 if (result) { 7598 return result; 7599 } 7600 7601 if (arraysize(value.credential) < value.size) { 7602 return TPM_RC_INSUFFICIENT; 7603 } 7604 for (uint32_t i = 0; i < value.size; ++i) { 7605 result = Serialize_BYTE(value.credential[i], buffer); 7606 if (result) { 7607 return result; 7608 } 7609 } 7610 return result; 7611 } 7612 7613 TPM_RC Parse_TPM2B_ID_OBJECT(std::string* buffer, 7614 TPM2B_ID_OBJECT* value, 7615 std::string* value_bytes) { 7616 TPM_RC result = TPM_RC_SUCCESS; 7617 VLOG(3) << __func__; 7618 7619 result = Parse_UINT16(buffer, &value->size, value_bytes); 7620 if (result) { 7621 return result; 7622 } 7623 7624 if (arraysize(value->credential) < value->size) { 7625 return TPM_RC_INSUFFICIENT; 7626 } 7627 for (uint32_t i = 0; i < value->size; ++i) { 7628 result = Parse_BYTE(buffer, &value->credential[i], value_bytes); 7629 if (result) { 7630 return result; 7631 } 7632 } 7633 return result; 7634 } 7635 7636 TPM2B_ID_OBJECT Make_TPM2B_ID_OBJECT(const std::string& bytes) { 7637 TPM2B_ID_OBJECT tpm2b; 7638 CHECK(bytes.size() <= sizeof(tpm2b.credential)); 7639 memset(&tpm2b, 0, sizeof(TPM2B_ID_OBJECT)); 7640 tpm2b.size = bytes.size(); 7641 memcpy(tpm2b.credential, bytes.data(), bytes.size()); 7642 return tpm2b; 7643 } 7644 7645 std::string StringFrom_TPM2B_ID_OBJECT(const TPM2B_ID_OBJECT& tpm2b) { 7646 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.credential); 7647 return std::string(char_buffer, tpm2b.size); 7648 } 7649 7650 TPM_RC Serialize_TPMS_NV_PUBLIC(const TPMS_NV_PUBLIC& value, 7651 std::string* buffer) { 7652 TPM_RC result = TPM_RC_SUCCESS; 7653 VLOG(3) << __func__; 7654 7655 result = Serialize_TPMI_RH_NV_INDEX(value.nv_index, buffer); 7656 if (result) { 7657 return result; 7658 } 7659 7660 result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer); 7661 if (result) { 7662 return result; 7663 } 7664 7665 result = Serialize_TPMA_NV(value.attributes, buffer); 7666 if (result) { 7667 return result; 7668 } 7669 7670 result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer); 7671 if (result) { 7672 return result; 7673 } 7674 7675 result = Serialize_UINT16(value.data_size, buffer); 7676 if (result) { 7677 return result; 7678 } 7679 return result; 7680 } 7681 7682 TPM_RC Parse_TPMS_NV_PUBLIC(std::string* buffer, 7683 TPMS_NV_PUBLIC* value, 7684 std::string* value_bytes) { 7685 TPM_RC result = TPM_RC_SUCCESS; 7686 VLOG(3) << __func__; 7687 7688 result = Parse_TPMI_RH_NV_INDEX(buffer, &value->nv_index, value_bytes); 7689 if (result) { 7690 return result; 7691 } 7692 7693 result = Parse_TPMI_ALG_HASH(buffer, &value->name_alg, value_bytes); 7694 if (result) { 7695 return result; 7696 } 7697 7698 result = Parse_TPMA_NV(buffer, &value->attributes, value_bytes); 7699 if (result) { 7700 return result; 7701 } 7702 7703 result = Parse_TPM2B_DIGEST(buffer, &value->auth_policy, value_bytes); 7704 if (result) { 7705 return result; 7706 } 7707 7708 result = Parse_UINT16(buffer, &value->data_size, value_bytes); 7709 if (result) { 7710 return result; 7711 } 7712 return result; 7713 } 7714 7715 TPM_RC Serialize_TPM2B_NV_PUBLIC(const TPM2B_NV_PUBLIC& value, 7716 std::string* buffer) { 7717 TPM_RC result = TPM_RC_SUCCESS; 7718 VLOG(3) << __func__; 7719 7720 std::string field_bytes; 7721 result = Serialize_TPMS_NV_PUBLIC(value.nv_public, &field_bytes); 7722 if (result) { 7723 return result; 7724 } 7725 std::string size_bytes; 7726 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 7727 if (result) { 7728 return result; 7729 } 7730 buffer->append(size_bytes + field_bytes); 7731 return result; 7732 } 7733 7734 TPM_RC Parse_TPM2B_NV_PUBLIC(std::string* buffer, 7735 TPM2B_NV_PUBLIC* value, 7736 std::string* value_bytes) { 7737 TPM_RC result = TPM_RC_SUCCESS; 7738 VLOG(3) << __func__; 7739 7740 result = Parse_UINT16(buffer, &value->size, value_bytes); 7741 if (result) { 7742 return result; 7743 } 7744 7745 result = Parse_TPMS_NV_PUBLIC(buffer, &value->nv_public, value_bytes); 7746 if (result) { 7747 return result; 7748 } 7749 return result; 7750 } 7751 7752 TPM2B_NV_PUBLIC Make_TPM2B_NV_PUBLIC(const TPMS_NV_PUBLIC& inner) { 7753 TPM2B_NV_PUBLIC tpm2b; 7754 tpm2b.size = sizeof(TPMS_NV_PUBLIC); 7755 tpm2b.nv_public = inner; 7756 return tpm2b; 7757 } 7758 7759 TPM_RC Serialize_TPM2B_CONTEXT_SENSITIVE(const TPM2B_CONTEXT_SENSITIVE& value, 7760 std::string* buffer) { 7761 TPM_RC result = TPM_RC_SUCCESS; 7762 VLOG(3) << __func__; 7763 7764 result = Serialize_UINT16(value.size, buffer); 7765 if (result) { 7766 return result; 7767 } 7768 7769 if (arraysize(value.buffer) < value.size) { 7770 return TPM_RC_INSUFFICIENT; 7771 } 7772 for (uint32_t i = 0; i < value.size; ++i) { 7773 result = Serialize_BYTE(value.buffer[i], buffer); 7774 if (result) { 7775 return result; 7776 } 7777 } 7778 return result; 7779 } 7780 7781 TPM_RC Parse_TPM2B_CONTEXT_SENSITIVE(std::string* buffer, 7782 TPM2B_CONTEXT_SENSITIVE* value, 7783 std::string* value_bytes) { 7784 TPM_RC result = TPM_RC_SUCCESS; 7785 VLOG(3) << __func__; 7786 7787 result = Parse_UINT16(buffer, &value->size, value_bytes); 7788 if (result) { 7789 return result; 7790 } 7791 7792 if (arraysize(value->buffer) < value->size) { 7793 return TPM_RC_INSUFFICIENT; 7794 } 7795 for (uint32_t i = 0; i < value->size; ++i) { 7796 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 7797 if (result) { 7798 return result; 7799 } 7800 } 7801 return result; 7802 } 7803 7804 TPM2B_CONTEXT_SENSITIVE Make_TPM2B_CONTEXT_SENSITIVE(const std::string& bytes) { 7805 TPM2B_CONTEXT_SENSITIVE tpm2b; 7806 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 7807 memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_SENSITIVE)); 7808 tpm2b.size = bytes.size(); 7809 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 7810 return tpm2b; 7811 } 7812 7813 std::string StringFrom_TPM2B_CONTEXT_SENSITIVE( 7814 const TPM2B_CONTEXT_SENSITIVE& tpm2b) { 7815 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 7816 return std::string(char_buffer, tpm2b.size); 7817 } 7818 7819 TPM_RC Serialize_TPMS_CONTEXT_DATA(const TPMS_CONTEXT_DATA& value, 7820 std::string* buffer) { 7821 TPM_RC result = TPM_RC_SUCCESS; 7822 VLOG(3) << __func__; 7823 7824 result = Serialize_TPM2B_DIGEST(value.integrity, buffer); 7825 if (result) { 7826 return result; 7827 } 7828 7829 result = Serialize_TPM2B_CONTEXT_SENSITIVE(value.encrypted, buffer); 7830 if (result) { 7831 return result; 7832 } 7833 return result; 7834 } 7835 7836 TPM_RC Parse_TPMS_CONTEXT_DATA(std::string* buffer, 7837 TPMS_CONTEXT_DATA* value, 7838 std::string* value_bytes) { 7839 TPM_RC result = TPM_RC_SUCCESS; 7840 VLOG(3) << __func__; 7841 7842 result = Parse_TPM2B_DIGEST(buffer, &value->integrity, value_bytes); 7843 if (result) { 7844 return result; 7845 } 7846 7847 result = 7848 Parse_TPM2B_CONTEXT_SENSITIVE(buffer, &value->encrypted, value_bytes); 7849 if (result) { 7850 return result; 7851 } 7852 return result; 7853 } 7854 7855 TPM_RC Serialize_TPM2B_CONTEXT_DATA(const TPM2B_CONTEXT_DATA& value, 7856 std::string* buffer) { 7857 TPM_RC result = TPM_RC_SUCCESS; 7858 VLOG(3) << __func__; 7859 7860 result = Serialize_UINT16(value.size, buffer); 7861 if (result) { 7862 return result; 7863 } 7864 7865 if (arraysize(value.buffer) < value.size) { 7866 return TPM_RC_INSUFFICIENT; 7867 } 7868 for (uint32_t i = 0; i < value.size; ++i) { 7869 result = Serialize_BYTE(value.buffer[i], buffer); 7870 if (result) { 7871 return result; 7872 } 7873 } 7874 return result; 7875 } 7876 7877 TPM_RC Parse_TPM2B_CONTEXT_DATA(std::string* buffer, 7878 TPM2B_CONTEXT_DATA* value, 7879 std::string* value_bytes) { 7880 TPM_RC result = TPM_RC_SUCCESS; 7881 VLOG(3) << __func__; 7882 7883 result = Parse_UINT16(buffer, &value->size, value_bytes); 7884 if (result) { 7885 return result; 7886 } 7887 7888 if (arraysize(value->buffer) < value->size) { 7889 return TPM_RC_INSUFFICIENT; 7890 } 7891 for (uint32_t i = 0; i < value->size; ++i) { 7892 result = Parse_BYTE(buffer, &value->buffer[i], value_bytes); 7893 if (result) { 7894 return result; 7895 } 7896 } 7897 return result; 7898 } 7899 7900 TPM2B_CONTEXT_DATA Make_TPM2B_CONTEXT_DATA(const std::string& bytes) { 7901 TPM2B_CONTEXT_DATA tpm2b; 7902 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 7903 memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_DATA)); 7904 tpm2b.size = bytes.size(); 7905 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 7906 return tpm2b; 7907 } 7908 7909 std::string StringFrom_TPM2B_CONTEXT_DATA(const TPM2B_CONTEXT_DATA& tpm2b) { 7910 const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer); 7911 return std::string(char_buffer, tpm2b.size); 7912 } 7913 7914 TPM_RC Serialize_TPMS_CONTEXT(const TPMS_CONTEXT& value, std::string* buffer) { 7915 TPM_RC result = TPM_RC_SUCCESS; 7916 VLOG(3) << __func__; 7917 7918 result = Serialize_UINT64(value.sequence, buffer); 7919 if (result) { 7920 return result; 7921 } 7922 7923 result = Serialize_TPMI_DH_CONTEXT(value.saved_handle, buffer); 7924 if (result) { 7925 return result; 7926 } 7927 7928 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 7929 if (result) { 7930 return result; 7931 } 7932 7933 result = Serialize_TPM2B_CONTEXT_DATA(value.context_blob, buffer); 7934 if (result) { 7935 return result; 7936 } 7937 return result; 7938 } 7939 7940 TPM_RC Parse_TPMS_CONTEXT(std::string* buffer, 7941 TPMS_CONTEXT* value, 7942 std::string* value_bytes) { 7943 TPM_RC result = TPM_RC_SUCCESS; 7944 VLOG(3) << __func__; 7945 7946 result = Parse_UINT64(buffer, &value->sequence, value_bytes); 7947 if (result) { 7948 return result; 7949 } 7950 7951 result = Parse_TPMI_DH_CONTEXT(buffer, &value->saved_handle, value_bytes); 7952 if (result) { 7953 return result; 7954 } 7955 7956 result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes); 7957 if (result) { 7958 return result; 7959 } 7960 7961 result = Parse_TPM2B_CONTEXT_DATA(buffer, &value->context_blob, value_bytes); 7962 if (result) { 7963 return result; 7964 } 7965 return result; 7966 } 7967 7968 TPM_RC Serialize_TPMS_CREATION_DATA(const TPMS_CREATION_DATA& value, 7969 std::string* buffer) { 7970 TPM_RC result = TPM_RC_SUCCESS; 7971 VLOG(3) << __func__; 7972 7973 result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer); 7974 if (result) { 7975 return result; 7976 } 7977 7978 result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer); 7979 if (result) { 7980 return result; 7981 } 7982 7983 result = Serialize_TPMA_LOCALITY(value.locality, buffer); 7984 if (result) { 7985 return result; 7986 } 7987 7988 result = Serialize_TPM_ALG_ID(value.parent_name_alg, buffer); 7989 if (result) { 7990 return result; 7991 } 7992 7993 result = Serialize_TPM2B_NAME(value.parent_name, buffer); 7994 if (result) { 7995 return result; 7996 } 7997 7998 result = Serialize_TPM2B_NAME(value.parent_qualified_name, buffer); 7999 if (result) { 8000 return result; 8001 } 8002 8003 result = Serialize_TPM2B_DATA(value.outside_info, buffer); 8004 if (result) { 8005 return result; 8006 } 8007 return result; 8008 } 8009 8010 TPM_RC Parse_TPMS_CREATION_DATA(std::string* buffer, 8011 TPMS_CREATION_DATA* value, 8012 std::string* value_bytes) { 8013 TPM_RC result = TPM_RC_SUCCESS; 8014 VLOG(3) << __func__; 8015 8016 result = Parse_TPML_PCR_SELECTION(buffer, &value->pcr_select, value_bytes); 8017 if (result) { 8018 return result; 8019 } 8020 8021 result = Parse_TPM2B_DIGEST(buffer, &value->pcr_digest, value_bytes); 8022 if (result) { 8023 return result; 8024 } 8025 8026 result = Parse_TPMA_LOCALITY(buffer, &value->locality, value_bytes); 8027 if (result) { 8028 return result; 8029 } 8030 8031 result = Parse_TPM_ALG_ID(buffer, &value->parent_name_alg, value_bytes); 8032 if (result) { 8033 return result; 8034 } 8035 8036 result = Parse_TPM2B_NAME(buffer, &value->parent_name, value_bytes); 8037 if (result) { 8038 return result; 8039 } 8040 8041 result = Parse_TPM2B_NAME(buffer, &value->parent_qualified_name, value_bytes); 8042 if (result) { 8043 return result; 8044 } 8045 8046 result = Parse_TPM2B_DATA(buffer, &value->outside_info, value_bytes); 8047 if (result) { 8048 return result; 8049 } 8050 return result; 8051 } 8052 8053 TPM_RC Serialize_TPM2B_CREATION_DATA(const TPM2B_CREATION_DATA& value, 8054 std::string* buffer) { 8055 TPM_RC result = TPM_RC_SUCCESS; 8056 VLOG(3) << __func__; 8057 8058 std::string field_bytes; 8059 result = Serialize_TPMS_CREATION_DATA(value.creation_data, &field_bytes); 8060 if (result) { 8061 return result; 8062 } 8063 std::string size_bytes; 8064 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 8065 if (result) { 8066 return result; 8067 } 8068 buffer->append(size_bytes + field_bytes); 8069 return result; 8070 } 8071 8072 TPM_RC Parse_TPM2B_CREATION_DATA(std::string* buffer, 8073 TPM2B_CREATION_DATA* value, 8074 std::string* value_bytes) { 8075 TPM_RC result = TPM_RC_SUCCESS; 8076 VLOG(3) << __func__; 8077 8078 result = Parse_UINT16(buffer, &value->size, value_bytes); 8079 if (result) { 8080 return result; 8081 } 8082 8083 result = Parse_TPMS_CREATION_DATA(buffer, &value->creation_data, value_bytes); 8084 if (result) { 8085 return result; 8086 } 8087 return result; 8088 } 8089 8090 TPM2B_CREATION_DATA Make_TPM2B_CREATION_DATA(const TPMS_CREATION_DATA& inner) { 8091 TPM2B_CREATION_DATA tpm2b; 8092 tpm2b.size = sizeof(TPMS_CREATION_DATA); 8093 tpm2b.creation_data = inner; 8094 return tpm2b; 8095 } 8096 8097 TPM_RC Tpm::SerializeCommand_Startup( 8098 const TPM_SU& startup_type, 8099 std::string* serialized_command, 8100 AuthorizationDelegate* authorization_delegate) { 8101 VLOG(3) << __func__; 8102 TPM_RC rc = TPM_RC_SUCCESS; 8103 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 8104 UINT32 command_size = 10; // Header size. 8105 std::string handle_section_bytes; 8106 std::string parameter_section_bytes; 8107 TPM_CC command_code = TPM_CC_Startup; 8108 bool is_command_parameter_encryption_possible = false; 8109 bool is_response_parameter_encryption_possible = false; 8110 std::string command_code_bytes; 8111 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8112 if (rc != TPM_RC_SUCCESS) { 8113 return rc; 8114 } 8115 std::string startup_type_bytes; 8116 rc = Serialize_TPM_SU(startup_type, &startup_type_bytes); 8117 if (rc != TPM_RC_SUCCESS) { 8118 return rc; 8119 } 8120 std::unique_ptr<crypto::SecureHash> hash( 8121 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8122 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8123 hash->Update(startup_type_bytes.data(), startup_type_bytes.size()); 8124 parameter_section_bytes += startup_type_bytes; 8125 command_size += startup_type_bytes.size(); 8126 std::string command_hash(32, 0); 8127 hash->Finish(string_as_array(&command_hash), command_hash.size()); 8128 std::string authorization_section_bytes; 8129 std::string authorization_size_bytes; 8130 if (authorization_delegate) { 8131 if (!authorization_delegate->GetCommandAuthorization( 8132 command_hash, is_command_parameter_encryption_possible, 8133 is_response_parameter_encryption_possible, 8134 &authorization_section_bytes)) { 8135 return TRUNKS_RC_AUTHORIZATION_FAILED; 8136 } 8137 if (!authorization_section_bytes.empty()) { 8138 tag = TPM_ST_SESSIONS; 8139 std::string tmp; 8140 rc = Serialize_UINT32(authorization_section_bytes.size(), 8141 &authorization_size_bytes); 8142 if (rc != TPM_RC_SUCCESS) { 8143 return rc; 8144 } 8145 command_size += 8146 authorization_size_bytes.size() + authorization_section_bytes.size(); 8147 } 8148 } 8149 std::string tag_bytes; 8150 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 8151 if (rc != TPM_RC_SUCCESS) { 8152 return rc; 8153 } 8154 std::string command_size_bytes; 8155 rc = Serialize_UINT32(command_size, &command_size_bytes); 8156 if (rc != TPM_RC_SUCCESS) { 8157 return rc; 8158 } 8159 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 8160 handle_section_bytes + authorization_size_bytes + 8161 authorization_section_bytes + parameter_section_bytes; 8162 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 8163 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 8164 serialized_command->size()); 8165 return TPM_RC_SUCCESS; 8166 } 8167 8168 TPM_RC Tpm::ParseResponse_Startup( 8169 const std::string& response, 8170 AuthorizationDelegate* authorization_delegate) { 8171 VLOG(3) << __func__; 8172 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 8173 TPM_RC rc = TPM_RC_SUCCESS; 8174 std::string buffer(response); 8175 TPM_ST tag; 8176 std::string tag_bytes; 8177 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 8178 if (rc != TPM_RC_SUCCESS) { 8179 return rc; 8180 } 8181 UINT32 response_size; 8182 std::string response_size_bytes; 8183 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 8184 if (rc != TPM_RC_SUCCESS) { 8185 return rc; 8186 } 8187 TPM_RC response_code; 8188 std::string response_code_bytes; 8189 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 8190 if (rc != TPM_RC_SUCCESS) { 8191 return rc; 8192 } 8193 if (response_size != response.size()) { 8194 return TPM_RC_SIZE; 8195 } 8196 if (response_code != TPM_RC_SUCCESS) { 8197 return response_code; 8198 } 8199 TPM_CC command_code = TPM_CC_Startup; 8200 std::string command_code_bytes; 8201 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8202 if (rc != TPM_RC_SUCCESS) { 8203 return rc; 8204 } 8205 std::string authorization_section_bytes; 8206 if (tag == TPM_ST_SESSIONS) { 8207 UINT32 parameter_section_size = buffer.size(); 8208 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 8209 if (rc != TPM_RC_SUCCESS) { 8210 return rc; 8211 } 8212 if (parameter_section_size > buffer.size()) { 8213 return TPM_RC_INSUFFICIENT; 8214 } 8215 authorization_section_bytes = buffer.substr(parameter_section_size); 8216 // Keep the parameter section in |buffer|. 8217 buffer.erase(parameter_section_size); 8218 } 8219 std::unique_ptr<crypto::SecureHash> hash( 8220 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8221 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 8222 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8223 hash->Update(buffer.data(), buffer.size()); 8224 std::string response_hash(32, 0); 8225 hash->Finish(string_as_array(&response_hash), response_hash.size()); 8226 if (tag == TPM_ST_SESSIONS) { 8227 CHECK(authorization_delegate) << "Authorization delegate missing!"; 8228 if (!authorization_delegate->CheckResponseAuthorization( 8229 response_hash, authorization_section_bytes)) { 8230 return TRUNKS_RC_AUTHORIZATION_FAILED; 8231 } 8232 } 8233 return TPM_RC_SUCCESS; 8234 } 8235 8236 void StartupErrorCallback(const Tpm::StartupResponse& callback, 8237 TPM_RC response_code) { 8238 VLOG(1) << __func__; 8239 callback.Run(response_code); 8240 } 8241 8242 void StartupResponseParser(const Tpm::StartupResponse& callback, 8243 AuthorizationDelegate* authorization_delegate, 8244 const std::string& response) { 8245 VLOG(1) << __func__; 8246 base::Callback<void(TPM_RC)> error_reporter = 8247 base::Bind(StartupErrorCallback, callback); 8248 TPM_RC rc = Tpm::ParseResponse_Startup(response, authorization_delegate); 8249 if (rc != TPM_RC_SUCCESS) { 8250 error_reporter.Run(rc); 8251 return; 8252 } 8253 callback.Run(rc); 8254 } 8255 8256 void Tpm::Startup(const TPM_SU& startup_type, 8257 AuthorizationDelegate* authorization_delegate, 8258 const StartupResponse& callback) { 8259 VLOG(1) << __func__; 8260 base::Callback<void(TPM_RC)> error_reporter = 8261 base::Bind(StartupErrorCallback, callback); 8262 base::Callback<void(const std::string&)> parser = 8263 base::Bind(StartupResponseParser, callback, authorization_delegate); 8264 std::string command; 8265 TPM_RC rc = 8266 SerializeCommand_Startup(startup_type, &command, authorization_delegate); 8267 if (rc != TPM_RC_SUCCESS) { 8268 error_reporter.Run(rc); 8269 return; 8270 } 8271 transceiver_->SendCommand(command, parser); 8272 } 8273 8274 TPM_RC Tpm::StartupSync(const TPM_SU& startup_type, 8275 AuthorizationDelegate* authorization_delegate) { 8276 VLOG(1) << __func__; 8277 std::string command; 8278 TPM_RC rc = 8279 SerializeCommand_Startup(startup_type, &command, authorization_delegate); 8280 if (rc != TPM_RC_SUCCESS) { 8281 return rc; 8282 } 8283 std::string response = transceiver_->SendCommandAndWait(command); 8284 rc = ParseResponse_Startup(response, authorization_delegate); 8285 return rc; 8286 } 8287 8288 TPM_RC Tpm::SerializeCommand_Shutdown( 8289 const TPM_SU& shutdown_type, 8290 std::string* serialized_command, 8291 AuthorizationDelegate* authorization_delegate) { 8292 VLOG(3) << __func__; 8293 TPM_RC rc = TPM_RC_SUCCESS; 8294 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 8295 UINT32 command_size = 10; // Header size. 8296 std::string handle_section_bytes; 8297 std::string parameter_section_bytes; 8298 TPM_CC command_code = TPM_CC_Shutdown; 8299 bool is_command_parameter_encryption_possible = false; 8300 bool is_response_parameter_encryption_possible = false; 8301 std::string command_code_bytes; 8302 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8303 if (rc != TPM_RC_SUCCESS) { 8304 return rc; 8305 } 8306 std::string shutdown_type_bytes; 8307 rc = Serialize_TPM_SU(shutdown_type, &shutdown_type_bytes); 8308 if (rc != TPM_RC_SUCCESS) { 8309 return rc; 8310 } 8311 std::unique_ptr<crypto::SecureHash> hash( 8312 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8313 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8314 hash->Update(shutdown_type_bytes.data(), shutdown_type_bytes.size()); 8315 parameter_section_bytes += shutdown_type_bytes; 8316 command_size += shutdown_type_bytes.size(); 8317 std::string command_hash(32, 0); 8318 hash->Finish(string_as_array(&command_hash), command_hash.size()); 8319 std::string authorization_section_bytes; 8320 std::string authorization_size_bytes; 8321 if (authorization_delegate) { 8322 if (!authorization_delegate->GetCommandAuthorization( 8323 command_hash, is_command_parameter_encryption_possible, 8324 is_response_parameter_encryption_possible, 8325 &authorization_section_bytes)) { 8326 return TRUNKS_RC_AUTHORIZATION_FAILED; 8327 } 8328 if (!authorization_section_bytes.empty()) { 8329 tag = TPM_ST_SESSIONS; 8330 std::string tmp; 8331 rc = Serialize_UINT32(authorization_section_bytes.size(), 8332 &authorization_size_bytes); 8333 if (rc != TPM_RC_SUCCESS) { 8334 return rc; 8335 } 8336 command_size += 8337 authorization_size_bytes.size() + authorization_section_bytes.size(); 8338 } 8339 } 8340 std::string tag_bytes; 8341 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 8342 if (rc != TPM_RC_SUCCESS) { 8343 return rc; 8344 } 8345 std::string command_size_bytes; 8346 rc = Serialize_UINT32(command_size, &command_size_bytes); 8347 if (rc != TPM_RC_SUCCESS) { 8348 return rc; 8349 } 8350 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 8351 handle_section_bytes + authorization_size_bytes + 8352 authorization_section_bytes + parameter_section_bytes; 8353 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 8354 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 8355 serialized_command->size()); 8356 return TPM_RC_SUCCESS; 8357 } 8358 8359 TPM_RC Tpm::ParseResponse_Shutdown( 8360 const std::string& response, 8361 AuthorizationDelegate* authorization_delegate) { 8362 VLOG(3) << __func__; 8363 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 8364 TPM_RC rc = TPM_RC_SUCCESS; 8365 std::string buffer(response); 8366 TPM_ST tag; 8367 std::string tag_bytes; 8368 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 8369 if (rc != TPM_RC_SUCCESS) { 8370 return rc; 8371 } 8372 UINT32 response_size; 8373 std::string response_size_bytes; 8374 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 8375 if (rc != TPM_RC_SUCCESS) { 8376 return rc; 8377 } 8378 TPM_RC response_code; 8379 std::string response_code_bytes; 8380 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 8381 if (rc != TPM_RC_SUCCESS) { 8382 return rc; 8383 } 8384 if (response_size != response.size()) { 8385 return TPM_RC_SIZE; 8386 } 8387 if (response_code != TPM_RC_SUCCESS) { 8388 return response_code; 8389 } 8390 TPM_CC command_code = TPM_CC_Shutdown; 8391 std::string command_code_bytes; 8392 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8393 if (rc != TPM_RC_SUCCESS) { 8394 return rc; 8395 } 8396 std::string authorization_section_bytes; 8397 if (tag == TPM_ST_SESSIONS) { 8398 UINT32 parameter_section_size = buffer.size(); 8399 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 8400 if (rc != TPM_RC_SUCCESS) { 8401 return rc; 8402 } 8403 if (parameter_section_size > buffer.size()) { 8404 return TPM_RC_INSUFFICIENT; 8405 } 8406 authorization_section_bytes = buffer.substr(parameter_section_size); 8407 // Keep the parameter section in |buffer|. 8408 buffer.erase(parameter_section_size); 8409 } 8410 std::unique_ptr<crypto::SecureHash> hash( 8411 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8412 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 8413 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8414 hash->Update(buffer.data(), buffer.size()); 8415 std::string response_hash(32, 0); 8416 hash->Finish(string_as_array(&response_hash), response_hash.size()); 8417 if (tag == TPM_ST_SESSIONS) { 8418 CHECK(authorization_delegate) << "Authorization delegate missing!"; 8419 if (!authorization_delegate->CheckResponseAuthorization( 8420 response_hash, authorization_section_bytes)) { 8421 return TRUNKS_RC_AUTHORIZATION_FAILED; 8422 } 8423 } 8424 return TPM_RC_SUCCESS; 8425 } 8426 8427 void ShutdownErrorCallback(const Tpm::ShutdownResponse& callback, 8428 TPM_RC response_code) { 8429 VLOG(1) << __func__; 8430 callback.Run(response_code); 8431 } 8432 8433 void ShutdownResponseParser(const Tpm::ShutdownResponse& callback, 8434 AuthorizationDelegate* authorization_delegate, 8435 const std::string& response) { 8436 VLOG(1) << __func__; 8437 base::Callback<void(TPM_RC)> error_reporter = 8438 base::Bind(ShutdownErrorCallback, callback); 8439 TPM_RC rc = Tpm::ParseResponse_Shutdown(response, authorization_delegate); 8440 if (rc != TPM_RC_SUCCESS) { 8441 error_reporter.Run(rc); 8442 return; 8443 } 8444 callback.Run(rc); 8445 } 8446 8447 void Tpm::Shutdown(const TPM_SU& shutdown_type, 8448 AuthorizationDelegate* authorization_delegate, 8449 const ShutdownResponse& callback) { 8450 VLOG(1) << __func__; 8451 base::Callback<void(TPM_RC)> error_reporter = 8452 base::Bind(ShutdownErrorCallback, callback); 8453 base::Callback<void(const std::string&)> parser = 8454 base::Bind(ShutdownResponseParser, callback, authorization_delegate); 8455 std::string command; 8456 TPM_RC rc = SerializeCommand_Shutdown(shutdown_type, &command, 8457 authorization_delegate); 8458 if (rc != TPM_RC_SUCCESS) { 8459 error_reporter.Run(rc); 8460 return; 8461 } 8462 transceiver_->SendCommand(command, parser); 8463 } 8464 8465 TPM_RC Tpm::ShutdownSync(const TPM_SU& shutdown_type, 8466 AuthorizationDelegate* authorization_delegate) { 8467 VLOG(1) << __func__; 8468 std::string command; 8469 TPM_RC rc = SerializeCommand_Shutdown(shutdown_type, &command, 8470 authorization_delegate); 8471 if (rc != TPM_RC_SUCCESS) { 8472 return rc; 8473 } 8474 std::string response = transceiver_->SendCommandAndWait(command); 8475 rc = ParseResponse_Shutdown(response, authorization_delegate); 8476 return rc; 8477 } 8478 8479 TPM_RC Tpm::SerializeCommand_SelfTest( 8480 const TPMI_YES_NO& full_test, 8481 std::string* serialized_command, 8482 AuthorizationDelegate* authorization_delegate) { 8483 VLOG(3) << __func__; 8484 TPM_RC rc = TPM_RC_SUCCESS; 8485 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 8486 UINT32 command_size = 10; // Header size. 8487 std::string handle_section_bytes; 8488 std::string parameter_section_bytes; 8489 TPM_CC command_code = TPM_CC_SelfTest; 8490 bool is_command_parameter_encryption_possible = false; 8491 bool is_response_parameter_encryption_possible = false; 8492 std::string command_code_bytes; 8493 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8494 if (rc != TPM_RC_SUCCESS) { 8495 return rc; 8496 } 8497 std::string full_test_bytes; 8498 rc = Serialize_TPMI_YES_NO(full_test, &full_test_bytes); 8499 if (rc != TPM_RC_SUCCESS) { 8500 return rc; 8501 } 8502 std::unique_ptr<crypto::SecureHash> hash( 8503 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8504 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8505 hash->Update(full_test_bytes.data(), full_test_bytes.size()); 8506 parameter_section_bytes += full_test_bytes; 8507 command_size += full_test_bytes.size(); 8508 std::string command_hash(32, 0); 8509 hash->Finish(string_as_array(&command_hash), command_hash.size()); 8510 std::string authorization_section_bytes; 8511 std::string authorization_size_bytes; 8512 if (authorization_delegate) { 8513 if (!authorization_delegate->GetCommandAuthorization( 8514 command_hash, is_command_parameter_encryption_possible, 8515 is_response_parameter_encryption_possible, 8516 &authorization_section_bytes)) { 8517 return TRUNKS_RC_AUTHORIZATION_FAILED; 8518 } 8519 if (!authorization_section_bytes.empty()) { 8520 tag = TPM_ST_SESSIONS; 8521 std::string tmp; 8522 rc = Serialize_UINT32(authorization_section_bytes.size(), 8523 &authorization_size_bytes); 8524 if (rc != TPM_RC_SUCCESS) { 8525 return rc; 8526 } 8527 command_size += 8528 authorization_size_bytes.size() + authorization_section_bytes.size(); 8529 } 8530 } 8531 std::string tag_bytes; 8532 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 8533 if (rc != TPM_RC_SUCCESS) { 8534 return rc; 8535 } 8536 std::string command_size_bytes; 8537 rc = Serialize_UINT32(command_size, &command_size_bytes); 8538 if (rc != TPM_RC_SUCCESS) { 8539 return rc; 8540 } 8541 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 8542 handle_section_bytes + authorization_size_bytes + 8543 authorization_section_bytes + parameter_section_bytes; 8544 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 8545 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 8546 serialized_command->size()); 8547 return TPM_RC_SUCCESS; 8548 } 8549 8550 TPM_RC Tpm::ParseResponse_SelfTest( 8551 const std::string& response, 8552 AuthorizationDelegate* authorization_delegate) { 8553 VLOG(3) << __func__; 8554 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 8555 TPM_RC rc = TPM_RC_SUCCESS; 8556 std::string buffer(response); 8557 TPM_ST tag; 8558 std::string tag_bytes; 8559 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 8560 if (rc != TPM_RC_SUCCESS) { 8561 return rc; 8562 } 8563 UINT32 response_size; 8564 std::string response_size_bytes; 8565 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 8566 if (rc != TPM_RC_SUCCESS) { 8567 return rc; 8568 } 8569 TPM_RC response_code; 8570 std::string response_code_bytes; 8571 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 8572 if (rc != TPM_RC_SUCCESS) { 8573 return rc; 8574 } 8575 if (response_size != response.size()) { 8576 return TPM_RC_SIZE; 8577 } 8578 if (response_code != TPM_RC_SUCCESS) { 8579 return response_code; 8580 } 8581 TPM_CC command_code = TPM_CC_SelfTest; 8582 std::string command_code_bytes; 8583 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8584 if (rc != TPM_RC_SUCCESS) { 8585 return rc; 8586 } 8587 std::string authorization_section_bytes; 8588 if (tag == TPM_ST_SESSIONS) { 8589 UINT32 parameter_section_size = buffer.size(); 8590 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 8591 if (rc != TPM_RC_SUCCESS) { 8592 return rc; 8593 } 8594 if (parameter_section_size > buffer.size()) { 8595 return TPM_RC_INSUFFICIENT; 8596 } 8597 authorization_section_bytes = buffer.substr(parameter_section_size); 8598 // Keep the parameter section in |buffer|. 8599 buffer.erase(parameter_section_size); 8600 } 8601 std::unique_ptr<crypto::SecureHash> hash( 8602 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8603 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 8604 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8605 hash->Update(buffer.data(), buffer.size()); 8606 std::string response_hash(32, 0); 8607 hash->Finish(string_as_array(&response_hash), response_hash.size()); 8608 if (tag == TPM_ST_SESSIONS) { 8609 CHECK(authorization_delegate) << "Authorization delegate missing!"; 8610 if (!authorization_delegate->CheckResponseAuthorization( 8611 response_hash, authorization_section_bytes)) { 8612 return TRUNKS_RC_AUTHORIZATION_FAILED; 8613 } 8614 } 8615 return TPM_RC_SUCCESS; 8616 } 8617 8618 void SelfTestErrorCallback(const Tpm::SelfTestResponse& callback, 8619 TPM_RC response_code) { 8620 VLOG(1) << __func__; 8621 callback.Run(response_code); 8622 } 8623 8624 void SelfTestResponseParser(const Tpm::SelfTestResponse& callback, 8625 AuthorizationDelegate* authorization_delegate, 8626 const std::string& response) { 8627 VLOG(1) << __func__; 8628 base::Callback<void(TPM_RC)> error_reporter = 8629 base::Bind(SelfTestErrorCallback, callback); 8630 TPM_RC rc = Tpm::ParseResponse_SelfTest(response, authorization_delegate); 8631 if (rc != TPM_RC_SUCCESS) { 8632 error_reporter.Run(rc); 8633 return; 8634 } 8635 callback.Run(rc); 8636 } 8637 8638 void Tpm::SelfTest(const TPMI_YES_NO& full_test, 8639 AuthorizationDelegate* authorization_delegate, 8640 const SelfTestResponse& callback) { 8641 VLOG(1) << __func__; 8642 base::Callback<void(TPM_RC)> error_reporter = 8643 base::Bind(SelfTestErrorCallback, callback); 8644 base::Callback<void(const std::string&)> parser = 8645 base::Bind(SelfTestResponseParser, callback, authorization_delegate); 8646 std::string command; 8647 TPM_RC rc = 8648 SerializeCommand_SelfTest(full_test, &command, authorization_delegate); 8649 if (rc != TPM_RC_SUCCESS) { 8650 error_reporter.Run(rc); 8651 return; 8652 } 8653 transceiver_->SendCommand(command, parser); 8654 } 8655 8656 TPM_RC Tpm::SelfTestSync(const TPMI_YES_NO& full_test, 8657 AuthorizationDelegate* authorization_delegate) { 8658 VLOG(1) << __func__; 8659 std::string command; 8660 TPM_RC rc = 8661 SerializeCommand_SelfTest(full_test, &command, authorization_delegate); 8662 if (rc != TPM_RC_SUCCESS) { 8663 return rc; 8664 } 8665 std::string response = transceiver_->SendCommandAndWait(command); 8666 rc = ParseResponse_SelfTest(response, authorization_delegate); 8667 return rc; 8668 } 8669 8670 TPM_RC Tpm::SerializeCommand_IncrementalSelfTest( 8671 const TPML_ALG& to_test, 8672 std::string* serialized_command, 8673 AuthorizationDelegate* authorization_delegate) { 8674 VLOG(3) << __func__; 8675 TPM_RC rc = TPM_RC_SUCCESS; 8676 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 8677 UINT32 command_size = 10; // Header size. 8678 std::string handle_section_bytes; 8679 std::string parameter_section_bytes; 8680 TPM_CC command_code = TPM_CC_IncrementalSelfTest; 8681 bool is_command_parameter_encryption_possible = false; 8682 bool is_response_parameter_encryption_possible = false; 8683 std::string command_code_bytes; 8684 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8685 if (rc != TPM_RC_SUCCESS) { 8686 return rc; 8687 } 8688 std::string to_test_bytes; 8689 rc = Serialize_TPML_ALG(to_test, &to_test_bytes); 8690 if (rc != TPM_RC_SUCCESS) { 8691 return rc; 8692 } 8693 std::unique_ptr<crypto::SecureHash> hash( 8694 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8695 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8696 hash->Update(to_test_bytes.data(), to_test_bytes.size()); 8697 parameter_section_bytes += to_test_bytes; 8698 command_size += to_test_bytes.size(); 8699 std::string command_hash(32, 0); 8700 hash->Finish(string_as_array(&command_hash), command_hash.size()); 8701 std::string authorization_section_bytes; 8702 std::string authorization_size_bytes; 8703 if (authorization_delegate) { 8704 if (!authorization_delegate->GetCommandAuthorization( 8705 command_hash, is_command_parameter_encryption_possible, 8706 is_response_parameter_encryption_possible, 8707 &authorization_section_bytes)) { 8708 return TRUNKS_RC_AUTHORIZATION_FAILED; 8709 } 8710 if (!authorization_section_bytes.empty()) { 8711 tag = TPM_ST_SESSIONS; 8712 std::string tmp; 8713 rc = Serialize_UINT32(authorization_section_bytes.size(), 8714 &authorization_size_bytes); 8715 if (rc != TPM_RC_SUCCESS) { 8716 return rc; 8717 } 8718 command_size += 8719 authorization_size_bytes.size() + authorization_section_bytes.size(); 8720 } 8721 } 8722 std::string tag_bytes; 8723 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 8724 if (rc != TPM_RC_SUCCESS) { 8725 return rc; 8726 } 8727 std::string command_size_bytes; 8728 rc = Serialize_UINT32(command_size, &command_size_bytes); 8729 if (rc != TPM_RC_SUCCESS) { 8730 return rc; 8731 } 8732 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 8733 handle_section_bytes + authorization_size_bytes + 8734 authorization_section_bytes + parameter_section_bytes; 8735 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 8736 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 8737 serialized_command->size()); 8738 return TPM_RC_SUCCESS; 8739 } 8740 8741 TPM_RC Tpm::ParseResponse_IncrementalSelfTest( 8742 const std::string& response, 8743 TPML_ALG* to_do_list, 8744 AuthorizationDelegate* authorization_delegate) { 8745 VLOG(3) << __func__; 8746 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 8747 TPM_RC rc = TPM_RC_SUCCESS; 8748 std::string buffer(response); 8749 TPM_ST tag; 8750 std::string tag_bytes; 8751 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 8752 if (rc != TPM_RC_SUCCESS) { 8753 return rc; 8754 } 8755 UINT32 response_size; 8756 std::string response_size_bytes; 8757 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 8758 if (rc != TPM_RC_SUCCESS) { 8759 return rc; 8760 } 8761 TPM_RC response_code; 8762 std::string response_code_bytes; 8763 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 8764 if (rc != TPM_RC_SUCCESS) { 8765 return rc; 8766 } 8767 if (response_size != response.size()) { 8768 return TPM_RC_SIZE; 8769 } 8770 if (response_code != TPM_RC_SUCCESS) { 8771 return response_code; 8772 } 8773 TPM_CC command_code = TPM_CC_IncrementalSelfTest; 8774 std::string command_code_bytes; 8775 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8776 if (rc != TPM_RC_SUCCESS) { 8777 return rc; 8778 } 8779 std::string authorization_section_bytes; 8780 if (tag == TPM_ST_SESSIONS) { 8781 UINT32 parameter_section_size = buffer.size(); 8782 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 8783 if (rc != TPM_RC_SUCCESS) { 8784 return rc; 8785 } 8786 if (parameter_section_size > buffer.size()) { 8787 return TPM_RC_INSUFFICIENT; 8788 } 8789 authorization_section_bytes = buffer.substr(parameter_section_size); 8790 // Keep the parameter section in |buffer|. 8791 buffer.erase(parameter_section_size); 8792 } 8793 std::unique_ptr<crypto::SecureHash> hash( 8794 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8795 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 8796 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8797 hash->Update(buffer.data(), buffer.size()); 8798 std::string response_hash(32, 0); 8799 hash->Finish(string_as_array(&response_hash), response_hash.size()); 8800 if (tag == TPM_ST_SESSIONS) { 8801 CHECK(authorization_delegate) << "Authorization delegate missing!"; 8802 if (!authorization_delegate->CheckResponseAuthorization( 8803 response_hash, authorization_section_bytes)) { 8804 return TRUNKS_RC_AUTHORIZATION_FAILED; 8805 } 8806 } 8807 std::string to_do_list_bytes; 8808 rc = Parse_TPML_ALG(&buffer, to_do_list, &to_do_list_bytes); 8809 if (rc != TPM_RC_SUCCESS) { 8810 return rc; 8811 } 8812 return TPM_RC_SUCCESS; 8813 } 8814 8815 void IncrementalSelfTestErrorCallback( 8816 const Tpm::IncrementalSelfTestResponse& callback, 8817 TPM_RC response_code) { 8818 VLOG(1) << __func__; 8819 callback.Run(response_code, TPML_ALG()); 8820 } 8821 8822 void IncrementalSelfTestResponseParser( 8823 const Tpm::IncrementalSelfTestResponse& callback, 8824 AuthorizationDelegate* authorization_delegate, 8825 const std::string& response) { 8826 VLOG(1) << __func__; 8827 base::Callback<void(TPM_RC)> error_reporter = 8828 base::Bind(IncrementalSelfTestErrorCallback, callback); 8829 TPML_ALG to_do_list; 8830 TPM_RC rc = Tpm::ParseResponse_IncrementalSelfTest(response, &to_do_list, 8831 authorization_delegate); 8832 if (rc != TPM_RC_SUCCESS) { 8833 error_reporter.Run(rc); 8834 return; 8835 } 8836 callback.Run(rc, to_do_list); 8837 } 8838 8839 void Tpm::IncrementalSelfTest(const TPML_ALG& to_test, 8840 AuthorizationDelegate* authorization_delegate, 8841 const IncrementalSelfTestResponse& callback) { 8842 VLOG(1) << __func__; 8843 base::Callback<void(TPM_RC)> error_reporter = 8844 base::Bind(IncrementalSelfTestErrorCallback, callback); 8845 base::Callback<void(const std::string&)> parser = base::Bind( 8846 IncrementalSelfTestResponseParser, callback, authorization_delegate); 8847 std::string command; 8848 TPM_RC rc = SerializeCommand_IncrementalSelfTest(to_test, &command, 8849 authorization_delegate); 8850 if (rc != TPM_RC_SUCCESS) { 8851 error_reporter.Run(rc); 8852 return; 8853 } 8854 transceiver_->SendCommand(command, parser); 8855 } 8856 8857 TPM_RC Tpm::IncrementalSelfTestSync( 8858 const TPML_ALG& to_test, 8859 TPML_ALG* to_do_list, 8860 AuthorizationDelegate* authorization_delegate) { 8861 VLOG(1) << __func__; 8862 std::string command; 8863 TPM_RC rc = SerializeCommand_IncrementalSelfTest(to_test, &command, 8864 authorization_delegate); 8865 if (rc != TPM_RC_SUCCESS) { 8866 return rc; 8867 } 8868 std::string response = transceiver_->SendCommandAndWait(command); 8869 rc = ParseResponse_IncrementalSelfTest(response, to_do_list, 8870 authorization_delegate); 8871 return rc; 8872 } 8873 8874 TPM_RC Tpm::SerializeCommand_GetTestResult( 8875 std::string* serialized_command, 8876 AuthorizationDelegate* authorization_delegate) { 8877 VLOG(3) << __func__; 8878 TPM_RC rc = TPM_RC_SUCCESS; 8879 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 8880 UINT32 command_size = 10; // Header size. 8881 std::string handle_section_bytes; 8882 std::string parameter_section_bytes; 8883 TPM_CC command_code = TPM_CC_GetTestResult; 8884 bool is_command_parameter_encryption_possible = false; 8885 bool is_response_parameter_encryption_possible = true; 8886 std::string command_code_bytes; 8887 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8888 if (rc != TPM_RC_SUCCESS) { 8889 return rc; 8890 } 8891 std::unique_ptr<crypto::SecureHash> hash( 8892 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8893 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8894 std::string command_hash(32, 0); 8895 hash->Finish(string_as_array(&command_hash), command_hash.size()); 8896 std::string authorization_section_bytes; 8897 std::string authorization_size_bytes; 8898 if (authorization_delegate) { 8899 if (!authorization_delegate->GetCommandAuthorization( 8900 command_hash, is_command_parameter_encryption_possible, 8901 is_response_parameter_encryption_possible, 8902 &authorization_section_bytes)) { 8903 return TRUNKS_RC_AUTHORIZATION_FAILED; 8904 } 8905 if (!authorization_section_bytes.empty()) { 8906 tag = TPM_ST_SESSIONS; 8907 std::string tmp; 8908 rc = Serialize_UINT32(authorization_section_bytes.size(), 8909 &authorization_size_bytes); 8910 if (rc != TPM_RC_SUCCESS) { 8911 return rc; 8912 } 8913 command_size += 8914 authorization_size_bytes.size() + authorization_section_bytes.size(); 8915 } 8916 } 8917 std::string tag_bytes; 8918 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 8919 if (rc != TPM_RC_SUCCESS) { 8920 return rc; 8921 } 8922 std::string command_size_bytes; 8923 rc = Serialize_UINT32(command_size, &command_size_bytes); 8924 if (rc != TPM_RC_SUCCESS) { 8925 return rc; 8926 } 8927 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 8928 handle_section_bytes + authorization_size_bytes + 8929 authorization_section_bytes + parameter_section_bytes; 8930 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 8931 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 8932 serialized_command->size()); 8933 return TPM_RC_SUCCESS; 8934 } 8935 8936 TPM_RC Tpm::ParseResponse_GetTestResult( 8937 const std::string& response, 8938 TPM2B_MAX_BUFFER* out_data, 8939 TPM_RC* test_result, 8940 AuthorizationDelegate* authorization_delegate) { 8941 VLOG(3) << __func__; 8942 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 8943 TPM_RC rc = TPM_RC_SUCCESS; 8944 std::string buffer(response); 8945 TPM_ST tag; 8946 std::string tag_bytes; 8947 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 8948 if (rc != TPM_RC_SUCCESS) { 8949 return rc; 8950 } 8951 UINT32 response_size; 8952 std::string response_size_bytes; 8953 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 8954 if (rc != TPM_RC_SUCCESS) { 8955 return rc; 8956 } 8957 TPM_RC response_code; 8958 std::string response_code_bytes; 8959 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 8960 if (rc != TPM_RC_SUCCESS) { 8961 return rc; 8962 } 8963 if (response_size != response.size()) { 8964 return TPM_RC_SIZE; 8965 } 8966 if (response_code != TPM_RC_SUCCESS) { 8967 return response_code; 8968 } 8969 TPM_CC command_code = TPM_CC_GetTestResult; 8970 std::string command_code_bytes; 8971 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 8972 if (rc != TPM_RC_SUCCESS) { 8973 return rc; 8974 } 8975 std::string authorization_section_bytes; 8976 if (tag == TPM_ST_SESSIONS) { 8977 UINT32 parameter_section_size = buffer.size(); 8978 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 8979 if (rc != TPM_RC_SUCCESS) { 8980 return rc; 8981 } 8982 if (parameter_section_size > buffer.size()) { 8983 return TPM_RC_INSUFFICIENT; 8984 } 8985 authorization_section_bytes = buffer.substr(parameter_section_size); 8986 // Keep the parameter section in |buffer|. 8987 buffer.erase(parameter_section_size); 8988 } 8989 std::unique_ptr<crypto::SecureHash> hash( 8990 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 8991 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 8992 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 8993 hash->Update(buffer.data(), buffer.size()); 8994 std::string response_hash(32, 0); 8995 hash->Finish(string_as_array(&response_hash), response_hash.size()); 8996 if (tag == TPM_ST_SESSIONS) { 8997 CHECK(authorization_delegate) << "Authorization delegate missing!"; 8998 if (!authorization_delegate->CheckResponseAuthorization( 8999 response_hash, authorization_section_bytes)) { 9000 return TRUNKS_RC_AUTHORIZATION_FAILED; 9001 } 9002 } 9003 std::string out_data_bytes; 9004 rc = Parse_TPM2B_MAX_BUFFER(&buffer, out_data, &out_data_bytes); 9005 if (rc != TPM_RC_SUCCESS) { 9006 return rc; 9007 } 9008 std::string test_result_bytes; 9009 rc = Parse_TPM_RC(&buffer, test_result, &test_result_bytes); 9010 if (rc != TPM_RC_SUCCESS) { 9011 return rc; 9012 } 9013 if (tag == TPM_ST_SESSIONS) { 9014 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9015 // Decrypt just the parameter data, not the size. 9016 std::string tmp = out_data_bytes.substr(2); 9017 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 9018 return TRUNKS_RC_ENCRYPTION_FAILED; 9019 } 9020 out_data_bytes.replace(2, std::string::npos, tmp); 9021 rc = Parse_TPM2B_MAX_BUFFER(&out_data_bytes, out_data, nullptr); 9022 if (rc != TPM_RC_SUCCESS) { 9023 return rc; 9024 } 9025 } 9026 return TPM_RC_SUCCESS; 9027 } 9028 9029 void GetTestResultErrorCallback(const Tpm::GetTestResultResponse& callback, 9030 TPM_RC response_code) { 9031 VLOG(1) << __func__; 9032 callback.Run(response_code, TPM2B_MAX_BUFFER(), TPM_RC()); 9033 } 9034 9035 void GetTestResultResponseParser(const Tpm::GetTestResultResponse& callback, 9036 AuthorizationDelegate* authorization_delegate, 9037 const std::string& response) { 9038 VLOG(1) << __func__; 9039 base::Callback<void(TPM_RC)> error_reporter = 9040 base::Bind(GetTestResultErrorCallback, callback); 9041 TPM2B_MAX_BUFFER out_data; 9042 TPM_RC test_result; 9043 TPM_RC rc = Tpm::ParseResponse_GetTestResult( 9044 response, &out_data, &test_result, authorization_delegate); 9045 if (rc != TPM_RC_SUCCESS) { 9046 error_reporter.Run(rc); 9047 return; 9048 } 9049 callback.Run(rc, out_data, test_result); 9050 } 9051 9052 void Tpm::GetTestResult(AuthorizationDelegate* authorization_delegate, 9053 const GetTestResultResponse& callback) { 9054 VLOG(1) << __func__; 9055 base::Callback<void(TPM_RC)> error_reporter = 9056 base::Bind(GetTestResultErrorCallback, callback); 9057 base::Callback<void(const std::string&)> parser = 9058 base::Bind(GetTestResultResponseParser, callback, authorization_delegate); 9059 std::string command; 9060 TPM_RC rc = SerializeCommand_GetTestResult(&command, authorization_delegate); 9061 if (rc != TPM_RC_SUCCESS) { 9062 error_reporter.Run(rc); 9063 return; 9064 } 9065 transceiver_->SendCommand(command, parser); 9066 } 9067 9068 TPM_RC Tpm::GetTestResultSync(TPM2B_MAX_BUFFER* out_data, 9069 TPM_RC* test_result, 9070 AuthorizationDelegate* authorization_delegate) { 9071 VLOG(1) << __func__; 9072 std::string command; 9073 TPM_RC rc = SerializeCommand_GetTestResult(&command, authorization_delegate); 9074 if (rc != TPM_RC_SUCCESS) { 9075 return rc; 9076 } 9077 std::string response = transceiver_->SendCommandAndWait(command); 9078 rc = ParseResponse_GetTestResult(response, out_data, test_result, 9079 authorization_delegate); 9080 return rc; 9081 } 9082 9083 TPM_RC Tpm::SerializeCommand_StartAuthSession( 9084 const TPMI_DH_OBJECT& tpm_key, 9085 const std::string& tpm_key_name, 9086 const TPMI_DH_ENTITY& bind, 9087 const std::string& bind_name, 9088 const TPM2B_NONCE& nonce_caller, 9089 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 9090 const TPM_SE& session_type, 9091 const TPMT_SYM_DEF& symmetric, 9092 const TPMI_ALG_HASH& auth_hash, 9093 std::string* serialized_command, 9094 AuthorizationDelegate* authorization_delegate) { 9095 VLOG(3) << __func__; 9096 TPM_RC rc = TPM_RC_SUCCESS; 9097 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9098 UINT32 command_size = 10; // Header size. 9099 std::string handle_section_bytes; 9100 std::string parameter_section_bytes; 9101 TPM_CC command_code = TPM_CC_StartAuthSession; 9102 bool is_command_parameter_encryption_possible = true; 9103 bool is_response_parameter_encryption_possible = true; 9104 std::string command_code_bytes; 9105 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9106 if (rc != TPM_RC_SUCCESS) { 9107 return rc; 9108 } 9109 std::string tpm_key_bytes; 9110 rc = Serialize_TPMI_DH_OBJECT(tpm_key, &tpm_key_bytes); 9111 if (rc != TPM_RC_SUCCESS) { 9112 return rc; 9113 } 9114 std::string bind_bytes; 9115 rc = Serialize_TPMI_DH_ENTITY(bind, &bind_bytes); 9116 if (rc != TPM_RC_SUCCESS) { 9117 return rc; 9118 } 9119 std::string nonce_caller_bytes; 9120 rc = Serialize_TPM2B_NONCE(nonce_caller, &nonce_caller_bytes); 9121 if (rc != TPM_RC_SUCCESS) { 9122 return rc; 9123 } 9124 std::string encrypted_salt_bytes; 9125 rc = Serialize_TPM2B_ENCRYPTED_SECRET(encrypted_salt, &encrypted_salt_bytes); 9126 if (rc != TPM_RC_SUCCESS) { 9127 return rc; 9128 } 9129 std::string session_type_bytes; 9130 rc = Serialize_TPM_SE(session_type, &session_type_bytes); 9131 if (rc != TPM_RC_SUCCESS) { 9132 return rc; 9133 } 9134 std::string symmetric_bytes; 9135 rc = Serialize_TPMT_SYM_DEF(symmetric, &symmetric_bytes); 9136 if (rc != TPM_RC_SUCCESS) { 9137 return rc; 9138 } 9139 std::string auth_hash_bytes; 9140 rc = Serialize_TPMI_ALG_HASH(auth_hash, &auth_hash_bytes); 9141 if (rc != TPM_RC_SUCCESS) { 9142 return rc; 9143 } 9144 if (authorization_delegate) { 9145 // Encrypt just the parameter data, not the size. 9146 std::string tmp = nonce_caller_bytes.substr(2); 9147 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 9148 return TRUNKS_RC_ENCRYPTION_FAILED; 9149 } 9150 nonce_caller_bytes.replace(2, std::string::npos, tmp); 9151 } 9152 std::unique_ptr<crypto::SecureHash> hash( 9153 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9154 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9155 hash->Update(tpm_key_name.data(), tpm_key_name.size()); 9156 handle_section_bytes += tpm_key_bytes; 9157 command_size += tpm_key_bytes.size(); 9158 hash->Update(bind_name.data(), bind_name.size()); 9159 handle_section_bytes += bind_bytes; 9160 command_size += bind_bytes.size(); 9161 hash->Update(nonce_caller_bytes.data(), nonce_caller_bytes.size()); 9162 parameter_section_bytes += nonce_caller_bytes; 9163 command_size += nonce_caller_bytes.size(); 9164 hash->Update(encrypted_salt_bytes.data(), encrypted_salt_bytes.size()); 9165 parameter_section_bytes += encrypted_salt_bytes; 9166 command_size += encrypted_salt_bytes.size(); 9167 hash->Update(session_type_bytes.data(), session_type_bytes.size()); 9168 parameter_section_bytes += session_type_bytes; 9169 command_size += session_type_bytes.size(); 9170 hash->Update(symmetric_bytes.data(), symmetric_bytes.size()); 9171 parameter_section_bytes += symmetric_bytes; 9172 command_size += symmetric_bytes.size(); 9173 hash->Update(auth_hash_bytes.data(), auth_hash_bytes.size()); 9174 parameter_section_bytes += auth_hash_bytes; 9175 command_size += auth_hash_bytes.size(); 9176 std::string command_hash(32, 0); 9177 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9178 std::string authorization_section_bytes; 9179 std::string authorization_size_bytes; 9180 if (authorization_delegate) { 9181 if (!authorization_delegate->GetCommandAuthorization( 9182 command_hash, is_command_parameter_encryption_possible, 9183 is_response_parameter_encryption_possible, 9184 &authorization_section_bytes)) { 9185 return TRUNKS_RC_AUTHORIZATION_FAILED; 9186 } 9187 if (!authorization_section_bytes.empty()) { 9188 tag = TPM_ST_SESSIONS; 9189 std::string tmp; 9190 rc = Serialize_UINT32(authorization_section_bytes.size(), 9191 &authorization_size_bytes); 9192 if (rc != TPM_RC_SUCCESS) { 9193 return rc; 9194 } 9195 command_size += 9196 authorization_size_bytes.size() + authorization_section_bytes.size(); 9197 } 9198 } 9199 std::string tag_bytes; 9200 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 9201 if (rc != TPM_RC_SUCCESS) { 9202 return rc; 9203 } 9204 std::string command_size_bytes; 9205 rc = Serialize_UINT32(command_size, &command_size_bytes); 9206 if (rc != TPM_RC_SUCCESS) { 9207 return rc; 9208 } 9209 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 9210 handle_section_bytes + authorization_size_bytes + 9211 authorization_section_bytes + parameter_section_bytes; 9212 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9213 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9214 serialized_command->size()); 9215 return TPM_RC_SUCCESS; 9216 } 9217 9218 TPM_RC Tpm::ParseResponse_StartAuthSession( 9219 const std::string& response, 9220 TPMI_SH_AUTH_SESSION* session_handle, 9221 TPM2B_NONCE* nonce_tpm, 9222 AuthorizationDelegate* authorization_delegate) { 9223 VLOG(3) << __func__; 9224 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9225 TPM_RC rc = TPM_RC_SUCCESS; 9226 std::string buffer(response); 9227 TPM_ST tag; 9228 std::string tag_bytes; 9229 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 9230 if (rc != TPM_RC_SUCCESS) { 9231 return rc; 9232 } 9233 UINT32 response_size; 9234 std::string response_size_bytes; 9235 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 9236 if (rc != TPM_RC_SUCCESS) { 9237 return rc; 9238 } 9239 TPM_RC response_code; 9240 std::string response_code_bytes; 9241 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 9242 if (rc != TPM_RC_SUCCESS) { 9243 return rc; 9244 } 9245 if (response_size != response.size()) { 9246 return TPM_RC_SIZE; 9247 } 9248 if (response_code != TPM_RC_SUCCESS) { 9249 return response_code; 9250 } 9251 std::string session_handle_bytes; 9252 rc = Parse_TPMI_SH_AUTH_SESSION(&buffer, session_handle, 9253 &session_handle_bytes); 9254 if (rc != TPM_RC_SUCCESS) { 9255 return rc; 9256 } 9257 TPM_CC command_code = TPM_CC_StartAuthSession; 9258 std::string command_code_bytes; 9259 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9260 if (rc != TPM_RC_SUCCESS) { 9261 return rc; 9262 } 9263 std::string authorization_section_bytes; 9264 if (tag == TPM_ST_SESSIONS) { 9265 UINT32 parameter_section_size = buffer.size(); 9266 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 9267 if (rc != TPM_RC_SUCCESS) { 9268 return rc; 9269 } 9270 if (parameter_section_size > buffer.size()) { 9271 return TPM_RC_INSUFFICIENT; 9272 } 9273 authorization_section_bytes = buffer.substr(parameter_section_size); 9274 // Keep the parameter section in |buffer|. 9275 buffer.erase(parameter_section_size); 9276 } 9277 std::unique_ptr<crypto::SecureHash> hash( 9278 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9279 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 9280 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9281 hash->Update(buffer.data(), buffer.size()); 9282 std::string response_hash(32, 0); 9283 hash->Finish(string_as_array(&response_hash), response_hash.size()); 9284 if (tag == TPM_ST_SESSIONS) { 9285 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9286 if (!authorization_delegate->CheckResponseAuthorization( 9287 response_hash, authorization_section_bytes)) { 9288 return TRUNKS_RC_AUTHORIZATION_FAILED; 9289 } 9290 } 9291 std::string nonce_tpm_bytes; 9292 rc = Parse_TPM2B_NONCE(&buffer, nonce_tpm, &nonce_tpm_bytes); 9293 if (rc != TPM_RC_SUCCESS) { 9294 return rc; 9295 } 9296 if (tag == TPM_ST_SESSIONS) { 9297 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9298 // Decrypt just the parameter data, not the size. 9299 std::string tmp = nonce_tpm_bytes.substr(2); 9300 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 9301 return TRUNKS_RC_ENCRYPTION_FAILED; 9302 } 9303 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 9304 rc = Parse_TPM2B_NONCE(&nonce_tpm_bytes, nonce_tpm, nullptr); 9305 if (rc != TPM_RC_SUCCESS) { 9306 return rc; 9307 } 9308 } 9309 return TPM_RC_SUCCESS; 9310 } 9311 9312 void StartAuthSessionErrorCallback( 9313 const Tpm::StartAuthSessionResponse& callback, 9314 TPM_RC response_code) { 9315 VLOG(1) << __func__; 9316 callback.Run(response_code, TPMI_SH_AUTH_SESSION(), TPM2B_NONCE()); 9317 } 9318 9319 void StartAuthSessionResponseParser( 9320 const Tpm::StartAuthSessionResponse& callback, 9321 AuthorizationDelegate* authorization_delegate, 9322 const std::string& response) { 9323 VLOG(1) << __func__; 9324 base::Callback<void(TPM_RC)> error_reporter = 9325 base::Bind(StartAuthSessionErrorCallback, callback); 9326 TPMI_SH_AUTH_SESSION session_handle; 9327 TPM2B_NONCE nonce_tpm; 9328 TPM_RC rc = Tpm::ParseResponse_StartAuthSession( 9329 response, &session_handle, &nonce_tpm, authorization_delegate); 9330 if (rc != TPM_RC_SUCCESS) { 9331 error_reporter.Run(rc); 9332 return; 9333 } 9334 callback.Run(rc, session_handle, nonce_tpm); 9335 } 9336 9337 void Tpm::StartAuthSession(const TPMI_DH_OBJECT& tpm_key, 9338 const std::string& tpm_key_name, 9339 const TPMI_DH_ENTITY& bind, 9340 const std::string& bind_name, 9341 const TPM2B_NONCE& nonce_caller, 9342 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 9343 const TPM_SE& session_type, 9344 const TPMT_SYM_DEF& symmetric, 9345 const TPMI_ALG_HASH& auth_hash, 9346 AuthorizationDelegate* authorization_delegate, 9347 const StartAuthSessionResponse& callback) { 9348 VLOG(1) << __func__; 9349 base::Callback<void(TPM_RC)> error_reporter = 9350 base::Bind(StartAuthSessionErrorCallback, callback); 9351 base::Callback<void(const std::string&)> parser = base::Bind( 9352 StartAuthSessionResponseParser, callback, authorization_delegate); 9353 std::string command; 9354 TPM_RC rc = SerializeCommand_StartAuthSession( 9355 tpm_key, tpm_key_name, bind, bind_name, nonce_caller, encrypted_salt, 9356 session_type, symmetric, auth_hash, &command, authorization_delegate); 9357 if (rc != TPM_RC_SUCCESS) { 9358 error_reporter.Run(rc); 9359 return; 9360 } 9361 transceiver_->SendCommand(command, parser); 9362 } 9363 9364 TPM_RC Tpm::StartAuthSessionSync( 9365 const TPMI_DH_OBJECT& tpm_key, 9366 const std::string& tpm_key_name, 9367 const TPMI_DH_ENTITY& bind, 9368 const std::string& bind_name, 9369 const TPM2B_NONCE& nonce_caller, 9370 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 9371 const TPM_SE& session_type, 9372 const TPMT_SYM_DEF& symmetric, 9373 const TPMI_ALG_HASH& auth_hash, 9374 TPMI_SH_AUTH_SESSION* session_handle, 9375 TPM2B_NONCE* nonce_tpm, 9376 AuthorizationDelegate* authorization_delegate) { 9377 VLOG(1) << __func__; 9378 std::string command; 9379 TPM_RC rc = SerializeCommand_StartAuthSession( 9380 tpm_key, tpm_key_name, bind, bind_name, nonce_caller, encrypted_salt, 9381 session_type, symmetric, auth_hash, &command, authorization_delegate); 9382 if (rc != TPM_RC_SUCCESS) { 9383 return rc; 9384 } 9385 std::string response = transceiver_->SendCommandAndWait(command); 9386 rc = ParseResponse_StartAuthSession(response, session_handle, nonce_tpm, 9387 authorization_delegate); 9388 return rc; 9389 } 9390 9391 TPM_RC Tpm::SerializeCommand_PolicyRestart( 9392 const TPMI_SH_POLICY& session_handle, 9393 const std::string& session_handle_name, 9394 std::string* serialized_command, 9395 AuthorizationDelegate* authorization_delegate) { 9396 VLOG(3) << __func__; 9397 TPM_RC rc = TPM_RC_SUCCESS; 9398 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9399 UINT32 command_size = 10; // Header size. 9400 std::string handle_section_bytes; 9401 std::string parameter_section_bytes; 9402 TPM_CC command_code = TPM_CC_PolicyRestart; 9403 bool is_command_parameter_encryption_possible = false; 9404 bool is_response_parameter_encryption_possible = false; 9405 std::string command_code_bytes; 9406 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9407 if (rc != TPM_RC_SUCCESS) { 9408 return rc; 9409 } 9410 std::string session_handle_bytes; 9411 rc = Serialize_TPMI_SH_POLICY(session_handle, &session_handle_bytes); 9412 if (rc != TPM_RC_SUCCESS) { 9413 return rc; 9414 } 9415 std::unique_ptr<crypto::SecureHash> hash( 9416 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9417 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9418 hash->Update(session_handle_name.data(), session_handle_name.size()); 9419 handle_section_bytes += session_handle_bytes; 9420 command_size += session_handle_bytes.size(); 9421 std::string command_hash(32, 0); 9422 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9423 std::string authorization_section_bytes; 9424 std::string authorization_size_bytes; 9425 if (authorization_delegate) { 9426 if (!authorization_delegate->GetCommandAuthorization( 9427 command_hash, is_command_parameter_encryption_possible, 9428 is_response_parameter_encryption_possible, 9429 &authorization_section_bytes)) { 9430 return TRUNKS_RC_AUTHORIZATION_FAILED; 9431 } 9432 if (!authorization_section_bytes.empty()) { 9433 tag = TPM_ST_SESSIONS; 9434 std::string tmp; 9435 rc = Serialize_UINT32(authorization_section_bytes.size(), 9436 &authorization_size_bytes); 9437 if (rc != TPM_RC_SUCCESS) { 9438 return rc; 9439 } 9440 command_size += 9441 authorization_size_bytes.size() + authorization_section_bytes.size(); 9442 } 9443 } 9444 std::string tag_bytes; 9445 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 9446 if (rc != TPM_RC_SUCCESS) { 9447 return rc; 9448 } 9449 std::string command_size_bytes; 9450 rc = Serialize_UINT32(command_size, &command_size_bytes); 9451 if (rc != TPM_RC_SUCCESS) { 9452 return rc; 9453 } 9454 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 9455 handle_section_bytes + authorization_size_bytes + 9456 authorization_section_bytes + parameter_section_bytes; 9457 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9458 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9459 serialized_command->size()); 9460 return TPM_RC_SUCCESS; 9461 } 9462 9463 TPM_RC Tpm::ParseResponse_PolicyRestart( 9464 const std::string& response, 9465 AuthorizationDelegate* authorization_delegate) { 9466 VLOG(3) << __func__; 9467 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9468 TPM_RC rc = TPM_RC_SUCCESS; 9469 std::string buffer(response); 9470 TPM_ST tag; 9471 std::string tag_bytes; 9472 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 9473 if (rc != TPM_RC_SUCCESS) { 9474 return rc; 9475 } 9476 UINT32 response_size; 9477 std::string response_size_bytes; 9478 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 9479 if (rc != TPM_RC_SUCCESS) { 9480 return rc; 9481 } 9482 TPM_RC response_code; 9483 std::string response_code_bytes; 9484 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 9485 if (rc != TPM_RC_SUCCESS) { 9486 return rc; 9487 } 9488 if (response_size != response.size()) { 9489 return TPM_RC_SIZE; 9490 } 9491 if (response_code != TPM_RC_SUCCESS) { 9492 return response_code; 9493 } 9494 TPM_CC command_code = TPM_CC_PolicyRestart; 9495 std::string command_code_bytes; 9496 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9497 if (rc != TPM_RC_SUCCESS) { 9498 return rc; 9499 } 9500 std::string authorization_section_bytes; 9501 if (tag == TPM_ST_SESSIONS) { 9502 UINT32 parameter_section_size = buffer.size(); 9503 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 9504 if (rc != TPM_RC_SUCCESS) { 9505 return rc; 9506 } 9507 if (parameter_section_size > buffer.size()) { 9508 return TPM_RC_INSUFFICIENT; 9509 } 9510 authorization_section_bytes = buffer.substr(parameter_section_size); 9511 // Keep the parameter section in |buffer|. 9512 buffer.erase(parameter_section_size); 9513 } 9514 std::unique_ptr<crypto::SecureHash> hash( 9515 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9516 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 9517 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9518 hash->Update(buffer.data(), buffer.size()); 9519 std::string response_hash(32, 0); 9520 hash->Finish(string_as_array(&response_hash), response_hash.size()); 9521 if (tag == TPM_ST_SESSIONS) { 9522 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9523 if (!authorization_delegate->CheckResponseAuthorization( 9524 response_hash, authorization_section_bytes)) { 9525 return TRUNKS_RC_AUTHORIZATION_FAILED; 9526 } 9527 } 9528 return TPM_RC_SUCCESS; 9529 } 9530 9531 void PolicyRestartErrorCallback(const Tpm::PolicyRestartResponse& callback, 9532 TPM_RC response_code) { 9533 VLOG(1) << __func__; 9534 callback.Run(response_code); 9535 } 9536 9537 void PolicyRestartResponseParser(const Tpm::PolicyRestartResponse& callback, 9538 AuthorizationDelegate* authorization_delegate, 9539 const std::string& response) { 9540 VLOG(1) << __func__; 9541 base::Callback<void(TPM_RC)> error_reporter = 9542 base::Bind(PolicyRestartErrorCallback, callback); 9543 TPM_RC rc = 9544 Tpm::ParseResponse_PolicyRestart(response, authorization_delegate); 9545 if (rc != TPM_RC_SUCCESS) { 9546 error_reporter.Run(rc); 9547 return; 9548 } 9549 callback.Run(rc); 9550 } 9551 9552 void Tpm::PolicyRestart(const TPMI_SH_POLICY& session_handle, 9553 const std::string& session_handle_name, 9554 AuthorizationDelegate* authorization_delegate, 9555 const PolicyRestartResponse& callback) { 9556 VLOG(1) << __func__; 9557 base::Callback<void(TPM_RC)> error_reporter = 9558 base::Bind(PolicyRestartErrorCallback, callback); 9559 base::Callback<void(const std::string&)> parser = 9560 base::Bind(PolicyRestartResponseParser, callback, authorization_delegate); 9561 std::string command; 9562 TPM_RC rc = SerializeCommand_PolicyRestart( 9563 session_handle, session_handle_name, &command, authorization_delegate); 9564 if (rc != TPM_RC_SUCCESS) { 9565 error_reporter.Run(rc); 9566 return; 9567 } 9568 transceiver_->SendCommand(command, parser); 9569 } 9570 9571 TPM_RC Tpm::PolicyRestartSync(const TPMI_SH_POLICY& session_handle, 9572 const std::string& session_handle_name, 9573 AuthorizationDelegate* authorization_delegate) { 9574 VLOG(1) << __func__; 9575 std::string command; 9576 TPM_RC rc = SerializeCommand_PolicyRestart( 9577 session_handle, session_handle_name, &command, authorization_delegate); 9578 if (rc != TPM_RC_SUCCESS) { 9579 return rc; 9580 } 9581 std::string response = transceiver_->SendCommandAndWait(command); 9582 rc = ParseResponse_PolicyRestart(response, authorization_delegate); 9583 return rc; 9584 } 9585 9586 TPM_RC Tpm::SerializeCommand_Create( 9587 const TPMI_DH_OBJECT& parent_handle, 9588 const std::string& parent_handle_name, 9589 const TPM2B_SENSITIVE_CREATE& in_sensitive, 9590 const TPM2B_PUBLIC& in_public, 9591 const TPM2B_DATA& outside_info, 9592 const TPML_PCR_SELECTION& creation_pcr, 9593 std::string* serialized_command, 9594 AuthorizationDelegate* authorization_delegate) { 9595 VLOG(3) << __func__; 9596 TPM_RC rc = TPM_RC_SUCCESS; 9597 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9598 UINT32 command_size = 10; // Header size. 9599 std::string handle_section_bytes; 9600 std::string parameter_section_bytes; 9601 TPM_CC command_code = TPM_CC_Create; 9602 bool is_command_parameter_encryption_possible = true; 9603 bool is_response_parameter_encryption_possible = true; 9604 std::string command_code_bytes; 9605 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9606 if (rc != TPM_RC_SUCCESS) { 9607 return rc; 9608 } 9609 std::string parent_handle_bytes; 9610 rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes); 9611 if (rc != TPM_RC_SUCCESS) { 9612 return rc; 9613 } 9614 std::string in_sensitive_bytes; 9615 rc = Serialize_TPM2B_SENSITIVE_CREATE(in_sensitive, &in_sensitive_bytes); 9616 if (rc != TPM_RC_SUCCESS) { 9617 return rc; 9618 } 9619 std::string in_public_bytes; 9620 rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes); 9621 if (rc != TPM_RC_SUCCESS) { 9622 return rc; 9623 } 9624 std::string outside_info_bytes; 9625 rc = Serialize_TPM2B_DATA(outside_info, &outside_info_bytes); 9626 if (rc != TPM_RC_SUCCESS) { 9627 return rc; 9628 } 9629 std::string creation_pcr_bytes; 9630 rc = Serialize_TPML_PCR_SELECTION(creation_pcr, &creation_pcr_bytes); 9631 if (rc != TPM_RC_SUCCESS) { 9632 return rc; 9633 } 9634 if (authorization_delegate) { 9635 // Encrypt just the parameter data, not the size. 9636 std::string tmp = in_sensitive_bytes.substr(2); 9637 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 9638 return TRUNKS_RC_ENCRYPTION_FAILED; 9639 } 9640 in_sensitive_bytes.replace(2, std::string::npos, tmp); 9641 } 9642 std::unique_ptr<crypto::SecureHash> hash( 9643 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9644 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9645 hash->Update(parent_handle_name.data(), parent_handle_name.size()); 9646 handle_section_bytes += parent_handle_bytes; 9647 command_size += parent_handle_bytes.size(); 9648 hash->Update(in_sensitive_bytes.data(), in_sensitive_bytes.size()); 9649 parameter_section_bytes += in_sensitive_bytes; 9650 command_size += in_sensitive_bytes.size(); 9651 hash->Update(in_public_bytes.data(), in_public_bytes.size()); 9652 parameter_section_bytes += in_public_bytes; 9653 command_size += in_public_bytes.size(); 9654 hash->Update(outside_info_bytes.data(), outside_info_bytes.size()); 9655 parameter_section_bytes += outside_info_bytes; 9656 command_size += outside_info_bytes.size(); 9657 hash->Update(creation_pcr_bytes.data(), creation_pcr_bytes.size()); 9658 parameter_section_bytes += creation_pcr_bytes; 9659 command_size += creation_pcr_bytes.size(); 9660 std::string command_hash(32, 0); 9661 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9662 std::string authorization_section_bytes; 9663 std::string authorization_size_bytes; 9664 if (authorization_delegate) { 9665 if (!authorization_delegate->GetCommandAuthorization( 9666 command_hash, is_command_parameter_encryption_possible, 9667 is_response_parameter_encryption_possible, 9668 &authorization_section_bytes)) { 9669 return TRUNKS_RC_AUTHORIZATION_FAILED; 9670 } 9671 if (!authorization_section_bytes.empty()) { 9672 tag = TPM_ST_SESSIONS; 9673 std::string tmp; 9674 rc = Serialize_UINT32(authorization_section_bytes.size(), 9675 &authorization_size_bytes); 9676 if (rc != TPM_RC_SUCCESS) { 9677 return rc; 9678 } 9679 command_size += 9680 authorization_size_bytes.size() + authorization_section_bytes.size(); 9681 } 9682 } 9683 std::string tag_bytes; 9684 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 9685 if (rc != TPM_RC_SUCCESS) { 9686 return rc; 9687 } 9688 std::string command_size_bytes; 9689 rc = Serialize_UINT32(command_size, &command_size_bytes); 9690 if (rc != TPM_RC_SUCCESS) { 9691 return rc; 9692 } 9693 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 9694 handle_section_bytes + authorization_size_bytes + 9695 authorization_section_bytes + parameter_section_bytes; 9696 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9697 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9698 serialized_command->size()); 9699 return TPM_RC_SUCCESS; 9700 } 9701 9702 TPM_RC Tpm::ParseResponse_Create( 9703 const std::string& response, 9704 TPM2B_PRIVATE* out_private, 9705 TPM2B_PUBLIC* out_public, 9706 TPM2B_CREATION_DATA* creation_data, 9707 TPM2B_DIGEST* creation_hash, 9708 TPMT_TK_CREATION* creation_ticket, 9709 AuthorizationDelegate* authorization_delegate) { 9710 VLOG(3) << __func__; 9711 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9712 TPM_RC rc = TPM_RC_SUCCESS; 9713 std::string buffer(response); 9714 TPM_ST tag; 9715 std::string tag_bytes; 9716 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 9717 if (rc != TPM_RC_SUCCESS) { 9718 return rc; 9719 } 9720 UINT32 response_size; 9721 std::string response_size_bytes; 9722 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 9723 if (rc != TPM_RC_SUCCESS) { 9724 return rc; 9725 } 9726 TPM_RC response_code; 9727 std::string response_code_bytes; 9728 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 9729 if (rc != TPM_RC_SUCCESS) { 9730 return rc; 9731 } 9732 if (response_size != response.size()) { 9733 return TPM_RC_SIZE; 9734 } 9735 if (response_code != TPM_RC_SUCCESS) { 9736 return response_code; 9737 } 9738 TPM_CC command_code = TPM_CC_Create; 9739 std::string command_code_bytes; 9740 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9741 if (rc != TPM_RC_SUCCESS) { 9742 return rc; 9743 } 9744 std::string authorization_section_bytes; 9745 if (tag == TPM_ST_SESSIONS) { 9746 UINT32 parameter_section_size = buffer.size(); 9747 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 9748 if (rc != TPM_RC_SUCCESS) { 9749 return rc; 9750 } 9751 if (parameter_section_size > buffer.size()) { 9752 return TPM_RC_INSUFFICIENT; 9753 } 9754 authorization_section_bytes = buffer.substr(parameter_section_size); 9755 // Keep the parameter section in |buffer|. 9756 buffer.erase(parameter_section_size); 9757 } 9758 std::unique_ptr<crypto::SecureHash> hash( 9759 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9760 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 9761 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9762 hash->Update(buffer.data(), buffer.size()); 9763 std::string response_hash(32, 0); 9764 hash->Finish(string_as_array(&response_hash), response_hash.size()); 9765 if (tag == TPM_ST_SESSIONS) { 9766 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9767 if (!authorization_delegate->CheckResponseAuthorization( 9768 response_hash, authorization_section_bytes)) { 9769 return TRUNKS_RC_AUTHORIZATION_FAILED; 9770 } 9771 } 9772 std::string out_private_bytes; 9773 rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes); 9774 if (rc != TPM_RC_SUCCESS) { 9775 return rc; 9776 } 9777 std::string out_public_bytes; 9778 rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes); 9779 if (rc != TPM_RC_SUCCESS) { 9780 return rc; 9781 } 9782 std::string creation_data_bytes; 9783 rc = Parse_TPM2B_CREATION_DATA(&buffer, creation_data, &creation_data_bytes); 9784 if (rc != TPM_RC_SUCCESS) { 9785 return rc; 9786 } 9787 std::string creation_hash_bytes; 9788 rc = Parse_TPM2B_DIGEST(&buffer, creation_hash, &creation_hash_bytes); 9789 if (rc != TPM_RC_SUCCESS) { 9790 return rc; 9791 } 9792 std::string creation_ticket_bytes; 9793 rc = Parse_TPMT_TK_CREATION(&buffer, creation_ticket, &creation_ticket_bytes); 9794 if (rc != TPM_RC_SUCCESS) { 9795 return rc; 9796 } 9797 if (tag == TPM_ST_SESSIONS) { 9798 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9799 // Decrypt just the parameter data, not the size. 9800 std::string tmp = out_private_bytes.substr(2); 9801 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 9802 return TRUNKS_RC_ENCRYPTION_FAILED; 9803 } 9804 out_private_bytes.replace(2, std::string::npos, tmp); 9805 rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr); 9806 if (rc != TPM_RC_SUCCESS) { 9807 return rc; 9808 } 9809 } 9810 return TPM_RC_SUCCESS; 9811 } 9812 9813 void CreateErrorCallback(const Tpm::CreateResponse& callback, 9814 TPM_RC response_code) { 9815 VLOG(1) << __func__; 9816 callback.Run(response_code, TPM2B_PRIVATE(), TPM2B_PUBLIC(), 9817 TPM2B_CREATION_DATA(), TPM2B_DIGEST(), TPMT_TK_CREATION()); 9818 } 9819 9820 void CreateResponseParser(const Tpm::CreateResponse& callback, 9821 AuthorizationDelegate* authorization_delegate, 9822 const std::string& response) { 9823 VLOG(1) << __func__; 9824 base::Callback<void(TPM_RC)> error_reporter = 9825 base::Bind(CreateErrorCallback, callback); 9826 TPM2B_PRIVATE out_private; 9827 TPM2B_PUBLIC out_public; 9828 TPM2B_CREATION_DATA creation_data; 9829 TPM2B_DIGEST creation_hash; 9830 TPMT_TK_CREATION creation_ticket; 9831 TPM_RC rc = Tpm::ParseResponse_Create( 9832 response, &out_private, &out_public, &creation_data, &creation_hash, 9833 &creation_ticket, authorization_delegate); 9834 if (rc != TPM_RC_SUCCESS) { 9835 error_reporter.Run(rc); 9836 return; 9837 } 9838 callback.Run(rc, out_private, out_public, creation_data, creation_hash, 9839 creation_ticket); 9840 } 9841 9842 void Tpm::Create(const TPMI_DH_OBJECT& parent_handle, 9843 const std::string& parent_handle_name, 9844 const TPM2B_SENSITIVE_CREATE& in_sensitive, 9845 const TPM2B_PUBLIC& in_public, 9846 const TPM2B_DATA& outside_info, 9847 const TPML_PCR_SELECTION& creation_pcr, 9848 AuthorizationDelegate* authorization_delegate, 9849 const CreateResponse& callback) { 9850 VLOG(1) << __func__; 9851 base::Callback<void(TPM_RC)> error_reporter = 9852 base::Bind(CreateErrorCallback, callback); 9853 base::Callback<void(const std::string&)> parser = 9854 base::Bind(CreateResponseParser, callback, authorization_delegate); 9855 std::string command; 9856 TPM_RC rc = SerializeCommand_Create( 9857 parent_handle, parent_handle_name, in_sensitive, in_public, outside_info, 9858 creation_pcr, &command, authorization_delegate); 9859 if (rc != TPM_RC_SUCCESS) { 9860 error_reporter.Run(rc); 9861 return; 9862 } 9863 transceiver_->SendCommand(command, parser); 9864 } 9865 9866 TPM_RC Tpm::CreateSync(const TPMI_DH_OBJECT& parent_handle, 9867 const std::string& parent_handle_name, 9868 const TPM2B_SENSITIVE_CREATE& in_sensitive, 9869 const TPM2B_PUBLIC& in_public, 9870 const TPM2B_DATA& outside_info, 9871 const TPML_PCR_SELECTION& creation_pcr, 9872 TPM2B_PRIVATE* out_private, 9873 TPM2B_PUBLIC* out_public, 9874 TPM2B_CREATION_DATA* creation_data, 9875 TPM2B_DIGEST* creation_hash, 9876 TPMT_TK_CREATION* creation_ticket, 9877 AuthorizationDelegate* authorization_delegate) { 9878 VLOG(1) << __func__; 9879 std::string command; 9880 TPM_RC rc = SerializeCommand_Create( 9881 parent_handle, parent_handle_name, in_sensitive, in_public, outside_info, 9882 creation_pcr, &command, authorization_delegate); 9883 if (rc != TPM_RC_SUCCESS) { 9884 return rc; 9885 } 9886 std::string response = transceiver_->SendCommandAndWait(command); 9887 rc = ParseResponse_Create(response, out_private, out_public, creation_data, 9888 creation_hash, creation_ticket, 9889 authorization_delegate); 9890 return rc; 9891 } 9892 9893 TPM_RC Tpm::SerializeCommand_Load( 9894 const TPMI_DH_OBJECT& parent_handle, 9895 const std::string& parent_handle_name, 9896 const TPM2B_PRIVATE& in_private, 9897 const TPM2B_PUBLIC& in_public, 9898 std::string* serialized_command, 9899 AuthorizationDelegate* authorization_delegate) { 9900 VLOG(3) << __func__; 9901 TPM_RC rc = TPM_RC_SUCCESS; 9902 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9903 UINT32 command_size = 10; // Header size. 9904 std::string handle_section_bytes; 9905 std::string parameter_section_bytes; 9906 TPM_CC command_code = TPM_CC_Load; 9907 bool is_command_parameter_encryption_possible = true; 9908 bool is_response_parameter_encryption_possible = true; 9909 std::string command_code_bytes; 9910 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 9911 if (rc != TPM_RC_SUCCESS) { 9912 return rc; 9913 } 9914 std::string parent_handle_bytes; 9915 rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes); 9916 if (rc != TPM_RC_SUCCESS) { 9917 return rc; 9918 } 9919 std::string in_private_bytes; 9920 rc = Serialize_TPM2B_PRIVATE(in_private, &in_private_bytes); 9921 if (rc != TPM_RC_SUCCESS) { 9922 return rc; 9923 } 9924 std::string in_public_bytes; 9925 rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes); 9926 if (rc != TPM_RC_SUCCESS) { 9927 return rc; 9928 } 9929 if (authorization_delegate) { 9930 // Encrypt just the parameter data, not the size. 9931 std::string tmp = in_private_bytes.substr(2); 9932 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 9933 return TRUNKS_RC_ENCRYPTION_FAILED; 9934 } 9935 in_private_bytes.replace(2, std::string::npos, tmp); 9936 } 9937 std::unique_ptr<crypto::SecureHash> hash( 9938 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 9939 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 9940 hash->Update(parent_handle_name.data(), parent_handle_name.size()); 9941 handle_section_bytes += parent_handle_bytes; 9942 command_size += parent_handle_bytes.size(); 9943 hash->Update(in_private_bytes.data(), in_private_bytes.size()); 9944 parameter_section_bytes += in_private_bytes; 9945 command_size += in_private_bytes.size(); 9946 hash->Update(in_public_bytes.data(), in_public_bytes.size()); 9947 parameter_section_bytes += in_public_bytes; 9948 command_size += in_public_bytes.size(); 9949 std::string command_hash(32, 0); 9950 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9951 std::string authorization_section_bytes; 9952 std::string authorization_size_bytes; 9953 if (authorization_delegate) { 9954 if (!authorization_delegate->GetCommandAuthorization( 9955 command_hash, is_command_parameter_encryption_possible, 9956 is_response_parameter_encryption_possible, 9957 &authorization_section_bytes)) { 9958 return TRUNKS_RC_AUTHORIZATION_FAILED; 9959 } 9960 if (!authorization_section_bytes.empty()) { 9961 tag = TPM_ST_SESSIONS; 9962 std::string tmp; 9963 rc = Serialize_UINT32(authorization_section_bytes.size(), 9964 &authorization_size_bytes); 9965 if (rc != TPM_RC_SUCCESS) { 9966 return rc; 9967 } 9968 command_size += 9969 authorization_size_bytes.size() + authorization_section_bytes.size(); 9970 } 9971 } 9972 std::string tag_bytes; 9973 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 9974 if (rc != TPM_RC_SUCCESS) { 9975 return rc; 9976 } 9977 std::string command_size_bytes; 9978 rc = Serialize_UINT32(command_size, &command_size_bytes); 9979 if (rc != TPM_RC_SUCCESS) { 9980 return rc; 9981 } 9982 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 9983 handle_section_bytes + authorization_size_bytes + 9984 authorization_section_bytes + parameter_section_bytes; 9985 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9986 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9987 serialized_command->size()); 9988 return TPM_RC_SUCCESS; 9989 } 9990 9991 TPM_RC Tpm::ParseResponse_Load(const std::string& response, 9992 TPM_HANDLE* object_handle, 9993 TPM2B_NAME* name, 9994 AuthorizationDelegate* authorization_delegate) { 9995 VLOG(3) << __func__; 9996 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9997 TPM_RC rc = TPM_RC_SUCCESS; 9998 std::string buffer(response); 9999 TPM_ST tag; 10000 std::string tag_bytes; 10001 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 10002 if (rc != TPM_RC_SUCCESS) { 10003 return rc; 10004 } 10005 UINT32 response_size; 10006 std::string response_size_bytes; 10007 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 10008 if (rc != TPM_RC_SUCCESS) { 10009 return rc; 10010 } 10011 TPM_RC response_code; 10012 std::string response_code_bytes; 10013 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 10014 if (rc != TPM_RC_SUCCESS) { 10015 return rc; 10016 } 10017 if (response_size != response.size()) { 10018 return TPM_RC_SIZE; 10019 } 10020 if (response_code != TPM_RC_SUCCESS) { 10021 return response_code; 10022 } 10023 std::string object_handle_bytes; 10024 rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes); 10025 if (rc != TPM_RC_SUCCESS) { 10026 return rc; 10027 } 10028 TPM_CC command_code = TPM_CC_Load; 10029 std::string command_code_bytes; 10030 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10031 if (rc != TPM_RC_SUCCESS) { 10032 return rc; 10033 } 10034 std::string authorization_section_bytes; 10035 if (tag == TPM_ST_SESSIONS) { 10036 UINT32 parameter_section_size = buffer.size(); 10037 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10038 if (rc != TPM_RC_SUCCESS) { 10039 return rc; 10040 } 10041 if (parameter_section_size > buffer.size()) { 10042 return TPM_RC_INSUFFICIENT; 10043 } 10044 authorization_section_bytes = buffer.substr(parameter_section_size); 10045 // Keep the parameter section in |buffer|. 10046 buffer.erase(parameter_section_size); 10047 } 10048 std::unique_ptr<crypto::SecureHash> hash( 10049 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10050 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 10051 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10052 hash->Update(buffer.data(), buffer.size()); 10053 std::string response_hash(32, 0); 10054 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10055 if (tag == TPM_ST_SESSIONS) { 10056 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10057 if (!authorization_delegate->CheckResponseAuthorization( 10058 response_hash, authorization_section_bytes)) { 10059 return TRUNKS_RC_AUTHORIZATION_FAILED; 10060 } 10061 } 10062 std::string name_bytes; 10063 rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes); 10064 if (rc != TPM_RC_SUCCESS) { 10065 return rc; 10066 } 10067 if (tag == TPM_ST_SESSIONS) { 10068 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10069 // Decrypt just the parameter data, not the size. 10070 std::string tmp = name_bytes.substr(2); 10071 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10072 return TRUNKS_RC_ENCRYPTION_FAILED; 10073 } 10074 name_bytes.replace(2, std::string::npos, tmp); 10075 rc = Parse_TPM2B_NAME(&name_bytes, name, nullptr); 10076 if (rc != TPM_RC_SUCCESS) { 10077 return rc; 10078 } 10079 } 10080 return TPM_RC_SUCCESS; 10081 } 10082 10083 void LoadErrorCallback(const Tpm::LoadResponse& callback, 10084 TPM_RC response_code) { 10085 VLOG(1) << __func__; 10086 callback.Run(response_code, TPM_HANDLE(), TPM2B_NAME()); 10087 } 10088 10089 void LoadResponseParser(const Tpm::LoadResponse& callback, 10090 AuthorizationDelegate* authorization_delegate, 10091 const std::string& response) { 10092 VLOG(1) << __func__; 10093 base::Callback<void(TPM_RC)> error_reporter = 10094 base::Bind(LoadErrorCallback, callback); 10095 TPM_HANDLE object_handle; 10096 TPM2B_NAME name; 10097 TPM_RC rc = Tpm::ParseResponse_Load(response, &object_handle, &name, 10098 authorization_delegate); 10099 if (rc != TPM_RC_SUCCESS) { 10100 error_reporter.Run(rc); 10101 return; 10102 } 10103 callback.Run(rc, object_handle, name); 10104 } 10105 10106 void Tpm::Load(const TPMI_DH_OBJECT& parent_handle, 10107 const std::string& parent_handle_name, 10108 const TPM2B_PRIVATE& in_private, 10109 const TPM2B_PUBLIC& in_public, 10110 AuthorizationDelegate* authorization_delegate, 10111 const LoadResponse& callback) { 10112 VLOG(1) << __func__; 10113 base::Callback<void(TPM_RC)> error_reporter = 10114 base::Bind(LoadErrorCallback, callback); 10115 base::Callback<void(const std::string&)> parser = 10116 base::Bind(LoadResponseParser, callback, authorization_delegate); 10117 std::string command; 10118 TPM_RC rc = 10119 SerializeCommand_Load(parent_handle, parent_handle_name, in_private, 10120 in_public, &command, authorization_delegate); 10121 if (rc != TPM_RC_SUCCESS) { 10122 error_reporter.Run(rc); 10123 return; 10124 } 10125 transceiver_->SendCommand(command, parser); 10126 } 10127 10128 TPM_RC Tpm::LoadSync(const TPMI_DH_OBJECT& parent_handle, 10129 const std::string& parent_handle_name, 10130 const TPM2B_PRIVATE& in_private, 10131 const TPM2B_PUBLIC& in_public, 10132 TPM_HANDLE* object_handle, 10133 TPM2B_NAME* name, 10134 AuthorizationDelegate* authorization_delegate) { 10135 VLOG(1) << __func__; 10136 std::string command; 10137 TPM_RC rc = 10138 SerializeCommand_Load(parent_handle, parent_handle_name, in_private, 10139 in_public, &command, authorization_delegate); 10140 if (rc != TPM_RC_SUCCESS) { 10141 return rc; 10142 } 10143 std::string response = transceiver_->SendCommandAndWait(command); 10144 rc = 10145 ParseResponse_Load(response, object_handle, name, authorization_delegate); 10146 return rc; 10147 } 10148 10149 TPM_RC Tpm::SerializeCommand_LoadExternal( 10150 const TPM2B_SENSITIVE& in_private, 10151 const TPM2B_PUBLIC& in_public, 10152 const TPMI_RH_HIERARCHY& hierarchy, 10153 std::string* serialized_command, 10154 AuthorizationDelegate* authorization_delegate) { 10155 VLOG(3) << __func__; 10156 TPM_RC rc = TPM_RC_SUCCESS; 10157 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10158 UINT32 command_size = 10; // Header size. 10159 std::string handle_section_bytes; 10160 std::string parameter_section_bytes; 10161 TPM_CC command_code = TPM_CC_LoadExternal; 10162 bool is_command_parameter_encryption_possible = true; 10163 bool is_response_parameter_encryption_possible = true; 10164 std::string command_code_bytes; 10165 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10166 if (rc != TPM_RC_SUCCESS) { 10167 return rc; 10168 } 10169 std::string in_private_bytes; 10170 rc = Serialize_TPM2B_SENSITIVE(in_private, &in_private_bytes); 10171 if (rc != TPM_RC_SUCCESS) { 10172 return rc; 10173 } 10174 std::string in_public_bytes; 10175 rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes); 10176 if (rc != TPM_RC_SUCCESS) { 10177 return rc; 10178 } 10179 std::string hierarchy_bytes; 10180 rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes); 10181 if (rc != TPM_RC_SUCCESS) { 10182 return rc; 10183 } 10184 if (authorization_delegate) { 10185 // Encrypt just the parameter data, not the size. 10186 std::string tmp = in_private_bytes.substr(2); 10187 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 10188 return TRUNKS_RC_ENCRYPTION_FAILED; 10189 } 10190 in_private_bytes.replace(2, std::string::npos, tmp); 10191 } 10192 std::unique_ptr<crypto::SecureHash> hash( 10193 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10194 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10195 hash->Update(in_private_bytes.data(), in_private_bytes.size()); 10196 parameter_section_bytes += in_private_bytes; 10197 command_size += in_private_bytes.size(); 10198 hash->Update(in_public_bytes.data(), in_public_bytes.size()); 10199 parameter_section_bytes += in_public_bytes; 10200 command_size += in_public_bytes.size(); 10201 hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size()); 10202 parameter_section_bytes += hierarchy_bytes; 10203 command_size += hierarchy_bytes.size(); 10204 std::string command_hash(32, 0); 10205 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10206 std::string authorization_section_bytes; 10207 std::string authorization_size_bytes; 10208 if (authorization_delegate) { 10209 if (!authorization_delegate->GetCommandAuthorization( 10210 command_hash, is_command_parameter_encryption_possible, 10211 is_response_parameter_encryption_possible, 10212 &authorization_section_bytes)) { 10213 return TRUNKS_RC_AUTHORIZATION_FAILED; 10214 } 10215 if (!authorization_section_bytes.empty()) { 10216 tag = TPM_ST_SESSIONS; 10217 std::string tmp; 10218 rc = Serialize_UINT32(authorization_section_bytes.size(), 10219 &authorization_size_bytes); 10220 if (rc != TPM_RC_SUCCESS) { 10221 return rc; 10222 } 10223 command_size += 10224 authorization_size_bytes.size() + authorization_section_bytes.size(); 10225 } 10226 } 10227 std::string tag_bytes; 10228 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 10229 if (rc != TPM_RC_SUCCESS) { 10230 return rc; 10231 } 10232 std::string command_size_bytes; 10233 rc = Serialize_UINT32(command_size, &command_size_bytes); 10234 if (rc != TPM_RC_SUCCESS) { 10235 return rc; 10236 } 10237 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 10238 handle_section_bytes + authorization_size_bytes + 10239 authorization_section_bytes + parameter_section_bytes; 10240 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10241 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10242 serialized_command->size()); 10243 return TPM_RC_SUCCESS; 10244 } 10245 10246 TPM_RC Tpm::ParseResponse_LoadExternal( 10247 const std::string& response, 10248 TPM_HANDLE* object_handle, 10249 TPM2B_NAME* name, 10250 AuthorizationDelegate* authorization_delegate) { 10251 VLOG(3) << __func__; 10252 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10253 TPM_RC rc = TPM_RC_SUCCESS; 10254 std::string buffer(response); 10255 TPM_ST tag; 10256 std::string tag_bytes; 10257 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 10258 if (rc != TPM_RC_SUCCESS) { 10259 return rc; 10260 } 10261 UINT32 response_size; 10262 std::string response_size_bytes; 10263 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 10264 if (rc != TPM_RC_SUCCESS) { 10265 return rc; 10266 } 10267 TPM_RC response_code; 10268 std::string response_code_bytes; 10269 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 10270 if (rc != TPM_RC_SUCCESS) { 10271 return rc; 10272 } 10273 if (response_size != response.size()) { 10274 return TPM_RC_SIZE; 10275 } 10276 if (response_code != TPM_RC_SUCCESS) { 10277 return response_code; 10278 } 10279 std::string object_handle_bytes; 10280 rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes); 10281 if (rc != TPM_RC_SUCCESS) { 10282 return rc; 10283 } 10284 TPM_CC command_code = TPM_CC_LoadExternal; 10285 std::string command_code_bytes; 10286 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10287 if (rc != TPM_RC_SUCCESS) { 10288 return rc; 10289 } 10290 std::string authorization_section_bytes; 10291 if (tag == TPM_ST_SESSIONS) { 10292 UINT32 parameter_section_size = buffer.size(); 10293 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10294 if (rc != TPM_RC_SUCCESS) { 10295 return rc; 10296 } 10297 if (parameter_section_size > buffer.size()) { 10298 return TPM_RC_INSUFFICIENT; 10299 } 10300 authorization_section_bytes = buffer.substr(parameter_section_size); 10301 // Keep the parameter section in |buffer|. 10302 buffer.erase(parameter_section_size); 10303 } 10304 std::unique_ptr<crypto::SecureHash> hash( 10305 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10306 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 10307 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10308 hash->Update(buffer.data(), buffer.size()); 10309 std::string response_hash(32, 0); 10310 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10311 if (tag == TPM_ST_SESSIONS) { 10312 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10313 if (!authorization_delegate->CheckResponseAuthorization( 10314 response_hash, authorization_section_bytes)) { 10315 return TRUNKS_RC_AUTHORIZATION_FAILED; 10316 } 10317 } 10318 std::string name_bytes; 10319 rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes); 10320 if (rc != TPM_RC_SUCCESS) { 10321 return rc; 10322 } 10323 if (tag == TPM_ST_SESSIONS) { 10324 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10325 // Decrypt just the parameter data, not the size. 10326 std::string tmp = name_bytes.substr(2); 10327 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10328 return TRUNKS_RC_ENCRYPTION_FAILED; 10329 } 10330 name_bytes.replace(2, std::string::npos, tmp); 10331 rc = Parse_TPM2B_NAME(&name_bytes, name, nullptr); 10332 if (rc != TPM_RC_SUCCESS) { 10333 return rc; 10334 } 10335 } 10336 return TPM_RC_SUCCESS; 10337 } 10338 10339 void LoadExternalErrorCallback(const Tpm::LoadExternalResponse& callback, 10340 TPM_RC response_code) { 10341 VLOG(1) << __func__; 10342 callback.Run(response_code, TPM_HANDLE(), TPM2B_NAME()); 10343 } 10344 10345 void LoadExternalResponseParser(const Tpm::LoadExternalResponse& callback, 10346 AuthorizationDelegate* authorization_delegate, 10347 const std::string& response) { 10348 VLOG(1) << __func__; 10349 base::Callback<void(TPM_RC)> error_reporter = 10350 base::Bind(LoadExternalErrorCallback, callback); 10351 TPM_HANDLE object_handle; 10352 TPM2B_NAME name; 10353 TPM_RC rc = Tpm::ParseResponse_LoadExternal(response, &object_handle, &name, 10354 authorization_delegate); 10355 if (rc != TPM_RC_SUCCESS) { 10356 error_reporter.Run(rc); 10357 return; 10358 } 10359 callback.Run(rc, object_handle, name); 10360 } 10361 10362 void Tpm::LoadExternal(const TPM2B_SENSITIVE& in_private, 10363 const TPM2B_PUBLIC& in_public, 10364 const TPMI_RH_HIERARCHY& hierarchy, 10365 AuthorizationDelegate* authorization_delegate, 10366 const LoadExternalResponse& callback) { 10367 VLOG(1) << __func__; 10368 base::Callback<void(TPM_RC)> error_reporter = 10369 base::Bind(LoadExternalErrorCallback, callback); 10370 base::Callback<void(const std::string&)> parser = 10371 base::Bind(LoadExternalResponseParser, callback, authorization_delegate); 10372 std::string command; 10373 TPM_RC rc = SerializeCommand_LoadExternal(in_private, in_public, hierarchy, 10374 &command, authorization_delegate); 10375 if (rc != TPM_RC_SUCCESS) { 10376 error_reporter.Run(rc); 10377 return; 10378 } 10379 transceiver_->SendCommand(command, parser); 10380 } 10381 10382 TPM_RC Tpm::LoadExternalSync(const TPM2B_SENSITIVE& in_private, 10383 const TPM2B_PUBLIC& in_public, 10384 const TPMI_RH_HIERARCHY& hierarchy, 10385 TPM_HANDLE* object_handle, 10386 TPM2B_NAME* name, 10387 AuthorizationDelegate* authorization_delegate) { 10388 VLOG(1) << __func__; 10389 std::string command; 10390 TPM_RC rc = SerializeCommand_LoadExternal(in_private, in_public, hierarchy, 10391 &command, authorization_delegate); 10392 if (rc != TPM_RC_SUCCESS) { 10393 return rc; 10394 } 10395 std::string response = transceiver_->SendCommandAndWait(command); 10396 rc = ParseResponse_LoadExternal(response, object_handle, name, 10397 authorization_delegate); 10398 return rc; 10399 } 10400 10401 TPM_RC Tpm::SerializeCommand_ReadPublic( 10402 const TPMI_DH_OBJECT& object_handle, 10403 const std::string& object_handle_name, 10404 std::string* serialized_command, 10405 AuthorizationDelegate* authorization_delegate) { 10406 VLOG(3) << __func__; 10407 TPM_RC rc = TPM_RC_SUCCESS; 10408 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10409 UINT32 command_size = 10; // Header size. 10410 std::string handle_section_bytes; 10411 std::string parameter_section_bytes; 10412 TPM_CC command_code = TPM_CC_ReadPublic; 10413 bool is_command_parameter_encryption_possible = false; 10414 bool is_response_parameter_encryption_possible = true; 10415 std::string command_code_bytes; 10416 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10417 if (rc != TPM_RC_SUCCESS) { 10418 return rc; 10419 } 10420 std::string object_handle_bytes; 10421 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 10422 if (rc != TPM_RC_SUCCESS) { 10423 return rc; 10424 } 10425 std::unique_ptr<crypto::SecureHash> hash( 10426 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10427 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10428 hash->Update(object_handle_name.data(), object_handle_name.size()); 10429 handle_section_bytes += object_handle_bytes; 10430 command_size += object_handle_bytes.size(); 10431 std::string command_hash(32, 0); 10432 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10433 std::string authorization_section_bytes; 10434 std::string authorization_size_bytes; 10435 if (authorization_delegate) { 10436 if (!authorization_delegate->GetCommandAuthorization( 10437 command_hash, is_command_parameter_encryption_possible, 10438 is_response_parameter_encryption_possible, 10439 &authorization_section_bytes)) { 10440 return TRUNKS_RC_AUTHORIZATION_FAILED; 10441 } 10442 if (!authorization_section_bytes.empty()) { 10443 tag = TPM_ST_SESSIONS; 10444 std::string tmp; 10445 rc = Serialize_UINT32(authorization_section_bytes.size(), 10446 &authorization_size_bytes); 10447 if (rc != TPM_RC_SUCCESS) { 10448 return rc; 10449 } 10450 command_size += 10451 authorization_size_bytes.size() + authorization_section_bytes.size(); 10452 } 10453 } 10454 std::string tag_bytes; 10455 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 10456 if (rc != TPM_RC_SUCCESS) { 10457 return rc; 10458 } 10459 std::string command_size_bytes; 10460 rc = Serialize_UINT32(command_size, &command_size_bytes); 10461 if (rc != TPM_RC_SUCCESS) { 10462 return rc; 10463 } 10464 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 10465 handle_section_bytes + authorization_size_bytes + 10466 authorization_section_bytes + parameter_section_bytes; 10467 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10468 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10469 serialized_command->size()); 10470 return TPM_RC_SUCCESS; 10471 } 10472 10473 TPM_RC Tpm::ParseResponse_ReadPublic( 10474 const std::string& response, 10475 TPM2B_PUBLIC* out_public, 10476 TPM2B_NAME* name, 10477 TPM2B_NAME* qualified_name, 10478 AuthorizationDelegate* authorization_delegate) { 10479 VLOG(3) << __func__; 10480 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10481 TPM_RC rc = TPM_RC_SUCCESS; 10482 std::string buffer(response); 10483 TPM_ST tag; 10484 std::string tag_bytes; 10485 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 10486 if (rc != TPM_RC_SUCCESS) { 10487 return rc; 10488 } 10489 UINT32 response_size; 10490 std::string response_size_bytes; 10491 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 10492 if (rc != TPM_RC_SUCCESS) { 10493 return rc; 10494 } 10495 TPM_RC response_code; 10496 std::string response_code_bytes; 10497 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 10498 if (rc != TPM_RC_SUCCESS) { 10499 return rc; 10500 } 10501 if (response_size != response.size()) { 10502 return TPM_RC_SIZE; 10503 } 10504 if (response_code != TPM_RC_SUCCESS) { 10505 return response_code; 10506 } 10507 TPM_CC command_code = TPM_CC_ReadPublic; 10508 std::string command_code_bytes; 10509 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10510 if (rc != TPM_RC_SUCCESS) { 10511 return rc; 10512 } 10513 std::string authorization_section_bytes; 10514 if (tag == TPM_ST_SESSIONS) { 10515 UINT32 parameter_section_size = buffer.size(); 10516 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10517 if (rc != TPM_RC_SUCCESS) { 10518 return rc; 10519 } 10520 if (parameter_section_size > buffer.size()) { 10521 return TPM_RC_INSUFFICIENT; 10522 } 10523 authorization_section_bytes = buffer.substr(parameter_section_size); 10524 // Keep the parameter section in |buffer|. 10525 buffer.erase(parameter_section_size); 10526 } 10527 std::unique_ptr<crypto::SecureHash> hash( 10528 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10529 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 10530 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10531 hash->Update(buffer.data(), buffer.size()); 10532 std::string response_hash(32, 0); 10533 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10534 if (tag == TPM_ST_SESSIONS) { 10535 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10536 if (!authorization_delegate->CheckResponseAuthorization( 10537 response_hash, authorization_section_bytes)) { 10538 return TRUNKS_RC_AUTHORIZATION_FAILED; 10539 } 10540 } 10541 std::string out_public_bytes; 10542 rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes); 10543 if (rc != TPM_RC_SUCCESS) { 10544 return rc; 10545 } 10546 std::string name_bytes; 10547 rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes); 10548 if (rc != TPM_RC_SUCCESS) { 10549 return rc; 10550 } 10551 std::string qualified_name_bytes; 10552 rc = Parse_TPM2B_NAME(&buffer, qualified_name, &qualified_name_bytes); 10553 if (rc != TPM_RC_SUCCESS) { 10554 return rc; 10555 } 10556 if (tag == TPM_ST_SESSIONS) { 10557 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10558 // Decrypt just the parameter data, not the size. 10559 std::string tmp = out_public_bytes.substr(2); 10560 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10561 return TRUNKS_RC_ENCRYPTION_FAILED; 10562 } 10563 out_public_bytes.replace(2, std::string::npos, tmp); 10564 rc = Parse_TPM2B_PUBLIC(&out_public_bytes, out_public, nullptr); 10565 if (rc != TPM_RC_SUCCESS) { 10566 return rc; 10567 } 10568 } 10569 return TPM_RC_SUCCESS; 10570 } 10571 10572 void ReadPublicErrorCallback(const Tpm::ReadPublicResponse& callback, 10573 TPM_RC response_code) { 10574 VLOG(1) << __func__; 10575 callback.Run(response_code, TPM2B_PUBLIC(), TPM2B_NAME(), TPM2B_NAME()); 10576 } 10577 10578 void ReadPublicResponseParser(const Tpm::ReadPublicResponse& callback, 10579 AuthorizationDelegate* authorization_delegate, 10580 const std::string& response) { 10581 VLOG(1) << __func__; 10582 base::Callback<void(TPM_RC)> error_reporter = 10583 base::Bind(ReadPublicErrorCallback, callback); 10584 TPM2B_PUBLIC out_public; 10585 TPM2B_NAME name; 10586 TPM2B_NAME qualified_name; 10587 TPM_RC rc = Tpm::ParseResponse_ReadPublic( 10588 response, &out_public, &name, &qualified_name, authorization_delegate); 10589 if (rc != TPM_RC_SUCCESS) { 10590 error_reporter.Run(rc); 10591 return; 10592 } 10593 callback.Run(rc, out_public, name, qualified_name); 10594 } 10595 10596 void Tpm::ReadPublic(const TPMI_DH_OBJECT& object_handle, 10597 const std::string& object_handle_name, 10598 AuthorizationDelegate* authorization_delegate, 10599 const ReadPublicResponse& callback) { 10600 VLOG(1) << __func__; 10601 base::Callback<void(TPM_RC)> error_reporter = 10602 base::Bind(ReadPublicErrorCallback, callback); 10603 base::Callback<void(const std::string&)> parser = 10604 base::Bind(ReadPublicResponseParser, callback, authorization_delegate); 10605 std::string command; 10606 TPM_RC rc = SerializeCommand_ReadPublic(object_handle, object_handle_name, 10607 &command, authorization_delegate); 10608 if (rc != TPM_RC_SUCCESS) { 10609 error_reporter.Run(rc); 10610 return; 10611 } 10612 transceiver_->SendCommand(command, parser); 10613 } 10614 10615 TPM_RC Tpm::ReadPublicSync(const TPMI_DH_OBJECT& object_handle, 10616 const std::string& object_handle_name, 10617 TPM2B_PUBLIC* out_public, 10618 TPM2B_NAME* name, 10619 TPM2B_NAME* qualified_name, 10620 AuthorizationDelegate* authorization_delegate) { 10621 VLOG(1) << __func__; 10622 std::string command; 10623 TPM_RC rc = SerializeCommand_ReadPublic(object_handle, object_handle_name, 10624 &command, authorization_delegate); 10625 if (rc != TPM_RC_SUCCESS) { 10626 return rc; 10627 } 10628 std::string response = transceiver_->SendCommandAndWait(command); 10629 rc = ParseResponse_ReadPublic(response, out_public, name, qualified_name, 10630 authorization_delegate); 10631 return rc; 10632 } 10633 10634 TPM_RC Tpm::SerializeCommand_ActivateCredential( 10635 const TPMI_DH_OBJECT& activate_handle, 10636 const std::string& activate_handle_name, 10637 const TPMI_DH_OBJECT& key_handle, 10638 const std::string& key_handle_name, 10639 const TPM2B_ID_OBJECT& credential_blob, 10640 const TPM2B_ENCRYPTED_SECRET& secret, 10641 std::string* serialized_command, 10642 AuthorizationDelegate* authorization_delegate) { 10643 VLOG(3) << __func__; 10644 TPM_RC rc = TPM_RC_SUCCESS; 10645 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10646 UINT32 command_size = 10; // Header size. 10647 std::string handle_section_bytes; 10648 std::string parameter_section_bytes; 10649 TPM_CC command_code = TPM_CC_ActivateCredential; 10650 bool is_command_parameter_encryption_possible = true; 10651 bool is_response_parameter_encryption_possible = true; 10652 std::string command_code_bytes; 10653 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10654 if (rc != TPM_RC_SUCCESS) { 10655 return rc; 10656 } 10657 std::string activate_handle_bytes; 10658 rc = Serialize_TPMI_DH_OBJECT(activate_handle, &activate_handle_bytes); 10659 if (rc != TPM_RC_SUCCESS) { 10660 return rc; 10661 } 10662 std::string key_handle_bytes; 10663 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 10664 if (rc != TPM_RC_SUCCESS) { 10665 return rc; 10666 } 10667 std::string credential_blob_bytes; 10668 rc = Serialize_TPM2B_ID_OBJECT(credential_blob, &credential_blob_bytes); 10669 if (rc != TPM_RC_SUCCESS) { 10670 return rc; 10671 } 10672 std::string secret_bytes; 10673 rc = Serialize_TPM2B_ENCRYPTED_SECRET(secret, &secret_bytes); 10674 if (rc != TPM_RC_SUCCESS) { 10675 return rc; 10676 } 10677 if (authorization_delegate) { 10678 // Encrypt just the parameter data, not the size. 10679 std::string tmp = credential_blob_bytes.substr(2); 10680 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 10681 return TRUNKS_RC_ENCRYPTION_FAILED; 10682 } 10683 credential_blob_bytes.replace(2, std::string::npos, tmp); 10684 } 10685 std::unique_ptr<crypto::SecureHash> hash( 10686 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10687 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10688 hash->Update(activate_handle_name.data(), activate_handle_name.size()); 10689 handle_section_bytes += activate_handle_bytes; 10690 command_size += activate_handle_bytes.size(); 10691 hash->Update(key_handle_name.data(), key_handle_name.size()); 10692 handle_section_bytes += key_handle_bytes; 10693 command_size += key_handle_bytes.size(); 10694 hash->Update(credential_blob_bytes.data(), credential_blob_bytes.size()); 10695 parameter_section_bytes += credential_blob_bytes; 10696 command_size += credential_blob_bytes.size(); 10697 hash->Update(secret_bytes.data(), secret_bytes.size()); 10698 parameter_section_bytes += secret_bytes; 10699 command_size += secret_bytes.size(); 10700 std::string command_hash(32, 0); 10701 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10702 std::string authorization_section_bytes; 10703 std::string authorization_size_bytes; 10704 if (authorization_delegate) { 10705 if (!authorization_delegate->GetCommandAuthorization( 10706 command_hash, is_command_parameter_encryption_possible, 10707 is_response_parameter_encryption_possible, 10708 &authorization_section_bytes)) { 10709 return TRUNKS_RC_AUTHORIZATION_FAILED; 10710 } 10711 if (!authorization_section_bytes.empty()) { 10712 tag = TPM_ST_SESSIONS; 10713 std::string tmp; 10714 rc = Serialize_UINT32(authorization_section_bytes.size(), 10715 &authorization_size_bytes); 10716 if (rc != TPM_RC_SUCCESS) { 10717 return rc; 10718 } 10719 command_size += 10720 authorization_size_bytes.size() + authorization_section_bytes.size(); 10721 } 10722 } 10723 std::string tag_bytes; 10724 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 10725 if (rc != TPM_RC_SUCCESS) { 10726 return rc; 10727 } 10728 std::string command_size_bytes; 10729 rc = Serialize_UINT32(command_size, &command_size_bytes); 10730 if (rc != TPM_RC_SUCCESS) { 10731 return rc; 10732 } 10733 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 10734 handle_section_bytes + authorization_size_bytes + 10735 authorization_section_bytes + parameter_section_bytes; 10736 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10737 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10738 serialized_command->size()); 10739 return TPM_RC_SUCCESS; 10740 } 10741 10742 TPM_RC Tpm::ParseResponse_ActivateCredential( 10743 const std::string& response, 10744 TPM2B_DIGEST* cert_info, 10745 AuthorizationDelegate* authorization_delegate) { 10746 VLOG(3) << __func__; 10747 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10748 TPM_RC rc = TPM_RC_SUCCESS; 10749 std::string buffer(response); 10750 TPM_ST tag; 10751 std::string tag_bytes; 10752 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 10753 if (rc != TPM_RC_SUCCESS) { 10754 return rc; 10755 } 10756 UINT32 response_size; 10757 std::string response_size_bytes; 10758 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 10759 if (rc != TPM_RC_SUCCESS) { 10760 return rc; 10761 } 10762 TPM_RC response_code; 10763 std::string response_code_bytes; 10764 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 10765 if (rc != TPM_RC_SUCCESS) { 10766 return rc; 10767 } 10768 if (response_size != response.size()) { 10769 return TPM_RC_SIZE; 10770 } 10771 if (response_code != TPM_RC_SUCCESS) { 10772 return response_code; 10773 } 10774 TPM_CC command_code = TPM_CC_ActivateCredential; 10775 std::string command_code_bytes; 10776 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10777 if (rc != TPM_RC_SUCCESS) { 10778 return rc; 10779 } 10780 std::string authorization_section_bytes; 10781 if (tag == TPM_ST_SESSIONS) { 10782 UINT32 parameter_section_size = buffer.size(); 10783 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10784 if (rc != TPM_RC_SUCCESS) { 10785 return rc; 10786 } 10787 if (parameter_section_size > buffer.size()) { 10788 return TPM_RC_INSUFFICIENT; 10789 } 10790 authorization_section_bytes = buffer.substr(parameter_section_size); 10791 // Keep the parameter section in |buffer|. 10792 buffer.erase(parameter_section_size); 10793 } 10794 std::unique_ptr<crypto::SecureHash> hash( 10795 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10796 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 10797 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10798 hash->Update(buffer.data(), buffer.size()); 10799 std::string response_hash(32, 0); 10800 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10801 if (tag == TPM_ST_SESSIONS) { 10802 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10803 if (!authorization_delegate->CheckResponseAuthorization( 10804 response_hash, authorization_section_bytes)) { 10805 return TRUNKS_RC_AUTHORIZATION_FAILED; 10806 } 10807 } 10808 std::string cert_info_bytes; 10809 rc = Parse_TPM2B_DIGEST(&buffer, cert_info, &cert_info_bytes); 10810 if (rc != TPM_RC_SUCCESS) { 10811 return rc; 10812 } 10813 if (tag == TPM_ST_SESSIONS) { 10814 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10815 // Decrypt just the parameter data, not the size. 10816 std::string tmp = cert_info_bytes.substr(2); 10817 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10818 return TRUNKS_RC_ENCRYPTION_FAILED; 10819 } 10820 cert_info_bytes.replace(2, std::string::npos, tmp); 10821 rc = Parse_TPM2B_DIGEST(&cert_info_bytes, cert_info, nullptr); 10822 if (rc != TPM_RC_SUCCESS) { 10823 return rc; 10824 } 10825 } 10826 return TPM_RC_SUCCESS; 10827 } 10828 10829 void ActivateCredentialErrorCallback( 10830 const Tpm::ActivateCredentialResponse& callback, 10831 TPM_RC response_code) { 10832 VLOG(1) << __func__; 10833 callback.Run(response_code, TPM2B_DIGEST()); 10834 } 10835 10836 void ActivateCredentialResponseParser( 10837 const Tpm::ActivateCredentialResponse& callback, 10838 AuthorizationDelegate* authorization_delegate, 10839 const std::string& response) { 10840 VLOG(1) << __func__; 10841 base::Callback<void(TPM_RC)> error_reporter = 10842 base::Bind(ActivateCredentialErrorCallback, callback); 10843 TPM2B_DIGEST cert_info; 10844 TPM_RC rc = Tpm::ParseResponse_ActivateCredential(response, &cert_info, 10845 authorization_delegate); 10846 if (rc != TPM_RC_SUCCESS) { 10847 error_reporter.Run(rc); 10848 return; 10849 } 10850 callback.Run(rc, cert_info); 10851 } 10852 10853 void Tpm::ActivateCredential(const TPMI_DH_OBJECT& activate_handle, 10854 const std::string& activate_handle_name, 10855 const TPMI_DH_OBJECT& key_handle, 10856 const std::string& key_handle_name, 10857 const TPM2B_ID_OBJECT& credential_blob, 10858 const TPM2B_ENCRYPTED_SECRET& secret, 10859 AuthorizationDelegate* authorization_delegate, 10860 const ActivateCredentialResponse& callback) { 10861 VLOG(1) << __func__; 10862 base::Callback<void(TPM_RC)> error_reporter = 10863 base::Bind(ActivateCredentialErrorCallback, callback); 10864 base::Callback<void(const std::string&)> parser = base::Bind( 10865 ActivateCredentialResponseParser, callback, authorization_delegate); 10866 std::string command; 10867 TPM_RC rc = SerializeCommand_ActivateCredential( 10868 activate_handle, activate_handle_name, key_handle, key_handle_name, 10869 credential_blob, secret, &command, authorization_delegate); 10870 if (rc != TPM_RC_SUCCESS) { 10871 error_reporter.Run(rc); 10872 return; 10873 } 10874 transceiver_->SendCommand(command, parser); 10875 } 10876 10877 TPM_RC Tpm::ActivateCredentialSync( 10878 const TPMI_DH_OBJECT& activate_handle, 10879 const std::string& activate_handle_name, 10880 const TPMI_DH_OBJECT& key_handle, 10881 const std::string& key_handle_name, 10882 const TPM2B_ID_OBJECT& credential_blob, 10883 const TPM2B_ENCRYPTED_SECRET& secret, 10884 TPM2B_DIGEST* cert_info, 10885 AuthorizationDelegate* authorization_delegate) { 10886 VLOG(1) << __func__; 10887 std::string command; 10888 TPM_RC rc = SerializeCommand_ActivateCredential( 10889 activate_handle, activate_handle_name, key_handle, key_handle_name, 10890 credential_blob, secret, &command, authorization_delegate); 10891 if (rc != TPM_RC_SUCCESS) { 10892 return rc; 10893 } 10894 std::string response = transceiver_->SendCommandAndWait(command); 10895 rc = ParseResponse_ActivateCredential(response, cert_info, 10896 authorization_delegate); 10897 return rc; 10898 } 10899 10900 TPM_RC Tpm::SerializeCommand_MakeCredential( 10901 const TPMI_DH_OBJECT& handle, 10902 const std::string& handle_name, 10903 const TPM2B_DIGEST& credential, 10904 const TPM2B_NAME& object_name, 10905 std::string* serialized_command, 10906 AuthorizationDelegate* authorization_delegate) { 10907 VLOG(3) << __func__; 10908 TPM_RC rc = TPM_RC_SUCCESS; 10909 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10910 UINT32 command_size = 10; // Header size. 10911 std::string handle_section_bytes; 10912 std::string parameter_section_bytes; 10913 TPM_CC command_code = TPM_CC_MakeCredential; 10914 bool is_command_parameter_encryption_possible = true; 10915 bool is_response_parameter_encryption_possible = true; 10916 std::string command_code_bytes; 10917 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 10918 if (rc != TPM_RC_SUCCESS) { 10919 return rc; 10920 } 10921 std::string handle_bytes; 10922 rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes); 10923 if (rc != TPM_RC_SUCCESS) { 10924 return rc; 10925 } 10926 std::string credential_bytes; 10927 rc = Serialize_TPM2B_DIGEST(credential, &credential_bytes); 10928 if (rc != TPM_RC_SUCCESS) { 10929 return rc; 10930 } 10931 std::string object_name_bytes; 10932 rc = Serialize_TPM2B_NAME(object_name, &object_name_bytes); 10933 if (rc != TPM_RC_SUCCESS) { 10934 return rc; 10935 } 10936 if (authorization_delegate) { 10937 // Encrypt just the parameter data, not the size. 10938 std::string tmp = credential_bytes.substr(2); 10939 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 10940 return TRUNKS_RC_ENCRYPTION_FAILED; 10941 } 10942 credential_bytes.replace(2, std::string::npos, tmp); 10943 } 10944 std::unique_ptr<crypto::SecureHash> hash( 10945 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 10946 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 10947 hash->Update(handle_name.data(), handle_name.size()); 10948 handle_section_bytes += handle_bytes; 10949 command_size += handle_bytes.size(); 10950 hash->Update(credential_bytes.data(), credential_bytes.size()); 10951 parameter_section_bytes += credential_bytes; 10952 command_size += credential_bytes.size(); 10953 hash->Update(object_name_bytes.data(), object_name_bytes.size()); 10954 parameter_section_bytes += object_name_bytes; 10955 command_size += object_name_bytes.size(); 10956 std::string command_hash(32, 0); 10957 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10958 std::string authorization_section_bytes; 10959 std::string authorization_size_bytes; 10960 if (authorization_delegate) { 10961 if (!authorization_delegate->GetCommandAuthorization( 10962 command_hash, is_command_parameter_encryption_possible, 10963 is_response_parameter_encryption_possible, 10964 &authorization_section_bytes)) { 10965 return TRUNKS_RC_AUTHORIZATION_FAILED; 10966 } 10967 if (!authorization_section_bytes.empty()) { 10968 tag = TPM_ST_SESSIONS; 10969 std::string tmp; 10970 rc = Serialize_UINT32(authorization_section_bytes.size(), 10971 &authorization_size_bytes); 10972 if (rc != TPM_RC_SUCCESS) { 10973 return rc; 10974 } 10975 command_size += 10976 authorization_size_bytes.size() + authorization_section_bytes.size(); 10977 } 10978 } 10979 std::string tag_bytes; 10980 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 10981 if (rc != TPM_RC_SUCCESS) { 10982 return rc; 10983 } 10984 std::string command_size_bytes; 10985 rc = Serialize_UINT32(command_size, &command_size_bytes); 10986 if (rc != TPM_RC_SUCCESS) { 10987 return rc; 10988 } 10989 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 10990 handle_section_bytes + authorization_size_bytes + 10991 authorization_section_bytes + parameter_section_bytes; 10992 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10993 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10994 serialized_command->size()); 10995 return TPM_RC_SUCCESS; 10996 } 10997 10998 TPM_RC Tpm::ParseResponse_MakeCredential( 10999 const std::string& response, 11000 TPM2B_ID_OBJECT* credential_blob, 11001 TPM2B_ENCRYPTED_SECRET* secret, 11002 AuthorizationDelegate* authorization_delegate) { 11003 VLOG(3) << __func__; 11004 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11005 TPM_RC rc = TPM_RC_SUCCESS; 11006 std::string buffer(response); 11007 TPM_ST tag; 11008 std::string tag_bytes; 11009 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 11010 if (rc != TPM_RC_SUCCESS) { 11011 return rc; 11012 } 11013 UINT32 response_size; 11014 std::string response_size_bytes; 11015 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 11016 if (rc != TPM_RC_SUCCESS) { 11017 return rc; 11018 } 11019 TPM_RC response_code; 11020 std::string response_code_bytes; 11021 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 11022 if (rc != TPM_RC_SUCCESS) { 11023 return rc; 11024 } 11025 if (response_size != response.size()) { 11026 return TPM_RC_SIZE; 11027 } 11028 if (response_code != TPM_RC_SUCCESS) { 11029 return response_code; 11030 } 11031 TPM_CC command_code = TPM_CC_MakeCredential; 11032 std::string command_code_bytes; 11033 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11034 if (rc != TPM_RC_SUCCESS) { 11035 return rc; 11036 } 11037 std::string authorization_section_bytes; 11038 if (tag == TPM_ST_SESSIONS) { 11039 UINT32 parameter_section_size = buffer.size(); 11040 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11041 if (rc != TPM_RC_SUCCESS) { 11042 return rc; 11043 } 11044 if (parameter_section_size > buffer.size()) { 11045 return TPM_RC_INSUFFICIENT; 11046 } 11047 authorization_section_bytes = buffer.substr(parameter_section_size); 11048 // Keep the parameter section in |buffer|. 11049 buffer.erase(parameter_section_size); 11050 } 11051 std::unique_ptr<crypto::SecureHash> hash( 11052 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11053 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 11054 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11055 hash->Update(buffer.data(), buffer.size()); 11056 std::string response_hash(32, 0); 11057 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11058 if (tag == TPM_ST_SESSIONS) { 11059 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11060 if (!authorization_delegate->CheckResponseAuthorization( 11061 response_hash, authorization_section_bytes)) { 11062 return TRUNKS_RC_AUTHORIZATION_FAILED; 11063 } 11064 } 11065 std::string credential_blob_bytes; 11066 rc = Parse_TPM2B_ID_OBJECT(&buffer, credential_blob, &credential_blob_bytes); 11067 if (rc != TPM_RC_SUCCESS) { 11068 return rc; 11069 } 11070 std::string secret_bytes; 11071 rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, secret, &secret_bytes); 11072 if (rc != TPM_RC_SUCCESS) { 11073 return rc; 11074 } 11075 if (tag == TPM_ST_SESSIONS) { 11076 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11077 // Decrypt just the parameter data, not the size. 11078 std::string tmp = credential_blob_bytes.substr(2); 11079 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11080 return TRUNKS_RC_ENCRYPTION_FAILED; 11081 } 11082 credential_blob_bytes.replace(2, std::string::npos, tmp); 11083 rc = 11084 Parse_TPM2B_ID_OBJECT(&credential_blob_bytes, credential_blob, nullptr); 11085 if (rc != TPM_RC_SUCCESS) { 11086 return rc; 11087 } 11088 } 11089 return TPM_RC_SUCCESS; 11090 } 11091 11092 void MakeCredentialErrorCallback(const Tpm::MakeCredentialResponse& callback, 11093 TPM_RC response_code) { 11094 VLOG(1) << __func__; 11095 callback.Run(response_code, TPM2B_ID_OBJECT(), TPM2B_ENCRYPTED_SECRET()); 11096 } 11097 11098 void MakeCredentialResponseParser(const Tpm::MakeCredentialResponse& callback, 11099 AuthorizationDelegate* authorization_delegate, 11100 const std::string& response) { 11101 VLOG(1) << __func__; 11102 base::Callback<void(TPM_RC)> error_reporter = 11103 base::Bind(MakeCredentialErrorCallback, callback); 11104 TPM2B_ID_OBJECT credential_blob; 11105 TPM2B_ENCRYPTED_SECRET secret; 11106 TPM_RC rc = Tpm::ParseResponse_MakeCredential( 11107 response, &credential_blob, &secret, authorization_delegate); 11108 if (rc != TPM_RC_SUCCESS) { 11109 error_reporter.Run(rc); 11110 return; 11111 } 11112 callback.Run(rc, credential_blob, secret); 11113 } 11114 11115 void Tpm::MakeCredential(const TPMI_DH_OBJECT& handle, 11116 const std::string& handle_name, 11117 const TPM2B_DIGEST& credential, 11118 const TPM2B_NAME& object_name, 11119 AuthorizationDelegate* authorization_delegate, 11120 const MakeCredentialResponse& callback) { 11121 VLOG(1) << __func__; 11122 base::Callback<void(TPM_RC)> error_reporter = 11123 base::Bind(MakeCredentialErrorCallback, callback); 11124 base::Callback<void(const std::string&)> parser = base::Bind( 11125 MakeCredentialResponseParser, callback, authorization_delegate); 11126 std::string command; 11127 TPM_RC rc = SerializeCommand_MakeCredential(handle, handle_name, credential, 11128 object_name, &command, 11129 authorization_delegate); 11130 if (rc != TPM_RC_SUCCESS) { 11131 error_reporter.Run(rc); 11132 return; 11133 } 11134 transceiver_->SendCommand(command, parser); 11135 } 11136 11137 TPM_RC Tpm::MakeCredentialSync(const TPMI_DH_OBJECT& handle, 11138 const std::string& handle_name, 11139 const TPM2B_DIGEST& credential, 11140 const TPM2B_NAME& object_name, 11141 TPM2B_ID_OBJECT* credential_blob, 11142 TPM2B_ENCRYPTED_SECRET* secret, 11143 AuthorizationDelegate* authorization_delegate) { 11144 VLOG(1) << __func__; 11145 std::string command; 11146 TPM_RC rc = SerializeCommand_MakeCredential(handle, handle_name, credential, 11147 object_name, &command, 11148 authorization_delegate); 11149 if (rc != TPM_RC_SUCCESS) { 11150 return rc; 11151 } 11152 std::string response = transceiver_->SendCommandAndWait(command); 11153 rc = ParseResponse_MakeCredential(response, credential_blob, secret, 11154 authorization_delegate); 11155 return rc; 11156 } 11157 11158 TPM_RC Tpm::SerializeCommand_Unseal( 11159 const TPMI_DH_OBJECT& item_handle, 11160 const std::string& item_handle_name, 11161 std::string* serialized_command, 11162 AuthorizationDelegate* authorization_delegate) { 11163 VLOG(3) << __func__; 11164 TPM_RC rc = TPM_RC_SUCCESS; 11165 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11166 UINT32 command_size = 10; // Header size. 11167 std::string handle_section_bytes; 11168 std::string parameter_section_bytes; 11169 TPM_CC command_code = TPM_CC_Unseal; 11170 bool is_command_parameter_encryption_possible = false; 11171 bool is_response_parameter_encryption_possible = true; 11172 std::string command_code_bytes; 11173 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11174 if (rc != TPM_RC_SUCCESS) { 11175 return rc; 11176 } 11177 std::string item_handle_bytes; 11178 rc = Serialize_TPMI_DH_OBJECT(item_handle, &item_handle_bytes); 11179 if (rc != TPM_RC_SUCCESS) { 11180 return rc; 11181 } 11182 std::unique_ptr<crypto::SecureHash> hash( 11183 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11184 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11185 hash->Update(item_handle_name.data(), item_handle_name.size()); 11186 handle_section_bytes += item_handle_bytes; 11187 command_size += item_handle_bytes.size(); 11188 std::string command_hash(32, 0); 11189 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11190 std::string authorization_section_bytes; 11191 std::string authorization_size_bytes; 11192 if (authorization_delegate) { 11193 if (!authorization_delegate->GetCommandAuthorization( 11194 command_hash, is_command_parameter_encryption_possible, 11195 is_response_parameter_encryption_possible, 11196 &authorization_section_bytes)) { 11197 return TRUNKS_RC_AUTHORIZATION_FAILED; 11198 } 11199 if (!authorization_section_bytes.empty()) { 11200 tag = TPM_ST_SESSIONS; 11201 std::string tmp; 11202 rc = Serialize_UINT32(authorization_section_bytes.size(), 11203 &authorization_size_bytes); 11204 if (rc != TPM_RC_SUCCESS) { 11205 return rc; 11206 } 11207 command_size += 11208 authorization_size_bytes.size() + authorization_section_bytes.size(); 11209 } 11210 } 11211 std::string tag_bytes; 11212 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 11213 if (rc != TPM_RC_SUCCESS) { 11214 return rc; 11215 } 11216 std::string command_size_bytes; 11217 rc = Serialize_UINT32(command_size, &command_size_bytes); 11218 if (rc != TPM_RC_SUCCESS) { 11219 return rc; 11220 } 11221 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 11222 handle_section_bytes + authorization_size_bytes + 11223 authorization_section_bytes + parameter_section_bytes; 11224 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11225 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11226 serialized_command->size()); 11227 return TPM_RC_SUCCESS; 11228 } 11229 11230 TPM_RC Tpm::ParseResponse_Unseal( 11231 const std::string& response, 11232 TPM2B_SENSITIVE_DATA* out_data, 11233 AuthorizationDelegate* authorization_delegate) { 11234 VLOG(3) << __func__; 11235 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11236 TPM_RC rc = TPM_RC_SUCCESS; 11237 std::string buffer(response); 11238 TPM_ST tag; 11239 std::string tag_bytes; 11240 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 11241 if (rc != TPM_RC_SUCCESS) { 11242 return rc; 11243 } 11244 UINT32 response_size; 11245 std::string response_size_bytes; 11246 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 11247 if (rc != TPM_RC_SUCCESS) { 11248 return rc; 11249 } 11250 TPM_RC response_code; 11251 std::string response_code_bytes; 11252 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 11253 if (rc != TPM_RC_SUCCESS) { 11254 return rc; 11255 } 11256 if (response_size != response.size()) { 11257 return TPM_RC_SIZE; 11258 } 11259 if (response_code != TPM_RC_SUCCESS) { 11260 return response_code; 11261 } 11262 TPM_CC command_code = TPM_CC_Unseal; 11263 std::string command_code_bytes; 11264 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11265 if (rc != TPM_RC_SUCCESS) { 11266 return rc; 11267 } 11268 std::string authorization_section_bytes; 11269 if (tag == TPM_ST_SESSIONS) { 11270 UINT32 parameter_section_size = buffer.size(); 11271 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11272 if (rc != TPM_RC_SUCCESS) { 11273 return rc; 11274 } 11275 if (parameter_section_size > buffer.size()) { 11276 return TPM_RC_INSUFFICIENT; 11277 } 11278 authorization_section_bytes = buffer.substr(parameter_section_size); 11279 // Keep the parameter section in |buffer|. 11280 buffer.erase(parameter_section_size); 11281 } 11282 std::unique_ptr<crypto::SecureHash> hash( 11283 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11284 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 11285 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11286 hash->Update(buffer.data(), buffer.size()); 11287 std::string response_hash(32, 0); 11288 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11289 if (tag == TPM_ST_SESSIONS) { 11290 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11291 if (!authorization_delegate->CheckResponseAuthorization( 11292 response_hash, authorization_section_bytes)) { 11293 return TRUNKS_RC_AUTHORIZATION_FAILED; 11294 } 11295 } 11296 std::string out_data_bytes; 11297 rc = Parse_TPM2B_SENSITIVE_DATA(&buffer, out_data, &out_data_bytes); 11298 if (rc != TPM_RC_SUCCESS) { 11299 return rc; 11300 } 11301 if (tag == TPM_ST_SESSIONS) { 11302 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11303 // Decrypt just the parameter data, not the size. 11304 std::string tmp = out_data_bytes.substr(2); 11305 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11306 return TRUNKS_RC_ENCRYPTION_FAILED; 11307 } 11308 out_data_bytes.replace(2, std::string::npos, tmp); 11309 rc = Parse_TPM2B_SENSITIVE_DATA(&out_data_bytes, out_data, nullptr); 11310 if (rc != TPM_RC_SUCCESS) { 11311 return rc; 11312 } 11313 } 11314 return TPM_RC_SUCCESS; 11315 } 11316 11317 void UnsealErrorCallback(const Tpm::UnsealResponse& callback, 11318 TPM_RC response_code) { 11319 VLOG(1) << __func__; 11320 callback.Run(response_code, TPM2B_SENSITIVE_DATA()); 11321 } 11322 11323 void UnsealResponseParser(const Tpm::UnsealResponse& callback, 11324 AuthorizationDelegate* authorization_delegate, 11325 const std::string& response) { 11326 VLOG(1) << __func__; 11327 base::Callback<void(TPM_RC)> error_reporter = 11328 base::Bind(UnsealErrorCallback, callback); 11329 TPM2B_SENSITIVE_DATA out_data; 11330 TPM_RC rc = 11331 Tpm::ParseResponse_Unseal(response, &out_data, authorization_delegate); 11332 if (rc != TPM_RC_SUCCESS) { 11333 error_reporter.Run(rc); 11334 return; 11335 } 11336 callback.Run(rc, out_data); 11337 } 11338 11339 void Tpm::Unseal(const TPMI_DH_OBJECT& item_handle, 11340 const std::string& item_handle_name, 11341 AuthorizationDelegate* authorization_delegate, 11342 const UnsealResponse& callback) { 11343 VLOG(1) << __func__; 11344 base::Callback<void(TPM_RC)> error_reporter = 11345 base::Bind(UnsealErrorCallback, callback); 11346 base::Callback<void(const std::string&)> parser = 11347 base::Bind(UnsealResponseParser, callback, authorization_delegate); 11348 std::string command; 11349 TPM_RC rc = SerializeCommand_Unseal(item_handle, item_handle_name, &command, 11350 authorization_delegate); 11351 if (rc != TPM_RC_SUCCESS) { 11352 error_reporter.Run(rc); 11353 return; 11354 } 11355 transceiver_->SendCommand(command, parser); 11356 } 11357 11358 TPM_RC Tpm::UnsealSync(const TPMI_DH_OBJECT& item_handle, 11359 const std::string& item_handle_name, 11360 TPM2B_SENSITIVE_DATA* out_data, 11361 AuthorizationDelegate* authorization_delegate) { 11362 VLOG(1) << __func__; 11363 std::string command; 11364 TPM_RC rc = SerializeCommand_Unseal(item_handle, item_handle_name, &command, 11365 authorization_delegate); 11366 if (rc != TPM_RC_SUCCESS) { 11367 return rc; 11368 } 11369 std::string response = transceiver_->SendCommandAndWait(command); 11370 rc = ParseResponse_Unseal(response, out_data, authorization_delegate); 11371 return rc; 11372 } 11373 11374 TPM_RC Tpm::SerializeCommand_ObjectChangeAuth( 11375 const TPMI_DH_OBJECT& object_handle, 11376 const std::string& object_handle_name, 11377 const TPMI_DH_OBJECT& parent_handle, 11378 const std::string& parent_handle_name, 11379 const TPM2B_AUTH& new_auth, 11380 std::string* serialized_command, 11381 AuthorizationDelegate* authorization_delegate) { 11382 VLOG(3) << __func__; 11383 TPM_RC rc = TPM_RC_SUCCESS; 11384 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11385 UINT32 command_size = 10; // Header size. 11386 std::string handle_section_bytes; 11387 std::string parameter_section_bytes; 11388 TPM_CC command_code = TPM_CC_ObjectChangeAuth; 11389 bool is_command_parameter_encryption_possible = true; 11390 bool is_response_parameter_encryption_possible = true; 11391 std::string command_code_bytes; 11392 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11393 if (rc != TPM_RC_SUCCESS) { 11394 return rc; 11395 } 11396 std::string object_handle_bytes; 11397 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 11398 if (rc != TPM_RC_SUCCESS) { 11399 return rc; 11400 } 11401 std::string parent_handle_bytes; 11402 rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes); 11403 if (rc != TPM_RC_SUCCESS) { 11404 return rc; 11405 } 11406 std::string new_auth_bytes; 11407 rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes); 11408 if (rc != TPM_RC_SUCCESS) { 11409 return rc; 11410 } 11411 if (authorization_delegate) { 11412 // Encrypt just the parameter data, not the size. 11413 std::string tmp = new_auth_bytes.substr(2); 11414 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 11415 return TRUNKS_RC_ENCRYPTION_FAILED; 11416 } 11417 new_auth_bytes.replace(2, std::string::npos, tmp); 11418 } 11419 std::unique_ptr<crypto::SecureHash> hash( 11420 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11421 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11422 hash->Update(object_handle_name.data(), object_handle_name.size()); 11423 handle_section_bytes += object_handle_bytes; 11424 command_size += object_handle_bytes.size(); 11425 hash->Update(parent_handle_name.data(), parent_handle_name.size()); 11426 handle_section_bytes += parent_handle_bytes; 11427 command_size += parent_handle_bytes.size(); 11428 hash->Update(new_auth_bytes.data(), new_auth_bytes.size()); 11429 parameter_section_bytes += new_auth_bytes; 11430 command_size += new_auth_bytes.size(); 11431 std::string command_hash(32, 0); 11432 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11433 std::string authorization_section_bytes; 11434 std::string authorization_size_bytes; 11435 if (authorization_delegate) { 11436 if (!authorization_delegate->GetCommandAuthorization( 11437 command_hash, is_command_parameter_encryption_possible, 11438 is_response_parameter_encryption_possible, 11439 &authorization_section_bytes)) { 11440 return TRUNKS_RC_AUTHORIZATION_FAILED; 11441 } 11442 if (!authorization_section_bytes.empty()) { 11443 tag = TPM_ST_SESSIONS; 11444 std::string tmp; 11445 rc = Serialize_UINT32(authorization_section_bytes.size(), 11446 &authorization_size_bytes); 11447 if (rc != TPM_RC_SUCCESS) { 11448 return rc; 11449 } 11450 command_size += 11451 authorization_size_bytes.size() + authorization_section_bytes.size(); 11452 } 11453 } 11454 std::string tag_bytes; 11455 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 11456 if (rc != TPM_RC_SUCCESS) { 11457 return rc; 11458 } 11459 std::string command_size_bytes; 11460 rc = Serialize_UINT32(command_size, &command_size_bytes); 11461 if (rc != TPM_RC_SUCCESS) { 11462 return rc; 11463 } 11464 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 11465 handle_section_bytes + authorization_size_bytes + 11466 authorization_section_bytes + parameter_section_bytes; 11467 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11468 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11469 serialized_command->size()); 11470 return TPM_RC_SUCCESS; 11471 } 11472 11473 TPM_RC Tpm::ParseResponse_ObjectChangeAuth( 11474 const std::string& response, 11475 TPM2B_PRIVATE* out_private, 11476 AuthorizationDelegate* authorization_delegate) { 11477 VLOG(3) << __func__; 11478 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11479 TPM_RC rc = TPM_RC_SUCCESS; 11480 std::string buffer(response); 11481 TPM_ST tag; 11482 std::string tag_bytes; 11483 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 11484 if (rc != TPM_RC_SUCCESS) { 11485 return rc; 11486 } 11487 UINT32 response_size; 11488 std::string response_size_bytes; 11489 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 11490 if (rc != TPM_RC_SUCCESS) { 11491 return rc; 11492 } 11493 TPM_RC response_code; 11494 std::string response_code_bytes; 11495 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 11496 if (rc != TPM_RC_SUCCESS) { 11497 return rc; 11498 } 11499 if (response_size != response.size()) { 11500 return TPM_RC_SIZE; 11501 } 11502 if (response_code != TPM_RC_SUCCESS) { 11503 return response_code; 11504 } 11505 TPM_CC command_code = TPM_CC_ObjectChangeAuth; 11506 std::string command_code_bytes; 11507 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11508 if (rc != TPM_RC_SUCCESS) { 11509 return rc; 11510 } 11511 std::string authorization_section_bytes; 11512 if (tag == TPM_ST_SESSIONS) { 11513 UINT32 parameter_section_size = buffer.size(); 11514 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11515 if (rc != TPM_RC_SUCCESS) { 11516 return rc; 11517 } 11518 if (parameter_section_size > buffer.size()) { 11519 return TPM_RC_INSUFFICIENT; 11520 } 11521 authorization_section_bytes = buffer.substr(parameter_section_size); 11522 // Keep the parameter section in |buffer|. 11523 buffer.erase(parameter_section_size); 11524 } 11525 std::unique_ptr<crypto::SecureHash> hash( 11526 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11527 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 11528 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11529 hash->Update(buffer.data(), buffer.size()); 11530 std::string response_hash(32, 0); 11531 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11532 if (tag == TPM_ST_SESSIONS) { 11533 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11534 if (!authorization_delegate->CheckResponseAuthorization( 11535 response_hash, authorization_section_bytes)) { 11536 return TRUNKS_RC_AUTHORIZATION_FAILED; 11537 } 11538 } 11539 std::string out_private_bytes; 11540 rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes); 11541 if (rc != TPM_RC_SUCCESS) { 11542 return rc; 11543 } 11544 if (tag == TPM_ST_SESSIONS) { 11545 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11546 // Decrypt just the parameter data, not the size. 11547 std::string tmp = out_private_bytes.substr(2); 11548 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11549 return TRUNKS_RC_ENCRYPTION_FAILED; 11550 } 11551 out_private_bytes.replace(2, std::string::npos, tmp); 11552 rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr); 11553 if (rc != TPM_RC_SUCCESS) { 11554 return rc; 11555 } 11556 } 11557 return TPM_RC_SUCCESS; 11558 } 11559 11560 void ObjectChangeAuthErrorCallback( 11561 const Tpm::ObjectChangeAuthResponse& callback, 11562 TPM_RC response_code) { 11563 VLOG(1) << __func__; 11564 callback.Run(response_code, TPM2B_PRIVATE()); 11565 } 11566 11567 void ObjectChangeAuthResponseParser( 11568 const Tpm::ObjectChangeAuthResponse& callback, 11569 AuthorizationDelegate* authorization_delegate, 11570 const std::string& response) { 11571 VLOG(1) << __func__; 11572 base::Callback<void(TPM_RC)> error_reporter = 11573 base::Bind(ObjectChangeAuthErrorCallback, callback); 11574 TPM2B_PRIVATE out_private; 11575 TPM_RC rc = Tpm::ParseResponse_ObjectChangeAuth(response, &out_private, 11576 authorization_delegate); 11577 if (rc != TPM_RC_SUCCESS) { 11578 error_reporter.Run(rc); 11579 return; 11580 } 11581 callback.Run(rc, out_private); 11582 } 11583 11584 void Tpm::ObjectChangeAuth(const TPMI_DH_OBJECT& object_handle, 11585 const std::string& object_handle_name, 11586 const TPMI_DH_OBJECT& parent_handle, 11587 const std::string& parent_handle_name, 11588 const TPM2B_AUTH& new_auth, 11589 AuthorizationDelegate* authorization_delegate, 11590 const ObjectChangeAuthResponse& callback) { 11591 VLOG(1) << __func__; 11592 base::Callback<void(TPM_RC)> error_reporter = 11593 base::Bind(ObjectChangeAuthErrorCallback, callback); 11594 base::Callback<void(const std::string&)> parser = base::Bind( 11595 ObjectChangeAuthResponseParser, callback, authorization_delegate); 11596 std::string command; 11597 TPM_RC rc = SerializeCommand_ObjectChangeAuth( 11598 object_handle, object_handle_name, parent_handle, parent_handle_name, 11599 new_auth, &command, authorization_delegate); 11600 if (rc != TPM_RC_SUCCESS) { 11601 error_reporter.Run(rc); 11602 return; 11603 } 11604 transceiver_->SendCommand(command, parser); 11605 } 11606 11607 TPM_RC Tpm::ObjectChangeAuthSync( 11608 const TPMI_DH_OBJECT& object_handle, 11609 const std::string& object_handle_name, 11610 const TPMI_DH_OBJECT& parent_handle, 11611 const std::string& parent_handle_name, 11612 const TPM2B_AUTH& new_auth, 11613 TPM2B_PRIVATE* out_private, 11614 AuthorizationDelegate* authorization_delegate) { 11615 VLOG(1) << __func__; 11616 std::string command; 11617 TPM_RC rc = SerializeCommand_ObjectChangeAuth( 11618 object_handle, object_handle_name, parent_handle, parent_handle_name, 11619 new_auth, &command, authorization_delegate); 11620 if (rc != TPM_RC_SUCCESS) { 11621 return rc; 11622 } 11623 std::string response = transceiver_->SendCommandAndWait(command); 11624 rc = ParseResponse_ObjectChangeAuth(response, out_private, 11625 authorization_delegate); 11626 return rc; 11627 } 11628 11629 TPM_RC Tpm::SerializeCommand_Duplicate( 11630 const TPMI_DH_OBJECT& object_handle, 11631 const std::string& object_handle_name, 11632 const TPMI_DH_OBJECT& new_parent_handle, 11633 const std::string& new_parent_handle_name, 11634 const TPM2B_DATA& encryption_key_in, 11635 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 11636 std::string* serialized_command, 11637 AuthorizationDelegate* authorization_delegate) { 11638 VLOG(3) << __func__; 11639 TPM_RC rc = TPM_RC_SUCCESS; 11640 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11641 UINT32 command_size = 10; // Header size. 11642 std::string handle_section_bytes; 11643 std::string parameter_section_bytes; 11644 TPM_CC command_code = TPM_CC_Duplicate; 11645 bool is_command_parameter_encryption_possible = true; 11646 bool is_response_parameter_encryption_possible = true; 11647 std::string command_code_bytes; 11648 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11649 if (rc != TPM_RC_SUCCESS) { 11650 return rc; 11651 } 11652 std::string object_handle_bytes; 11653 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 11654 if (rc != TPM_RC_SUCCESS) { 11655 return rc; 11656 } 11657 std::string new_parent_handle_bytes; 11658 rc = Serialize_TPMI_DH_OBJECT(new_parent_handle, &new_parent_handle_bytes); 11659 if (rc != TPM_RC_SUCCESS) { 11660 return rc; 11661 } 11662 std::string encryption_key_in_bytes; 11663 rc = Serialize_TPM2B_DATA(encryption_key_in, &encryption_key_in_bytes); 11664 if (rc != TPM_RC_SUCCESS) { 11665 return rc; 11666 } 11667 std::string symmetric_alg_bytes; 11668 rc = Serialize_TPMT_SYM_DEF_OBJECT(symmetric_alg, &symmetric_alg_bytes); 11669 if (rc != TPM_RC_SUCCESS) { 11670 return rc; 11671 } 11672 if (authorization_delegate) { 11673 // Encrypt just the parameter data, not the size. 11674 std::string tmp = encryption_key_in_bytes.substr(2); 11675 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 11676 return TRUNKS_RC_ENCRYPTION_FAILED; 11677 } 11678 encryption_key_in_bytes.replace(2, std::string::npos, tmp); 11679 } 11680 std::unique_ptr<crypto::SecureHash> hash( 11681 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11682 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11683 hash->Update(object_handle_name.data(), object_handle_name.size()); 11684 handle_section_bytes += object_handle_bytes; 11685 command_size += object_handle_bytes.size(); 11686 hash->Update(new_parent_handle_name.data(), new_parent_handle_name.size()); 11687 handle_section_bytes += new_parent_handle_bytes; 11688 command_size += new_parent_handle_bytes.size(); 11689 hash->Update(encryption_key_in_bytes.data(), encryption_key_in_bytes.size()); 11690 parameter_section_bytes += encryption_key_in_bytes; 11691 command_size += encryption_key_in_bytes.size(); 11692 hash->Update(symmetric_alg_bytes.data(), symmetric_alg_bytes.size()); 11693 parameter_section_bytes += symmetric_alg_bytes; 11694 command_size += symmetric_alg_bytes.size(); 11695 std::string command_hash(32, 0); 11696 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11697 std::string authorization_section_bytes; 11698 std::string authorization_size_bytes; 11699 if (authorization_delegate) { 11700 if (!authorization_delegate->GetCommandAuthorization( 11701 command_hash, is_command_parameter_encryption_possible, 11702 is_response_parameter_encryption_possible, 11703 &authorization_section_bytes)) { 11704 return TRUNKS_RC_AUTHORIZATION_FAILED; 11705 } 11706 if (!authorization_section_bytes.empty()) { 11707 tag = TPM_ST_SESSIONS; 11708 std::string tmp; 11709 rc = Serialize_UINT32(authorization_section_bytes.size(), 11710 &authorization_size_bytes); 11711 if (rc != TPM_RC_SUCCESS) { 11712 return rc; 11713 } 11714 command_size += 11715 authorization_size_bytes.size() + authorization_section_bytes.size(); 11716 } 11717 } 11718 std::string tag_bytes; 11719 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 11720 if (rc != TPM_RC_SUCCESS) { 11721 return rc; 11722 } 11723 std::string command_size_bytes; 11724 rc = Serialize_UINT32(command_size, &command_size_bytes); 11725 if (rc != TPM_RC_SUCCESS) { 11726 return rc; 11727 } 11728 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 11729 handle_section_bytes + authorization_size_bytes + 11730 authorization_section_bytes + parameter_section_bytes; 11731 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11732 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11733 serialized_command->size()); 11734 return TPM_RC_SUCCESS; 11735 } 11736 11737 TPM_RC Tpm::ParseResponse_Duplicate( 11738 const std::string& response, 11739 TPM2B_DATA* encryption_key_out, 11740 TPM2B_PRIVATE* duplicate, 11741 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 11742 AuthorizationDelegate* authorization_delegate) { 11743 VLOG(3) << __func__; 11744 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11745 TPM_RC rc = TPM_RC_SUCCESS; 11746 std::string buffer(response); 11747 TPM_ST tag; 11748 std::string tag_bytes; 11749 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 11750 if (rc != TPM_RC_SUCCESS) { 11751 return rc; 11752 } 11753 UINT32 response_size; 11754 std::string response_size_bytes; 11755 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 11756 if (rc != TPM_RC_SUCCESS) { 11757 return rc; 11758 } 11759 TPM_RC response_code; 11760 std::string response_code_bytes; 11761 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 11762 if (rc != TPM_RC_SUCCESS) { 11763 return rc; 11764 } 11765 if (response_size != response.size()) { 11766 return TPM_RC_SIZE; 11767 } 11768 if (response_code != TPM_RC_SUCCESS) { 11769 return response_code; 11770 } 11771 TPM_CC command_code = TPM_CC_Duplicate; 11772 std::string command_code_bytes; 11773 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11774 if (rc != TPM_RC_SUCCESS) { 11775 return rc; 11776 } 11777 std::string authorization_section_bytes; 11778 if (tag == TPM_ST_SESSIONS) { 11779 UINT32 parameter_section_size = buffer.size(); 11780 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11781 if (rc != TPM_RC_SUCCESS) { 11782 return rc; 11783 } 11784 if (parameter_section_size > buffer.size()) { 11785 return TPM_RC_INSUFFICIENT; 11786 } 11787 authorization_section_bytes = buffer.substr(parameter_section_size); 11788 // Keep the parameter section in |buffer|. 11789 buffer.erase(parameter_section_size); 11790 } 11791 std::unique_ptr<crypto::SecureHash> hash( 11792 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11793 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 11794 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11795 hash->Update(buffer.data(), buffer.size()); 11796 std::string response_hash(32, 0); 11797 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11798 if (tag == TPM_ST_SESSIONS) { 11799 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11800 if (!authorization_delegate->CheckResponseAuthorization( 11801 response_hash, authorization_section_bytes)) { 11802 return TRUNKS_RC_AUTHORIZATION_FAILED; 11803 } 11804 } 11805 std::string encryption_key_out_bytes; 11806 rc = Parse_TPM2B_DATA(&buffer, encryption_key_out, &encryption_key_out_bytes); 11807 if (rc != TPM_RC_SUCCESS) { 11808 return rc; 11809 } 11810 std::string duplicate_bytes; 11811 rc = Parse_TPM2B_PRIVATE(&buffer, duplicate, &duplicate_bytes); 11812 if (rc != TPM_RC_SUCCESS) { 11813 return rc; 11814 } 11815 std::string out_sym_seed_bytes; 11816 rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, out_sym_seed, &out_sym_seed_bytes); 11817 if (rc != TPM_RC_SUCCESS) { 11818 return rc; 11819 } 11820 if (tag == TPM_ST_SESSIONS) { 11821 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11822 // Decrypt just the parameter data, not the size. 11823 std::string tmp = encryption_key_out_bytes.substr(2); 11824 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11825 return TRUNKS_RC_ENCRYPTION_FAILED; 11826 } 11827 encryption_key_out_bytes.replace(2, std::string::npos, tmp); 11828 rc = Parse_TPM2B_DATA(&encryption_key_out_bytes, encryption_key_out, 11829 nullptr); 11830 if (rc != TPM_RC_SUCCESS) { 11831 return rc; 11832 } 11833 } 11834 return TPM_RC_SUCCESS; 11835 } 11836 11837 void DuplicateErrorCallback(const Tpm::DuplicateResponse& callback, 11838 TPM_RC response_code) { 11839 VLOG(1) << __func__; 11840 callback.Run(response_code, TPM2B_DATA(), TPM2B_PRIVATE(), 11841 TPM2B_ENCRYPTED_SECRET()); 11842 } 11843 11844 void DuplicateResponseParser(const Tpm::DuplicateResponse& callback, 11845 AuthorizationDelegate* authorization_delegate, 11846 const std::string& response) { 11847 VLOG(1) << __func__; 11848 base::Callback<void(TPM_RC)> error_reporter = 11849 base::Bind(DuplicateErrorCallback, callback); 11850 TPM2B_DATA encryption_key_out; 11851 TPM2B_PRIVATE duplicate; 11852 TPM2B_ENCRYPTED_SECRET out_sym_seed; 11853 TPM_RC rc = 11854 Tpm::ParseResponse_Duplicate(response, &encryption_key_out, &duplicate, 11855 &out_sym_seed, authorization_delegate); 11856 if (rc != TPM_RC_SUCCESS) { 11857 error_reporter.Run(rc); 11858 return; 11859 } 11860 callback.Run(rc, encryption_key_out, duplicate, out_sym_seed); 11861 } 11862 11863 void Tpm::Duplicate(const TPMI_DH_OBJECT& object_handle, 11864 const std::string& object_handle_name, 11865 const TPMI_DH_OBJECT& new_parent_handle, 11866 const std::string& new_parent_handle_name, 11867 const TPM2B_DATA& encryption_key_in, 11868 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 11869 AuthorizationDelegate* authorization_delegate, 11870 const DuplicateResponse& callback) { 11871 VLOG(1) << __func__; 11872 base::Callback<void(TPM_RC)> error_reporter = 11873 base::Bind(DuplicateErrorCallback, callback); 11874 base::Callback<void(const std::string&)> parser = 11875 base::Bind(DuplicateResponseParser, callback, authorization_delegate); 11876 std::string command; 11877 TPM_RC rc = SerializeCommand_Duplicate( 11878 object_handle, object_handle_name, new_parent_handle, 11879 new_parent_handle_name, encryption_key_in, symmetric_alg, &command, 11880 authorization_delegate); 11881 if (rc != TPM_RC_SUCCESS) { 11882 error_reporter.Run(rc); 11883 return; 11884 } 11885 transceiver_->SendCommand(command, parser); 11886 } 11887 11888 TPM_RC Tpm::DuplicateSync(const TPMI_DH_OBJECT& object_handle, 11889 const std::string& object_handle_name, 11890 const TPMI_DH_OBJECT& new_parent_handle, 11891 const std::string& new_parent_handle_name, 11892 const TPM2B_DATA& encryption_key_in, 11893 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 11894 TPM2B_DATA* encryption_key_out, 11895 TPM2B_PRIVATE* duplicate, 11896 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 11897 AuthorizationDelegate* authorization_delegate) { 11898 VLOG(1) << __func__; 11899 std::string command; 11900 TPM_RC rc = SerializeCommand_Duplicate( 11901 object_handle, object_handle_name, new_parent_handle, 11902 new_parent_handle_name, encryption_key_in, symmetric_alg, &command, 11903 authorization_delegate); 11904 if (rc != TPM_RC_SUCCESS) { 11905 return rc; 11906 } 11907 std::string response = transceiver_->SendCommandAndWait(command); 11908 rc = ParseResponse_Duplicate(response, encryption_key_out, duplicate, 11909 out_sym_seed, authorization_delegate); 11910 return rc; 11911 } 11912 11913 TPM_RC Tpm::SerializeCommand_Rewrap( 11914 const TPMI_DH_OBJECT& old_parent, 11915 const std::string& old_parent_name, 11916 const TPMI_DH_OBJECT& new_parent, 11917 const std::string& new_parent_name, 11918 const TPM2B_PRIVATE& in_duplicate, 11919 const TPM2B_NAME& name, 11920 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 11921 std::string* serialized_command, 11922 AuthorizationDelegate* authorization_delegate) { 11923 VLOG(3) << __func__; 11924 TPM_RC rc = TPM_RC_SUCCESS; 11925 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11926 UINT32 command_size = 10; // Header size. 11927 std::string handle_section_bytes; 11928 std::string parameter_section_bytes; 11929 TPM_CC command_code = TPM_CC_Rewrap; 11930 bool is_command_parameter_encryption_possible = true; 11931 bool is_response_parameter_encryption_possible = true; 11932 std::string command_code_bytes; 11933 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 11934 if (rc != TPM_RC_SUCCESS) { 11935 return rc; 11936 } 11937 std::string old_parent_bytes; 11938 rc = Serialize_TPMI_DH_OBJECT(old_parent, &old_parent_bytes); 11939 if (rc != TPM_RC_SUCCESS) { 11940 return rc; 11941 } 11942 std::string new_parent_bytes; 11943 rc = Serialize_TPMI_DH_OBJECT(new_parent, &new_parent_bytes); 11944 if (rc != TPM_RC_SUCCESS) { 11945 return rc; 11946 } 11947 std::string in_duplicate_bytes; 11948 rc = Serialize_TPM2B_PRIVATE(in_duplicate, &in_duplicate_bytes); 11949 if (rc != TPM_RC_SUCCESS) { 11950 return rc; 11951 } 11952 std::string name_bytes; 11953 rc = Serialize_TPM2B_NAME(name, &name_bytes); 11954 if (rc != TPM_RC_SUCCESS) { 11955 return rc; 11956 } 11957 std::string in_sym_seed_bytes; 11958 rc = Serialize_TPM2B_ENCRYPTED_SECRET(in_sym_seed, &in_sym_seed_bytes); 11959 if (rc != TPM_RC_SUCCESS) { 11960 return rc; 11961 } 11962 if (authorization_delegate) { 11963 // Encrypt just the parameter data, not the size. 11964 std::string tmp = in_duplicate_bytes.substr(2); 11965 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 11966 return TRUNKS_RC_ENCRYPTION_FAILED; 11967 } 11968 in_duplicate_bytes.replace(2, std::string::npos, tmp); 11969 } 11970 std::unique_ptr<crypto::SecureHash> hash( 11971 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 11972 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 11973 hash->Update(old_parent_name.data(), old_parent_name.size()); 11974 handle_section_bytes += old_parent_bytes; 11975 command_size += old_parent_bytes.size(); 11976 hash->Update(new_parent_name.data(), new_parent_name.size()); 11977 handle_section_bytes += new_parent_bytes; 11978 command_size += new_parent_bytes.size(); 11979 hash->Update(in_duplicate_bytes.data(), in_duplicate_bytes.size()); 11980 parameter_section_bytes += in_duplicate_bytes; 11981 command_size += in_duplicate_bytes.size(); 11982 hash->Update(name_bytes.data(), name_bytes.size()); 11983 parameter_section_bytes += name_bytes; 11984 command_size += name_bytes.size(); 11985 hash->Update(in_sym_seed_bytes.data(), in_sym_seed_bytes.size()); 11986 parameter_section_bytes += in_sym_seed_bytes; 11987 command_size += in_sym_seed_bytes.size(); 11988 std::string command_hash(32, 0); 11989 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11990 std::string authorization_section_bytes; 11991 std::string authorization_size_bytes; 11992 if (authorization_delegate) { 11993 if (!authorization_delegate->GetCommandAuthorization( 11994 command_hash, is_command_parameter_encryption_possible, 11995 is_response_parameter_encryption_possible, 11996 &authorization_section_bytes)) { 11997 return TRUNKS_RC_AUTHORIZATION_FAILED; 11998 } 11999 if (!authorization_section_bytes.empty()) { 12000 tag = TPM_ST_SESSIONS; 12001 std::string tmp; 12002 rc = Serialize_UINT32(authorization_section_bytes.size(), 12003 &authorization_size_bytes); 12004 if (rc != TPM_RC_SUCCESS) { 12005 return rc; 12006 } 12007 command_size += 12008 authorization_size_bytes.size() + authorization_section_bytes.size(); 12009 } 12010 } 12011 std::string tag_bytes; 12012 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 12013 if (rc != TPM_RC_SUCCESS) { 12014 return rc; 12015 } 12016 std::string command_size_bytes; 12017 rc = Serialize_UINT32(command_size, &command_size_bytes); 12018 if (rc != TPM_RC_SUCCESS) { 12019 return rc; 12020 } 12021 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 12022 handle_section_bytes + authorization_size_bytes + 12023 authorization_section_bytes + parameter_section_bytes; 12024 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12025 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12026 serialized_command->size()); 12027 return TPM_RC_SUCCESS; 12028 } 12029 12030 TPM_RC Tpm::ParseResponse_Rewrap( 12031 const std::string& response, 12032 TPM2B_PRIVATE* out_duplicate, 12033 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 12034 AuthorizationDelegate* authorization_delegate) { 12035 VLOG(3) << __func__; 12036 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12037 TPM_RC rc = TPM_RC_SUCCESS; 12038 std::string buffer(response); 12039 TPM_ST tag; 12040 std::string tag_bytes; 12041 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 12042 if (rc != TPM_RC_SUCCESS) { 12043 return rc; 12044 } 12045 UINT32 response_size; 12046 std::string response_size_bytes; 12047 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 12048 if (rc != TPM_RC_SUCCESS) { 12049 return rc; 12050 } 12051 TPM_RC response_code; 12052 std::string response_code_bytes; 12053 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 12054 if (rc != TPM_RC_SUCCESS) { 12055 return rc; 12056 } 12057 if (response_size != response.size()) { 12058 return TPM_RC_SIZE; 12059 } 12060 if (response_code != TPM_RC_SUCCESS) { 12061 return response_code; 12062 } 12063 TPM_CC command_code = TPM_CC_Rewrap; 12064 std::string command_code_bytes; 12065 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12066 if (rc != TPM_RC_SUCCESS) { 12067 return rc; 12068 } 12069 std::string authorization_section_bytes; 12070 if (tag == TPM_ST_SESSIONS) { 12071 UINT32 parameter_section_size = buffer.size(); 12072 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12073 if (rc != TPM_RC_SUCCESS) { 12074 return rc; 12075 } 12076 if (parameter_section_size > buffer.size()) { 12077 return TPM_RC_INSUFFICIENT; 12078 } 12079 authorization_section_bytes = buffer.substr(parameter_section_size); 12080 // Keep the parameter section in |buffer|. 12081 buffer.erase(parameter_section_size); 12082 } 12083 std::unique_ptr<crypto::SecureHash> hash( 12084 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12085 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 12086 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12087 hash->Update(buffer.data(), buffer.size()); 12088 std::string response_hash(32, 0); 12089 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12090 if (tag == TPM_ST_SESSIONS) { 12091 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12092 if (!authorization_delegate->CheckResponseAuthorization( 12093 response_hash, authorization_section_bytes)) { 12094 return TRUNKS_RC_AUTHORIZATION_FAILED; 12095 } 12096 } 12097 std::string out_duplicate_bytes; 12098 rc = Parse_TPM2B_PRIVATE(&buffer, out_duplicate, &out_duplicate_bytes); 12099 if (rc != TPM_RC_SUCCESS) { 12100 return rc; 12101 } 12102 std::string out_sym_seed_bytes; 12103 rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, out_sym_seed, &out_sym_seed_bytes); 12104 if (rc != TPM_RC_SUCCESS) { 12105 return rc; 12106 } 12107 if (tag == TPM_ST_SESSIONS) { 12108 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12109 // Decrypt just the parameter data, not the size. 12110 std::string tmp = out_duplicate_bytes.substr(2); 12111 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12112 return TRUNKS_RC_ENCRYPTION_FAILED; 12113 } 12114 out_duplicate_bytes.replace(2, std::string::npos, tmp); 12115 rc = Parse_TPM2B_PRIVATE(&out_duplicate_bytes, out_duplicate, nullptr); 12116 if (rc != TPM_RC_SUCCESS) { 12117 return rc; 12118 } 12119 } 12120 return TPM_RC_SUCCESS; 12121 } 12122 12123 void RewrapErrorCallback(const Tpm::RewrapResponse& callback, 12124 TPM_RC response_code) { 12125 VLOG(1) << __func__; 12126 callback.Run(response_code, TPM2B_PRIVATE(), TPM2B_ENCRYPTED_SECRET()); 12127 } 12128 12129 void RewrapResponseParser(const Tpm::RewrapResponse& callback, 12130 AuthorizationDelegate* authorization_delegate, 12131 const std::string& response) { 12132 VLOG(1) << __func__; 12133 base::Callback<void(TPM_RC)> error_reporter = 12134 base::Bind(RewrapErrorCallback, callback); 12135 TPM2B_PRIVATE out_duplicate; 12136 TPM2B_ENCRYPTED_SECRET out_sym_seed; 12137 TPM_RC rc = Tpm::ParseResponse_Rewrap(response, &out_duplicate, &out_sym_seed, 12138 authorization_delegate); 12139 if (rc != TPM_RC_SUCCESS) { 12140 error_reporter.Run(rc); 12141 return; 12142 } 12143 callback.Run(rc, out_duplicate, out_sym_seed); 12144 } 12145 12146 void Tpm::Rewrap(const TPMI_DH_OBJECT& old_parent, 12147 const std::string& old_parent_name, 12148 const TPMI_DH_OBJECT& new_parent, 12149 const std::string& new_parent_name, 12150 const TPM2B_PRIVATE& in_duplicate, 12151 const TPM2B_NAME& name, 12152 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 12153 AuthorizationDelegate* authorization_delegate, 12154 const RewrapResponse& callback) { 12155 VLOG(1) << __func__; 12156 base::Callback<void(TPM_RC)> error_reporter = 12157 base::Bind(RewrapErrorCallback, callback); 12158 base::Callback<void(const std::string&)> parser = 12159 base::Bind(RewrapResponseParser, callback, authorization_delegate); 12160 std::string command; 12161 TPM_RC rc = SerializeCommand_Rewrap( 12162 old_parent, old_parent_name, new_parent, new_parent_name, in_duplicate, 12163 name, in_sym_seed, &command, authorization_delegate); 12164 if (rc != TPM_RC_SUCCESS) { 12165 error_reporter.Run(rc); 12166 return; 12167 } 12168 transceiver_->SendCommand(command, parser); 12169 } 12170 12171 TPM_RC Tpm::RewrapSync(const TPMI_DH_OBJECT& old_parent, 12172 const std::string& old_parent_name, 12173 const TPMI_DH_OBJECT& new_parent, 12174 const std::string& new_parent_name, 12175 const TPM2B_PRIVATE& in_duplicate, 12176 const TPM2B_NAME& name, 12177 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 12178 TPM2B_PRIVATE* out_duplicate, 12179 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 12180 AuthorizationDelegate* authorization_delegate) { 12181 VLOG(1) << __func__; 12182 std::string command; 12183 TPM_RC rc = SerializeCommand_Rewrap( 12184 old_parent, old_parent_name, new_parent, new_parent_name, in_duplicate, 12185 name, in_sym_seed, &command, authorization_delegate); 12186 if (rc != TPM_RC_SUCCESS) { 12187 return rc; 12188 } 12189 std::string response = transceiver_->SendCommandAndWait(command); 12190 rc = ParseResponse_Rewrap(response, out_duplicate, out_sym_seed, 12191 authorization_delegate); 12192 return rc; 12193 } 12194 12195 TPM_RC Tpm::SerializeCommand_Import( 12196 const TPMI_DH_OBJECT& parent_handle, 12197 const std::string& parent_handle_name, 12198 const TPM2B_DATA& encryption_key, 12199 const TPM2B_PUBLIC& object_public, 12200 const TPM2B_PRIVATE& duplicate, 12201 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 12202 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 12203 std::string* serialized_command, 12204 AuthorizationDelegate* authorization_delegate) { 12205 VLOG(3) << __func__; 12206 TPM_RC rc = TPM_RC_SUCCESS; 12207 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12208 UINT32 command_size = 10; // Header size. 12209 std::string handle_section_bytes; 12210 std::string parameter_section_bytes; 12211 TPM_CC command_code = TPM_CC_Import; 12212 bool is_command_parameter_encryption_possible = true; 12213 bool is_response_parameter_encryption_possible = true; 12214 std::string command_code_bytes; 12215 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12216 if (rc != TPM_RC_SUCCESS) { 12217 return rc; 12218 } 12219 std::string parent_handle_bytes; 12220 rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes); 12221 if (rc != TPM_RC_SUCCESS) { 12222 return rc; 12223 } 12224 std::string encryption_key_bytes; 12225 rc = Serialize_TPM2B_DATA(encryption_key, &encryption_key_bytes); 12226 if (rc != TPM_RC_SUCCESS) { 12227 return rc; 12228 } 12229 std::string object_public_bytes; 12230 rc = Serialize_TPM2B_PUBLIC(object_public, &object_public_bytes); 12231 if (rc != TPM_RC_SUCCESS) { 12232 return rc; 12233 } 12234 std::string duplicate_bytes; 12235 rc = Serialize_TPM2B_PRIVATE(duplicate, &duplicate_bytes); 12236 if (rc != TPM_RC_SUCCESS) { 12237 return rc; 12238 } 12239 std::string in_sym_seed_bytes; 12240 rc = Serialize_TPM2B_ENCRYPTED_SECRET(in_sym_seed, &in_sym_seed_bytes); 12241 if (rc != TPM_RC_SUCCESS) { 12242 return rc; 12243 } 12244 std::string symmetric_alg_bytes; 12245 rc = Serialize_TPMT_SYM_DEF_OBJECT(symmetric_alg, &symmetric_alg_bytes); 12246 if (rc != TPM_RC_SUCCESS) { 12247 return rc; 12248 } 12249 if (authorization_delegate) { 12250 // Encrypt just the parameter data, not the size. 12251 std::string tmp = encryption_key_bytes.substr(2); 12252 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 12253 return TRUNKS_RC_ENCRYPTION_FAILED; 12254 } 12255 encryption_key_bytes.replace(2, std::string::npos, tmp); 12256 } 12257 std::unique_ptr<crypto::SecureHash> hash( 12258 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12259 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12260 hash->Update(parent_handle_name.data(), parent_handle_name.size()); 12261 handle_section_bytes += parent_handle_bytes; 12262 command_size += parent_handle_bytes.size(); 12263 hash->Update(encryption_key_bytes.data(), encryption_key_bytes.size()); 12264 parameter_section_bytes += encryption_key_bytes; 12265 command_size += encryption_key_bytes.size(); 12266 hash->Update(object_public_bytes.data(), object_public_bytes.size()); 12267 parameter_section_bytes += object_public_bytes; 12268 command_size += object_public_bytes.size(); 12269 hash->Update(duplicate_bytes.data(), duplicate_bytes.size()); 12270 parameter_section_bytes += duplicate_bytes; 12271 command_size += duplicate_bytes.size(); 12272 hash->Update(in_sym_seed_bytes.data(), in_sym_seed_bytes.size()); 12273 parameter_section_bytes += in_sym_seed_bytes; 12274 command_size += in_sym_seed_bytes.size(); 12275 hash->Update(symmetric_alg_bytes.data(), symmetric_alg_bytes.size()); 12276 parameter_section_bytes += symmetric_alg_bytes; 12277 command_size += symmetric_alg_bytes.size(); 12278 std::string command_hash(32, 0); 12279 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12280 std::string authorization_section_bytes; 12281 std::string authorization_size_bytes; 12282 if (authorization_delegate) { 12283 if (!authorization_delegate->GetCommandAuthorization( 12284 command_hash, is_command_parameter_encryption_possible, 12285 is_response_parameter_encryption_possible, 12286 &authorization_section_bytes)) { 12287 return TRUNKS_RC_AUTHORIZATION_FAILED; 12288 } 12289 if (!authorization_section_bytes.empty()) { 12290 tag = TPM_ST_SESSIONS; 12291 std::string tmp; 12292 rc = Serialize_UINT32(authorization_section_bytes.size(), 12293 &authorization_size_bytes); 12294 if (rc != TPM_RC_SUCCESS) { 12295 return rc; 12296 } 12297 command_size += 12298 authorization_size_bytes.size() + authorization_section_bytes.size(); 12299 } 12300 } 12301 std::string tag_bytes; 12302 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 12303 if (rc != TPM_RC_SUCCESS) { 12304 return rc; 12305 } 12306 std::string command_size_bytes; 12307 rc = Serialize_UINT32(command_size, &command_size_bytes); 12308 if (rc != TPM_RC_SUCCESS) { 12309 return rc; 12310 } 12311 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 12312 handle_section_bytes + authorization_size_bytes + 12313 authorization_section_bytes + parameter_section_bytes; 12314 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12315 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12316 serialized_command->size()); 12317 return TPM_RC_SUCCESS; 12318 } 12319 12320 TPM_RC Tpm::ParseResponse_Import( 12321 const std::string& response, 12322 TPM2B_PRIVATE* out_private, 12323 AuthorizationDelegate* authorization_delegate) { 12324 VLOG(3) << __func__; 12325 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12326 TPM_RC rc = TPM_RC_SUCCESS; 12327 std::string buffer(response); 12328 TPM_ST tag; 12329 std::string tag_bytes; 12330 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 12331 if (rc != TPM_RC_SUCCESS) { 12332 return rc; 12333 } 12334 UINT32 response_size; 12335 std::string response_size_bytes; 12336 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 12337 if (rc != TPM_RC_SUCCESS) { 12338 return rc; 12339 } 12340 TPM_RC response_code; 12341 std::string response_code_bytes; 12342 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 12343 if (rc != TPM_RC_SUCCESS) { 12344 return rc; 12345 } 12346 if (response_size != response.size()) { 12347 return TPM_RC_SIZE; 12348 } 12349 if (response_code != TPM_RC_SUCCESS) { 12350 return response_code; 12351 } 12352 TPM_CC command_code = TPM_CC_Import; 12353 std::string command_code_bytes; 12354 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12355 if (rc != TPM_RC_SUCCESS) { 12356 return rc; 12357 } 12358 std::string authorization_section_bytes; 12359 if (tag == TPM_ST_SESSIONS) { 12360 UINT32 parameter_section_size = buffer.size(); 12361 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12362 if (rc != TPM_RC_SUCCESS) { 12363 return rc; 12364 } 12365 if (parameter_section_size > buffer.size()) { 12366 return TPM_RC_INSUFFICIENT; 12367 } 12368 authorization_section_bytes = buffer.substr(parameter_section_size); 12369 // Keep the parameter section in |buffer|. 12370 buffer.erase(parameter_section_size); 12371 } 12372 std::unique_ptr<crypto::SecureHash> hash( 12373 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12374 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 12375 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12376 hash->Update(buffer.data(), buffer.size()); 12377 std::string response_hash(32, 0); 12378 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12379 if (tag == TPM_ST_SESSIONS) { 12380 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12381 if (!authorization_delegate->CheckResponseAuthorization( 12382 response_hash, authorization_section_bytes)) { 12383 return TRUNKS_RC_AUTHORIZATION_FAILED; 12384 } 12385 } 12386 std::string out_private_bytes; 12387 rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes); 12388 if (rc != TPM_RC_SUCCESS) { 12389 return rc; 12390 } 12391 if (tag == TPM_ST_SESSIONS) { 12392 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12393 // Decrypt just the parameter data, not the size. 12394 std::string tmp = out_private_bytes.substr(2); 12395 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12396 return TRUNKS_RC_ENCRYPTION_FAILED; 12397 } 12398 out_private_bytes.replace(2, std::string::npos, tmp); 12399 rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr); 12400 if (rc != TPM_RC_SUCCESS) { 12401 return rc; 12402 } 12403 } 12404 return TPM_RC_SUCCESS; 12405 } 12406 12407 void ImportErrorCallback(const Tpm::ImportResponse& callback, 12408 TPM_RC response_code) { 12409 VLOG(1) << __func__; 12410 callback.Run(response_code, TPM2B_PRIVATE()); 12411 } 12412 12413 void ImportResponseParser(const Tpm::ImportResponse& callback, 12414 AuthorizationDelegate* authorization_delegate, 12415 const std::string& response) { 12416 VLOG(1) << __func__; 12417 base::Callback<void(TPM_RC)> error_reporter = 12418 base::Bind(ImportErrorCallback, callback); 12419 TPM2B_PRIVATE out_private; 12420 TPM_RC rc = 12421 Tpm::ParseResponse_Import(response, &out_private, authorization_delegate); 12422 if (rc != TPM_RC_SUCCESS) { 12423 error_reporter.Run(rc); 12424 return; 12425 } 12426 callback.Run(rc, out_private); 12427 } 12428 12429 void Tpm::Import(const TPMI_DH_OBJECT& parent_handle, 12430 const std::string& parent_handle_name, 12431 const TPM2B_DATA& encryption_key, 12432 const TPM2B_PUBLIC& object_public, 12433 const TPM2B_PRIVATE& duplicate, 12434 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 12435 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 12436 AuthorizationDelegate* authorization_delegate, 12437 const ImportResponse& callback) { 12438 VLOG(1) << __func__; 12439 base::Callback<void(TPM_RC)> error_reporter = 12440 base::Bind(ImportErrorCallback, callback); 12441 base::Callback<void(const std::string&)> parser = 12442 base::Bind(ImportResponseParser, callback, authorization_delegate); 12443 std::string command; 12444 TPM_RC rc = SerializeCommand_Import( 12445 parent_handle, parent_handle_name, encryption_key, object_public, 12446 duplicate, in_sym_seed, symmetric_alg, &command, authorization_delegate); 12447 if (rc != TPM_RC_SUCCESS) { 12448 error_reporter.Run(rc); 12449 return; 12450 } 12451 transceiver_->SendCommand(command, parser); 12452 } 12453 12454 TPM_RC Tpm::ImportSync(const TPMI_DH_OBJECT& parent_handle, 12455 const std::string& parent_handle_name, 12456 const TPM2B_DATA& encryption_key, 12457 const TPM2B_PUBLIC& object_public, 12458 const TPM2B_PRIVATE& duplicate, 12459 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 12460 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 12461 TPM2B_PRIVATE* out_private, 12462 AuthorizationDelegate* authorization_delegate) { 12463 VLOG(1) << __func__; 12464 std::string command; 12465 TPM_RC rc = SerializeCommand_Import( 12466 parent_handle, parent_handle_name, encryption_key, object_public, 12467 duplicate, in_sym_seed, symmetric_alg, &command, authorization_delegate); 12468 if (rc != TPM_RC_SUCCESS) { 12469 return rc; 12470 } 12471 std::string response = transceiver_->SendCommandAndWait(command); 12472 rc = ParseResponse_Import(response, out_private, authorization_delegate); 12473 return rc; 12474 } 12475 12476 TPM_RC Tpm::SerializeCommand_RSA_Encrypt( 12477 const TPMI_DH_OBJECT& key_handle, 12478 const std::string& key_handle_name, 12479 const TPM2B_PUBLIC_KEY_RSA& message, 12480 const TPMT_RSA_DECRYPT& in_scheme, 12481 const TPM2B_DATA& label, 12482 std::string* serialized_command, 12483 AuthorizationDelegate* authorization_delegate) { 12484 VLOG(3) << __func__; 12485 TPM_RC rc = TPM_RC_SUCCESS; 12486 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12487 UINT32 command_size = 10; // Header size. 12488 std::string handle_section_bytes; 12489 std::string parameter_section_bytes; 12490 TPM_CC command_code = TPM_CC_RSA_Encrypt; 12491 bool is_command_parameter_encryption_possible = true; 12492 bool is_response_parameter_encryption_possible = true; 12493 std::string command_code_bytes; 12494 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12495 if (rc != TPM_RC_SUCCESS) { 12496 return rc; 12497 } 12498 std::string key_handle_bytes; 12499 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 12500 if (rc != TPM_RC_SUCCESS) { 12501 return rc; 12502 } 12503 std::string message_bytes; 12504 rc = Serialize_TPM2B_PUBLIC_KEY_RSA(message, &message_bytes); 12505 if (rc != TPM_RC_SUCCESS) { 12506 return rc; 12507 } 12508 std::string in_scheme_bytes; 12509 rc = Serialize_TPMT_RSA_DECRYPT(in_scheme, &in_scheme_bytes); 12510 if (rc != TPM_RC_SUCCESS) { 12511 return rc; 12512 } 12513 std::string label_bytes; 12514 rc = Serialize_TPM2B_DATA(label, &label_bytes); 12515 if (rc != TPM_RC_SUCCESS) { 12516 return rc; 12517 } 12518 if (authorization_delegate) { 12519 // Encrypt just the parameter data, not the size. 12520 std::string tmp = message_bytes.substr(2); 12521 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 12522 return TRUNKS_RC_ENCRYPTION_FAILED; 12523 } 12524 message_bytes.replace(2, std::string::npos, tmp); 12525 } 12526 std::unique_ptr<crypto::SecureHash> hash( 12527 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12528 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12529 hash->Update(key_handle_name.data(), key_handle_name.size()); 12530 handle_section_bytes += key_handle_bytes; 12531 command_size += key_handle_bytes.size(); 12532 hash->Update(message_bytes.data(), message_bytes.size()); 12533 parameter_section_bytes += message_bytes; 12534 command_size += message_bytes.size(); 12535 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 12536 parameter_section_bytes += in_scheme_bytes; 12537 command_size += in_scheme_bytes.size(); 12538 hash->Update(label_bytes.data(), label_bytes.size()); 12539 parameter_section_bytes += label_bytes; 12540 command_size += label_bytes.size(); 12541 std::string command_hash(32, 0); 12542 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12543 std::string authorization_section_bytes; 12544 std::string authorization_size_bytes; 12545 if (authorization_delegate) { 12546 if (!authorization_delegate->GetCommandAuthorization( 12547 command_hash, is_command_parameter_encryption_possible, 12548 is_response_parameter_encryption_possible, 12549 &authorization_section_bytes)) { 12550 return TRUNKS_RC_AUTHORIZATION_FAILED; 12551 } 12552 if (!authorization_section_bytes.empty()) { 12553 tag = TPM_ST_SESSIONS; 12554 std::string tmp; 12555 rc = Serialize_UINT32(authorization_section_bytes.size(), 12556 &authorization_size_bytes); 12557 if (rc != TPM_RC_SUCCESS) { 12558 return rc; 12559 } 12560 command_size += 12561 authorization_size_bytes.size() + authorization_section_bytes.size(); 12562 } 12563 } 12564 std::string tag_bytes; 12565 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 12566 if (rc != TPM_RC_SUCCESS) { 12567 return rc; 12568 } 12569 std::string command_size_bytes; 12570 rc = Serialize_UINT32(command_size, &command_size_bytes); 12571 if (rc != TPM_RC_SUCCESS) { 12572 return rc; 12573 } 12574 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 12575 handle_section_bytes + authorization_size_bytes + 12576 authorization_section_bytes + parameter_section_bytes; 12577 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12578 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12579 serialized_command->size()); 12580 return TPM_RC_SUCCESS; 12581 } 12582 12583 TPM_RC Tpm::ParseResponse_RSA_Encrypt( 12584 const std::string& response, 12585 TPM2B_PUBLIC_KEY_RSA* out_data, 12586 AuthorizationDelegate* authorization_delegate) { 12587 VLOG(3) << __func__; 12588 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12589 TPM_RC rc = TPM_RC_SUCCESS; 12590 std::string buffer(response); 12591 TPM_ST tag; 12592 std::string tag_bytes; 12593 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 12594 if (rc != TPM_RC_SUCCESS) { 12595 return rc; 12596 } 12597 UINT32 response_size; 12598 std::string response_size_bytes; 12599 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 12600 if (rc != TPM_RC_SUCCESS) { 12601 return rc; 12602 } 12603 TPM_RC response_code; 12604 std::string response_code_bytes; 12605 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 12606 if (rc != TPM_RC_SUCCESS) { 12607 return rc; 12608 } 12609 if (response_size != response.size()) { 12610 return TPM_RC_SIZE; 12611 } 12612 if (response_code != TPM_RC_SUCCESS) { 12613 return response_code; 12614 } 12615 TPM_CC command_code = TPM_CC_RSA_Encrypt; 12616 std::string command_code_bytes; 12617 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12618 if (rc != TPM_RC_SUCCESS) { 12619 return rc; 12620 } 12621 std::string authorization_section_bytes; 12622 if (tag == TPM_ST_SESSIONS) { 12623 UINT32 parameter_section_size = buffer.size(); 12624 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12625 if (rc != TPM_RC_SUCCESS) { 12626 return rc; 12627 } 12628 if (parameter_section_size > buffer.size()) { 12629 return TPM_RC_INSUFFICIENT; 12630 } 12631 authorization_section_bytes = buffer.substr(parameter_section_size); 12632 // Keep the parameter section in |buffer|. 12633 buffer.erase(parameter_section_size); 12634 } 12635 std::unique_ptr<crypto::SecureHash> hash( 12636 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12637 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 12638 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12639 hash->Update(buffer.data(), buffer.size()); 12640 std::string response_hash(32, 0); 12641 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12642 if (tag == TPM_ST_SESSIONS) { 12643 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12644 if (!authorization_delegate->CheckResponseAuthorization( 12645 response_hash, authorization_section_bytes)) { 12646 return TRUNKS_RC_AUTHORIZATION_FAILED; 12647 } 12648 } 12649 std::string out_data_bytes; 12650 rc = Parse_TPM2B_PUBLIC_KEY_RSA(&buffer, out_data, &out_data_bytes); 12651 if (rc != TPM_RC_SUCCESS) { 12652 return rc; 12653 } 12654 if (tag == TPM_ST_SESSIONS) { 12655 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12656 // Decrypt just the parameter data, not the size. 12657 std::string tmp = out_data_bytes.substr(2); 12658 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12659 return TRUNKS_RC_ENCRYPTION_FAILED; 12660 } 12661 out_data_bytes.replace(2, std::string::npos, tmp); 12662 rc = Parse_TPM2B_PUBLIC_KEY_RSA(&out_data_bytes, out_data, nullptr); 12663 if (rc != TPM_RC_SUCCESS) { 12664 return rc; 12665 } 12666 } 12667 return TPM_RC_SUCCESS; 12668 } 12669 12670 void RSA_EncryptErrorCallback(const Tpm::RSA_EncryptResponse& callback, 12671 TPM_RC response_code) { 12672 VLOG(1) << __func__; 12673 callback.Run(response_code, TPM2B_PUBLIC_KEY_RSA()); 12674 } 12675 12676 void RSA_EncryptResponseParser(const Tpm::RSA_EncryptResponse& callback, 12677 AuthorizationDelegate* authorization_delegate, 12678 const std::string& response) { 12679 VLOG(1) << __func__; 12680 base::Callback<void(TPM_RC)> error_reporter = 12681 base::Bind(RSA_EncryptErrorCallback, callback); 12682 TPM2B_PUBLIC_KEY_RSA out_data; 12683 TPM_RC rc = Tpm::ParseResponse_RSA_Encrypt(response, &out_data, 12684 authorization_delegate); 12685 if (rc != TPM_RC_SUCCESS) { 12686 error_reporter.Run(rc); 12687 return; 12688 } 12689 callback.Run(rc, out_data); 12690 } 12691 12692 void Tpm::RSA_Encrypt(const TPMI_DH_OBJECT& key_handle, 12693 const std::string& key_handle_name, 12694 const TPM2B_PUBLIC_KEY_RSA& message, 12695 const TPMT_RSA_DECRYPT& in_scheme, 12696 const TPM2B_DATA& label, 12697 AuthorizationDelegate* authorization_delegate, 12698 const RSA_EncryptResponse& callback) { 12699 VLOG(1) << __func__; 12700 base::Callback<void(TPM_RC)> error_reporter = 12701 base::Bind(RSA_EncryptErrorCallback, callback); 12702 base::Callback<void(const std::string&)> parser = 12703 base::Bind(RSA_EncryptResponseParser, callback, authorization_delegate); 12704 std::string command; 12705 TPM_RC rc = SerializeCommand_RSA_Encrypt(key_handle, key_handle_name, message, 12706 in_scheme, label, &command, 12707 authorization_delegate); 12708 if (rc != TPM_RC_SUCCESS) { 12709 error_reporter.Run(rc); 12710 return; 12711 } 12712 transceiver_->SendCommand(command, parser); 12713 } 12714 12715 TPM_RC Tpm::RSA_EncryptSync(const TPMI_DH_OBJECT& key_handle, 12716 const std::string& key_handle_name, 12717 const TPM2B_PUBLIC_KEY_RSA& message, 12718 const TPMT_RSA_DECRYPT& in_scheme, 12719 const TPM2B_DATA& label, 12720 TPM2B_PUBLIC_KEY_RSA* out_data, 12721 AuthorizationDelegate* authorization_delegate) { 12722 VLOG(1) << __func__; 12723 std::string command; 12724 TPM_RC rc = SerializeCommand_RSA_Encrypt(key_handle, key_handle_name, message, 12725 in_scheme, label, &command, 12726 authorization_delegate); 12727 if (rc != TPM_RC_SUCCESS) { 12728 return rc; 12729 } 12730 std::string response = transceiver_->SendCommandAndWait(command); 12731 rc = ParseResponse_RSA_Encrypt(response, out_data, authorization_delegate); 12732 return rc; 12733 } 12734 12735 TPM_RC Tpm::SerializeCommand_RSA_Decrypt( 12736 const TPMI_DH_OBJECT& key_handle, 12737 const std::string& key_handle_name, 12738 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 12739 const TPMT_RSA_DECRYPT& in_scheme, 12740 const TPM2B_DATA& label, 12741 std::string* serialized_command, 12742 AuthorizationDelegate* authorization_delegate) { 12743 VLOG(3) << __func__; 12744 TPM_RC rc = TPM_RC_SUCCESS; 12745 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12746 UINT32 command_size = 10; // Header size. 12747 std::string handle_section_bytes; 12748 std::string parameter_section_bytes; 12749 TPM_CC command_code = TPM_CC_RSA_Decrypt; 12750 bool is_command_parameter_encryption_possible = true; 12751 bool is_response_parameter_encryption_possible = true; 12752 std::string command_code_bytes; 12753 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12754 if (rc != TPM_RC_SUCCESS) { 12755 return rc; 12756 } 12757 std::string key_handle_bytes; 12758 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 12759 if (rc != TPM_RC_SUCCESS) { 12760 return rc; 12761 } 12762 std::string cipher_text_bytes; 12763 rc = Serialize_TPM2B_PUBLIC_KEY_RSA(cipher_text, &cipher_text_bytes); 12764 if (rc != TPM_RC_SUCCESS) { 12765 return rc; 12766 } 12767 std::string in_scheme_bytes; 12768 rc = Serialize_TPMT_RSA_DECRYPT(in_scheme, &in_scheme_bytes); 12769 if (rc != TPM_RC_SUCCESS) { 12770 return rc; 12771 } 12772 std::string label_bytes; 12773 rc = Serialize_TPM2B_DATA(label, &label_bytes); 12774 if (rc != TPM_RC_SUCCESS) { 12775 return rc; 12776 } 12777 if (authorization_delegate) { 12778 // Encrypt just the parameter data, not the size. 12779 std::string tmp = cipher_text_bytes.substr(2); 12780 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 12781 return TRUNKS_RC_ENCRYPTION_FAILED; 12782 } 12783 cipher_text_bytes.replace(2, std::string::npos, tmp); 12784 } 12785 std::unique_ptr<crypto::SecureHash> hash( 12786 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12787 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12788 hash->Update(key_handle_name.data(), key_handle_name.size()); 12789 handle_section_bytes += key_handle_bytes; 12790 command_size += key_handle_bytes.size(); 12791 hash->Update(cipher_text_bytes.data(), cipher_text_bytes.size()); 12792 parameter_section_bytes += cipher_text_bytes; 12793 command_size += cipher_text_bytes.size(); 12794 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 12795 parameter_section_bytes += in_scheme_bytes; 12796 command_size += in_scheme_bytes.size(); 12797 hash->Update(label_bytes.data(), label_bytes.size()); 12798 parameter_section_bytes += label_bytes; 12799 command_size += label_bytes.size(); 12800 std::string command_hash(32, 0); 12801 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12802 std::string authorization_section_bytes; 12803 std::string authorization_size_bytes; 12804 if (authorization_delegate) { 12805 if (!authorization_delegate->GetCommandAuthorization( 12806 command_hash, is_command_parameter_encryption_possible, 12807 is_response_parameter_encryption_possible, 12808 &authorization_section_bytes)) { 12809 return TRUNKS_RC_AUTHORIZATION_FAILED; 12810 } 12811 if (!authorization_section_bytes.empty()) { 12812 tag = TPM_ST_SESSIONS; 12813 std::string tmp; 12814 rc = Serialize_UINT32(authorization_section_bytes.size(), 12815 &authorization_size_bytes); 12816 if (rc != TPM_RC_SUCCESS) { 12817 return rc; 12818 } 12819 command_size += 12820 authorization_size_bytes.size() + authorization_section_bytes.size(); 12821 } 12822 } 12823 std::string tag_bytes; 12824 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 12825 if (rc != TPM_RC_SUCCESS) { 12826 return rc; 12827 } 12828 std::string command_size_bytes; 12829 rc = Serialize_UINT32(command_size, &command_size_bytes); 12830 if (rc != TPM_RC_SUCCESS) { 12831 return rc; 12832 } 12833 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 12834 handle_section_bytes + authorization_size_bytes + 12835 authorization_section_bytes + parameter_section_bytes; 12836 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12837 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12838 serialized_command->size()); 12839 return TPM_RC_SUCCESS; 12840 } 12841 12842 TPM_RC Tpm::ParseResponse_RSA_Decrypt( 12843 const std::string& response, 12844 TPM2B_PUBLIC_KEY_RSA* message, 12845 AuthorizationDelegate* authorization_delegate) { 12846 VLOG(3) << __func__; 12847 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12848 TPM_RC rc = TPM_RC_SUCCESS; 12849 std::string buffer(response); 12850 TPM_ST tag; 12851 std::string tag_bytes; 12852 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 12853 if (rc != TPM_RC_SUCCESS) { 12854 return rc; 12855 } 12856 UINT32 response_size; 12857 std::string response_size_bytes; 12858 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 12859 if (rc != TPM_RC_SUCCESS) { 12860 return rc; 12861 } 12862 TPM_RC response_code; 12863 std::string response_code_bytes; 12864 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 12865 if (rc != TPM_RC_SUCCESS) { 12866 return rc; 12867 } 12868 if (response_size != response.size()) { 12869 return TPM_RC_SIZE; 12870 } 12871 if (response_code != TPM_RC_SUCCESS) { 12872 return response_code; 12873 } 12874 TPM_CC command_code = TPM_CC_RSA_Decrypt; 12875 std::string command_code_bytes; 12876 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 12877 if (rc != TPM_RC_SUCCESS) { 12878 return rc; 12879 } 12880 std::string authorization_section_bytes; 12881 if (tag == TPM_ST_SESSIONS) { 12882 UINT32 parameter_section_size = buffer.size(); 12883 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12884 if (rc != TPM_RC_SUCCESS) { 12885 return rc; 12886 } 12887 if (parameter_section_size > buffer.size()) { 12888 return TPM_RC_INSUFFICIENT; 12889 } 12890 authorization_section_bytes = buffer.substr(parameter_section_size); 12891 // Keep the parameter section in |buffer|. 12892 buffer.erase(parameter_section_size); 12893 } 12894 std::unique_ptr<crypto::SecureHash> hash( 12895 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 12896 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 12897 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 12898 hash->Update(buffer.data(), buffer.size()); 12899 std::string response_hash(32, 0); 12900 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12901 if (tag == TPM_ST_SESSIONS) { 12902 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12903 if (!authorization_delegate->CheckResponseAuthorization( 12904 response_hash, authorization_section_bytes)) { 12905 return TRUNKS_RC_AUTHORIZATION_FAILED; 12906 } 12907 } 12908 std::string message_bytes; 12909 rc = Parse_TPM2B_PUBLIC_KEY_RSA(&buffer, message, &message_bytes); 12910 if (rc != TPM_RC_SUCCESS) { 12911 return rc; 12912 } 12913 if (tag == TPM_ST_SESSIONS) { 12914 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12915 // Decrypt just the parameter data, not the size. 12916 std::string tmp = message_bytes.substr(2); 12917 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12918 return TRUNKS_RC_ENCRYPTION_FAILED; 12919 } 12920 message_bytes.replace(2, std::string::npos, tmp); 12921 rc = Parse_TPM2B_PUBLIC_KEY_RSA(&message_bytes, message, nullptr); 12922 if (rc != TPM_RC_SUCCESS) { 12923 return rc; 12924 } 12925 } 12926 return TPM_RC_SUCCESS; 12927 } 12928 12929 void RSA_DecryptErrorCallback(const Tpm::RSA_DecryptResponse& callback, 12930 TPM_RC response_code) { 12931 VLOG(1) << __func__; 12932 callback.Run(response_code, TPM2B_PUBLIC_KEY_RSA()); 12933 } 12934 12935 void RSA_DecryptResponseParser(const Tpm::RSA_DecryptResponse& callback, 12936 AuthorizationDelegate* authorization_delegate, 12937 const std::string& response) { 12938 VLOG(1) << __func__; 12939 base::Callback<void(TPM_RC)> error_reporter = 12940 base::Bind(RSA_DecryptErrorCallback, callback); 12941 TPM2B_PUBLIC_KEY_RSA message; 12942 TPM_RC rc = Tpm::ParseResponse_RSA_Decrypt(response, &message, 12943 authorization_delegate); 12944 if (rc != TPM_RC_SUCCESS) { 12945 error_reporter.Run(rc); 12946 return; 12947 } 12948 callback.Run(rc, message); 12949 } 12950 12951 void Tpm::RSA_Decrypt(const TPMI_DH_OBJECT& key_handle, 12952 const std::string& key_handle_name, 12953 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 12954 const TPMT_RSA_DECRYPT& in_scheme, 12955 const TPM2B_DATA& label, 12956 AuthorizationDelegate* authorization_delegate, 12957 const RSA_DecryptResponse& callback) { 12958 VLOG(1) << __func__; 12959 base::Callback<void(TPM_RC)> error_reporter = 12960 base::Bind(RSA_DecryptErrorCallback, callback); 12961 base::Callback<void(const std::string&)> parser = 12962 base::Bind(RSA_DecryptResponseParser, callback, authorization_delegate); 12963 std::string command; 12964 TPM_RC rc = SerializeCommand_RSA_Decrypt(key_handle, key_handle_name, 12965 cipher_text, in_scheme, label, 12966 &command, authorization_delegate); 12967 if (rc != TPM_RC_SUCCESS) { 12968 error_reporter.Run(rc); 12969 return; 12970 } 12971 transceiver_->SendCommand(command, parser); 12972 } 12973 12974 TPM_RC Tpm::RSA_DecryptSync(const TPMI_DH_OBJECT& key_handle, 12975 const std::string& key_handle_name, 12976 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 12977 const TPMT_RSA_DECRYPT& in_scheme, 12978 const TPM2B_DATA& label, 12979 TPM2B_PUBLIC_KEY_RSA* message, 12980 AuthorizationDelegate* authorization_delegate) { 12981 VLOG(1) << __func__; 12982 std::string command; 12983 TPM_RC rc = SerializeCommand_RSA_Decrypt(key_handle, key_handle_name, 12984 cipher_text, in_scheme, label, 12985 &command, authorization_delegate); 12986 if (rc != TPM_RC_SUCCESS) { 12987 return rc; 12988 } 12989 std::string response = transceiver_->SendCommandAndWait(command); 12990 rc = ParseResponse_RSA_Decrypt(response, message, authorization_delegate); 12991 return rc; 12992 } 12993 12994 TPM_RC Tpm::SerializeCommand_ECDH_KeyGen( 12995 const TPMI_DH_OBJECT& key_handle, 12996 const std::string& key_handle_name, 12997 std::string* serialized_command, 12998 AuthorizationDelegate* authorization_delegate) { 12999 VLOG(3) << __func__; 13000 TPM_RC rc = TPM_RC_SUCCESS; 13001 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13002 UINT32 command_size = 10; // Header size. 13003 std::string handle_section_bytes; 13004 std::string parameter_section_bytes; 13005 TPM_CC command_code = TPM_CC_ECDH_KeyGen; 13006 bool is_command_parameter_encryption_possible = false; 13007 bool is_response_parameter_encryption_possible = true; 13008 std::string command_code_bytes; 13009 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13010 if (rc != TPM_RC_SUCCESS) { 13011 return rc; 13012 } 13013 std::string key_handle_bytes; 13014 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 13015 if (rc != TPM_RC_SUCCESS) { 13016 return rc; 13017 } 13018 std::unique_ptr<crypto::SecureHash> hash( 13019 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13020 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13021 hash->Update(key_handle_name.data(), key_handle_name.size()); 13022 handle_section_bytes += key_handle_bytes; 13023 command_size += key_handle_bytes.size(); 13024 std::string command_hash(32, 0); 13025 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13026 std::string authorization_section_bytes; 13027 std::string authorization_size_bytes; 13028 if (authorization_delegate) { 13029 if (!authorization_delegate->GetCommandAuthorization( 13030 command_hash, is_command_parameter_encryption_possible, 13031 is_response_parameter_encryption_possible, 13032 &authorization_section_bytes)) { 13033 return TRUNKS_RC_AUTHORIZATION_FAILED; 13034 } 13035 if (!authorization_section_bytes.empty()) { 13036 tag = TPM_ST_SESSIONS; 13037 std::string tmp; 13038 rc = Serialize_UINT32(authorization_section_bytes.size(), 13039 &authorization_size_bytes); 13040 if (rc != TPM_RC_SUCCESS) { 13041 return rc; 13042 } 13043 command_size += 13044 authorization_size_bytes.size() + authorization_section_bytes.size(); 13045 } 13046 } 13047 std::string tag_bytes; 13048 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 13049 if (rc != TPM_RC_SUCCESS) { 13050 return rc; 13051 } 13052 std::string command_size_bytes; 13053 rc = Serialize_UINT32(command_size, &command_size_bytes); 13054 if (rc != TPM_RC_SUCCESS) { 13055 return rc; 13056 } 13057 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 13058 handle_section_bytes + authorization_size_bytes + 13059 authorization_section_bytes + parameter_section_bytes; 13060 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13061 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13062 serialized_command->size()); 13063 return TPM_RC_SUCCESS; 13064 } 13065 13066 TPM_RC Tpm::ParseResponse_ECDH_KeyGen( 13067 const std::string& response, 13068 TPM2B_ECC_POINT* z_point, 13069 TPM2B_ECC_POINT* pub_point, 13070 AuthorizationDelegate* authorization_delegate) { 13071 VLOG(3) << __func__; 13072 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13073 TPM_RC rc = TPM_RC_SUCCESS; 13074 std::string buffer(response); 13075 TPM_ST tag; 13076 std::string tag_bytes; 13077 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 13078 if (rc != TPM_RC_SUCCESS) { 13079 return rc; 13080 } 13081 UINT32 response_size; 13082 std::string response_size_bytes; 13083 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 13084 if (rc != TPM_RC_SUCCESS) { 13085 return rc; 13086 } 13087 TPM_RC response_code; 13088 std::string response_code_bytes; 13089 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 13090 if (rc != TPM_RC_SUCCESS) { 13091 return rc; 13092 } 13093 if (response_size != response.size()) { 13094 return TPM_RC_SIZE; 13095 } 13096 if (response_code != TPM_RC_SUCCESS) { 13097 return response_code; 13098 } 13099 TPM_CC command_code = TPM_CC_ECDH_KeyGen; 13100 std::string command_code_bytes; 13101 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13102 if (rc != TPM_RC_SUCCESS) { 13103 return rc; 13104 } 13105 std::string authorization_section_bytes; 13106 if (tag == TPM_ST_SESSIONS) { 13107 UINT32 parameter_section_size = buffer.size(); 13108 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13109 if (rc != TPM_RC_SUCCESS) { 13110 return rc; 13111 } 13112 if (parameter_section_size > buffer.size()) { 13113 return TPM_RC_INSUFFICIENT; 13114 } 13115 authorization_section_bytes = buffer.substr(parameter_section_size); 13116 // Keep the parameter section in |buffer|. 13117 buffer.erase(parameter_section_size); 13118 } 13119 std::unique_ptr<crypto::SecureHash> hash( 13120 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13121 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 13122 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13123 hash->Update(buffer.data(), buffer.size()); 13124 std::string response_hash(32, 0); 13125 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13126 if (tag == TPM_ST_SESSIONS) { 13127 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13128 if (!authorization_delegate->CheckResponseAuthorization( 13129 response_hash, authorization_section_bytes)) { 13130 return TRUNKS_RC_AUTHORIZATION_FAILED; 13131 } 13132 } 13133 std::string z_point_bytes; 13134 rc = Parse_TPM2B_ECC_POINT(&buffer, z_point, &z_point_bytes); 13135 if (rc != TPM_RC_SUCCESS) { 13136 return rc; 13137 } 13138 std::string pub_point_bytes; 13139 rc = Parse_TPM2B_ECC_POINT(&buffer, pub_point, &pub_point_bytes); 13140 if (rc != TPM_RC_SUCCESS) { 13141 return rc; 13142 } 13143 if (tag == TPM_ST_SESSIONS) { 13144 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13145 // Decrypt just the parameter data, not the size. 13146 std::string tmp = z_point_bytes.substr(2); 13147 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13148 return TRUNKS_RC_ENCRYPTION_FAILED; 13149 } 13150 z_point_bytes.replace(2, std::string::npos, tmp); 13151 rc = Parse_TPM2B_ECC_POINT(&z_point_bytes, z_point, nullptr); 13152 if (rc != TPM_RC_SUCCESS) { 13153 return rc; 13154 } 13155 } 13156 return TPM_RC_SUCCESS; 13157 } 13158 13159 void ECDH_KeyGenErrorCallback(const Tpm::ECDH_KeyGenResponse& callback, 13160 TPM_RC response_code) { 13161 VLOG(1) << __func__; 13162 callback.Run(response_code, TPM2B_ECC_POINT(), TPM2B_ECC_POINT()); 13163 } 13164 13165 void ECDH_KeyGenResponseParser(const Tpm::ECDH_KeyGenResponse& callback, 13166 AuthorizationDelegate* authorization_delegate, 13167 const std::string& response) { 13168 VLOG(1) << __func__; 13169 base::Callback<void(TPM_RC)> error_reporter = 13170 base::Bind(ECDH_KeyGenErrorCallback, callback); 13171 TPM2B_ECC_POINT z_point; 13172 TPM2B_ECC_POINT pub_point; 13173 TPM_RC rc = Tpm::ParseResponse_ECDH_KeyGen(response, &z_point, &pub_point, 13174 authorization_delegate); 13175 if (rc != TPM_RC_SUCCESS) { 13176 error_reporter.Run(rc); 13177 return; 13178 } 13179 callback.Run(rc, z_point, pub_point); 13180 } 13181 13182 void Tpm::ECDH_KeyGen(const TPMI_DH_OBJECT& key_handle, 13183 const std::string& key_handle_name, 13184 AuthorizationDelegate* authorization_delegate, 13185 const ECDH_KeyGenResponse& callback) { 13186 VLOG(1) << __func__; 13187 base::Callback<void(TPM_RC)> error_reporter = 13188 base::Bind(ECDH_KeyGenErrorCallback, callback); 13189 base::Callback<void(const std::string&)> parser = 13190 base::Bind(ECDH_KeyGenResponseParser, callback, authorization_delegate); 13191 std::string command; 13192 TPM_RC rc = SerializeCommand_ECDH_KeyGen(key_handle, key_handle_name, 13193 &command, authorization_delegate); 13194 if (rc != TPM_RC_SUCCESS) { 13195 error_reporter.Run(rc); 13196 return; 13197 } 13198 transceiver_->SendCommand(command, parser); 13199 } 13200 13201 TPM_RC Tpm::ECDH_KeyGenSync(const TPMI_DH_OBJECT& key_handle, 13202 const std::string& key_handle_name, 13203 TPM2B_ECC_POINT* z_point, 13204 TPM2B_ECC_POINT* pub_point, 13205 AuthorizationDelegate* authorization_delegate) { 13206 VLOG(1) << __func__; 13207 std::string command; 13208 TPM_RC rc = SerializeCommand_ECDH_KeyGen(key_handle, key_handle_name, 13209 &command, authorization_delegate); 13210 if (rc != TPM_RC_SUCCESS) { 13211 return rc; 13212 } 13213 std::string response = transceiver_->SendCommandAndWait(command); 13214 rc = ParseResponse_ECDH_KeyGen(response, z_point, pub_point, 13215 authorization_delegate); 13216 return rc; 13217 } 13218 13219 TPM_RC Tpm::SerializeCommand_ECDH_ZGen( 13220 const TPMI_DH_OBJECT& key_handle, 13221 const std::string& key_handle_name, 13222 const TPM2B_ECC_POINT& in_point, 13223 std::string* serialized_command, 13224 AuthorizationDelegate* authorization_delegate) { 13225 VLOG(3) << __func__; 13226 TPM_RC rc = TPM_RC_SUCCESS; 13227 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13228 UINT32 command_size = 10; // Header size. 13229 std::string handle_section_bytes; 13230 std::string parameter_section_bytes; 13231 TPM_CC command_code = TPM_CC_ECDH_ZGen; 13232 bool is_command_parameter_encryption_possible = true; 13233 bool is_response_parameter_encryption_possible = true; 13234 std::string command_code_bytes; 13235 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13236 if (rc != TPM_RC_SUCCESS) { 13237 return rc; 13238 } 13239 std::string key_handle_bytes; 13240 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 13241 if (rc != TPM_RC_SUCCESS) { 13242 return rc; 13243 } 13244 std::string in_point_bytes; 13245 rc = Serialize_TPM2B_ECC_POINT(in_point, &in_point_bytes); 13246 if (rc != TPM_RC_SUCCESS) { 13247 return rc; 13248 } 13249 if (authorization_delegate) { 13250 // Encrypt just the parameter data, not the size. 13251 std::string tmp = in_point_bytes.substr(2); 13252 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 13253 return TRUNKS_RC_ENCRYPTION_FAILED; 13254 } 13255 in_point_bytes.replace(2, std::string::npos, tmp); 13256 } 13257 std::unique_ptr<crypto::SecureHash> hash( 13258 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13259 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13260 hash->Update(key_handle_name.data(), key_handle_name.size()); 13261 handle_section_bytes += key_handle_bytes; 13262 command_size += key_handle_bytes.size(); 13263 hash->Update(in_point_bytes.data(), in_point_bytes.size()); 13264 parameter_section_bytes += in_point_bytes; 13265 command_size += in_point_bytes.size(); 13266 std::string command_hash(32, 0); 13267 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13268 std::string authorization_section_bytes; 13269 std::string authorization_size_bytes; 13270 if (authorization_delegate) { 13271 if (!authorization_delegate->GetCommandAuthorization( 13272 command_hash, is_command_parameter_encryption_possible, 13273 is_response_parameter_encryption_possible, 13274 &authorization_section_bytes)) { 13275 return TRUNKS_RC_AUTHORIZATION_FAILED; 13276 } 13277 if (!authorization_section_bytes.empty()) { 13278 tag = TPM_ST_SESSIONS; 13279 std::string tmp; 13280 rc = Serialize_UINT32(authorization_section_bytes.size(), 13281 &authorization_size_bytes); 13282 if (rc != TPM_RC_SUCCESS) { 13283 return rc; 13284 } 13285 command_size += 13286 authorization_size_bytes.size() + authorization_section_bytes.size(); 13287 } 13288 } 13289 std::string tag_bytes; 13290 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 13291 if (rc != TPM_RC_SUCCESS) { 13292 return rc; 13293 } 13294 std::string command_size_bytes; 13295 rc = Serialize_UINT32(command_size, &command_size_bytes); 13296 if (rc != TPM_RC_SUCCESS) { 13297 return rc; 13298 } 13299 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 13300 handle_section_bytes + authorization_size_bytes + 13301 authorization_section_bytes + parameter_section_bytes; 13302 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13303 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13304 serialized_command->size()); 13305 return TPM_RC_SUCCESS; 13306 } 13307 13308 TPM_RC Tpm::ParseResponse_ECDH_ZGen( 13309 const std::string& response, 13310 TPM2B_ECC_POINT* out_point, 13311 AuthorizationDelegate* authorization_delegate) { 13312 VLOG(3) << __func__; 13313 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13314 TPM_RC rc = TPM_RC_SUCCESS; 13315 std::string buffer(response); 13316 TPM_ST tag; 13317 std::string tag_bytes; 13318 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 13319 if (rc != TPM_RC_SUCCESS) { 13320 return rc; 13321 } 13322 UINT32 response_size; 13323 std::string response_size_bytes; 13324 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 13325 if (rc != TPM_RC_SUCCESS) { 13326 return rc; 13327 } 13328 TPM_RC response_code; 13329 std::string response_code_bytes; 13330 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 13331 if (rc != TPM_RC_SUCCESS) { 13332 return rc; 13333 } 13334 if (response_size != response.size()) { 13335 return TPM_RC_SIZE; 13336 } 13337 if (response_code != TPM_RC_SUCCESS) { 13338 return response_code; 13339 } 13340 TPM_CC command_code = TPM_CC_ECDH_ZGen; 13341 std::string command_code_bytes; 13342 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13343 if (rc != TPM_RC_SUCCESS) { 13344 return rc; 13345 } 13346 std::string authorization_section_bytes; 13347 if (tag == TPM_ST_SESSIONS) { 13348 UINT32 parameter_section_size = buffer.size(); 13349 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13350 if (rc != TPM_RC_SUCCESS) { 13351 return rc; 13352 } 13353 if (parameter_section_size > buffer.size()) { 13354 return TPM_RC_INSUFFICIENT; 13355 } 13356 authorization_section_bytes = buffer.substr(parameter_section_size); 13357 // Keep the parameter section in |buffer|. 13358 buffer.erase(parameter_section_size); 13359 } 13360 std::unique_ptr<crypto::SecureHash> hash( 13361 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13362 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 13363 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13364 hash->Update(buffer.data(), buffer.size()); 13365 std::string response_hash(32, 0); 13366 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13367 if (tag == TPM_ST_SESSIONS) { 13368 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13369 if (!authorization_delegate->CheckResponseAuthorization( 13370 response_hash, authorization_section_bytes)) { 13371 return TRUNKS_RC_AUTHORIZATION_FAILED; 13372 } 13373 } 13374 std::string out_point_bytes; 13375 rc = Parse_TPM2B_ECC_POINT(&buffer, out_point, &out_point_bytes); 13376 if (rc != TPM_RC_SUCCESS) { 13377 return rc; 13378 } 13379 if (tag == TPM_ST_SESSIONS) { 13380 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13381 // Decrypt just the parameter data, not the size. 13382 std::string tmp = out_point_bytes.substr(2); 13383 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13384 return TRUNKS_RC_ENCRYPTION_FAILED; 13385 } 13386 out_point_bytes.replace(2, std::string::npos, tmp); 13387 rc = Parse_TPM2B_ECC_POINT(&out_point_bytes, out_point, nullptr); 13388 if (rc != TPM_RC_SUCCESS) { 13389 return rc; 13390 } 13391 } 13392 return TPM_RC_SUCCESS; 13393 } 13394 13395 void ECDH_ZGenErrorCallback(const Tpm::ECDH_ZGenResponse& callback, 13396 TPM_RC response_code) { 13397 VLOG(1) << __func__; 13398 callback.Run(response_code, TPM2B_ECC_POINT()); 13399 } 13400 13401 void ECDH_ZGenResponseParser(const Tpm::ECDH_ZGenResponse& callback, 13402 AuthorizationDelegate* authorization_delegate, 13403 const std::string& response) { 13404 VLOG(1) << __func__; 13405 base::Callback<void(TPM_RC)> error_reporter = 13406 base::Bind(ECDH_ZGenErrorCallback, callback); 13407 TPM2B_ECC_POINT out_point; 13408 TPM_RC rc = Tpm::ParseResponse_ECDH_ZGen(response, &out_point, 13409 authorization_delegate); 13410 if (rc != TPM_RC_SUCCESS) { 13411 error_reporter.Run(rc); 13412 return; 13413 } 13414 callback.Run(rc, out_point); 13415 } 13416 13417 void Tpm::ECDH_ZGen(const TPMI_DH_OBJECT& key_handle, 13418 const std::string& key_handle_name, 13419 const TPM2B_ECC_POINT& in_point, 13420 AuthorizationDelegate* authorization_delegate, 13421 const ECDH_ZGenResponse& callback) { 13422 VLOG(1) << __func__; 13423 base::Callback<void(TPM_RC)> error_reporter = 13424 base::Bind(ECDH_ZGenErrorCallback, callback); 13425 base::Callback<void(const std::string&)> parser = 13426 base::Bind(ECDH_ZGenResponseParser, callback, authorization_delegate); 13427 std::string command; 13428 TPM_RC rc = SerializeCommand_ECDH_ZGen(key_handle, key_handle_name, in_point, 13429 &command, authorization_delegate); 13430 if (rc != TPM_RC_SUCCESS) { 13431 error_reporter.Run(rc); 13432 return; 13433 } 13434 transceiver_->SendCommand(command, parser); 13435 } 13436 13437 TPM_RC Tpm::ECDH_ZGenSync(const TPMI_DH_OBJECT& key_handle, 13438 const std::string& key_handle_name, 13439 const TPM2B_ECC_POINT& in_point, 13440 TPM2B_ECC_POINT* out_point, 13441 AuthorizationDelegate* authorization_delegate) { 13442 VLOG(1) << __func__; 13443 std::string command; 13444 TPM_RC rc = SerializeCommand_ECDH_ZGen(key_handle, key_handle_name, in_point, 13445 &command, authorization_delegate); 13446 if (rc != TPM_RC_SUCCESS) { 13447 return rc; 13448 } 13449 std::string response = transceiver_->SendCommandAndWait(command); 13450 rc = ParseResponse_ECDH_ZGen(response, out_point, authorization_delegate); 13451 return rc; 13452 } 13453 13454 TPM_RC Tpm::SerializeCommand_ECC_Parameters( 13455 const TPMI_ECC_CURVE& curve_id, 13456 std::string* serialized_command, 13457 AuthorizationDelegate* authorization_delegate) { 13458 VLOG(3) << __func__; 13459 TPM_RC rc = TPM_RC_SUCCESS; 13460 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13461 UINT32 command_size = 10; // Header size. 13462 std::string handle_section_bytes; 13463 std::string parameter_section_bytes; 13464 TPM_CC command_code = TPM_CC_ECC_Parameters; 13465 bool is_command_parameter_encryption_possible = false; 13466 bool is_response_parameter_encryption_possible = false; 13467 std::string command_code_bytes; 13468 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13469 if (rc != TPM_RC_SUCCESS) { 13470 return rc; 13471 } 13472 std::string curve_id_bytes; 13473 rc = Serialize_TPMI_ECC_CURVE(curve_id, &curve_id_bytes); 13474 if (rc != TPM_RC_SUCCESS) { 13475 return rc; 13476 } 13477 std::unique_ptr<crypto::SecureHash> hash( 13478 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13479 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13480 hash->Update(curve_id_bytes.data(), curve_id_bytes.size()); 13481 parameter_section_bytes += curve_id_bytes; 13482 command_size += curve_id_bytes.size(); 13483 std::string command_hash(32, 0); 13484 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13485 std::string authorization_section_bytes; 13486 std::string authorization_size_bytes; 13487 if (authorization_delegate) { 13488 if (!authorization_delegate->GetCommandAuthorization( 13489 command_hash, is_command_parameter_encryption_possible, 13490 is_response_parameter_encryption_possible, 13491 &authorization_section_bytes)) { 13492 return TRUNKS_RC_AUTHORIZATION_FAILED; 13493 } 13494 if (!authorization_section_bytes.empty()) { 13495 tag = TPM_ST_SESSIONS; 13496 std::string tmp; 13497 rc = Serialize_UINT32(authorization_section_bytes.size(), 13498 &authorization_size_bytes); 13499 if (rc != TPM_RC_SUCCESS) { 13500 return rc; 13501 } 13502 command_size += 13503 authorization_size_bytes.size() + authorization_section_bytes.size(); 13504 } 13505 } 13506 std::string tag_bytes; 13507 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 13508 if (rc != TPM_RC_SUCCESS) { 13509 return rc; 13510 } 13511 std::string command_size_bytes; 13512 rc = Serialize_UINT32(command_size, &command_size_bytes); 13513 if (rc != TPM_RC_SUCCESS) { 13514 return rc; 13515 } 13516 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 13517 handle_section_bytes + authorization_size_bytes + 13518 authorization_section_bytes + parameter_section_bytes; 13519 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13520 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13521 serialized_command->size()); 13522 return TPM_RC_SUCCESS; 13523 } 13524 13525 TPM_RC Tpm::ParseResponse_ECC_Parameters( 13526 const std::string& response, 13527 TPMS_ALGORITHM_DETAIL_ECC* parameters, 13528 AuthorizationDelegate* authorization_delegate) { 13529 VLOG(3) << __func__; 13530 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13531 TPM_RC rc = TPM_RC_SUCCESS; 13532 std::string buffer(response); 13533 TPM_ST tag; 13534 std::string tag_bytes; 13535 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 13536 if (rc != TPM_RC_SUCCESS) { 13537 return rc; 13538 } 13539 UINT32 response_size; 13540 std::string response_size_bytes; 13541 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 13542 if (rc != TPM_RC_SUCCESS) { 13543 return rc; 13544 } 13545 TPM_RC response_code; 13546 std::string response_code_bytes; 13547 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 13548 if (rc != TPM_RC_SUCCESS) { 13549 return rc; 13550 } 13551 if (response_size != response.size()) { 13552 return TPM_RC_SIZE; 13553 } 13554 if (response_code != TPM_RC_SUCCESS) { 13555 return response_code; 13556 } 13557 TPM_CC command_code = TPM_CC_ECC_Parameters; 13558 std::string command_code_bytes; 13559 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13560 if (rc != TPM_RC_SUCCESS) { 13561 return rc; 13562 } 13563 std::string authorization_section_bytes; 13564 if (tag == TPM_ST_SESSIONS) { 13565 UINT32 parameter_section_size = buffer.size(); 13566 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13567 if (rc != TPM_RC_SUCCESS) { 13568 return rc; 13569 } 13570 if (parameter_section_size > buffer.size()) { 13571 return TPM_RC_INSUFFICIENT; 13572 } 13573 authorization_section_bytes = buffer.substr(parameter_section_size); 13574 // Keep the parameter section in |buffer|. 13575 buffer.erase(parameter_section_size); 13576 } 13577 std::unique_ptr<crypto::SecureHash> hash( 13578 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13579 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 13580 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13581 hash->Update(buffer.data(), buffer.size()); 13582 std::string response_hash(32, 0); 13583 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13584 if (tag == TPM_ST_SESSIONS) { 13585 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13586 if (!authorization_delegate->CheckResponseAuthorization( 13587 response_hash, authorization_section_bytes)) { 13588 return TRUNKS_RC_AUTHORIZATION_FAILED; 13589 } 13590 } 13591 std::string parameters_bytes; 13592 rc = Parse_TPMS_ALGORITHM_DETAIL_ECC(&buffer, parameters, ¶meters_bytes); 13593 if (rc != TPM_RC_SUCCESS) { 13594 return rc; 13595 } 13596 return TPM_RC_SUCCESS; 13597 } 13598 13599 void ECC_ParametersErrorCallback(const Tpm::ECC_ParametersResponse& callback, 13600 TPM_RC response_code) { 13601 VLOG(1) << __func__; 13602 callback.Run(response_code, TPMS_ALGORITHM_DETAIL_ECC()); 13603 } 13604 13605 void ECC_ParametersResponseParser(const Tpm::ECC_ParametersResponse& callback, 13606 AuthorizationDelegate* authorization_delegate, 13607 const std::string& response) { 13608 VLOG(1) << __func__; 13609 base::Callback<void(TPM_RC)> error_reporter = 13610 base::Bind(ECC_ParametersErrorCallback, callback); 13611 TPMS_ALGORITHM_DETAIL_ECC parameters; 13612 TPM_RC rc = Tpm::ParseResponse_ECC_Parameters(response, ¶meters, 13613 authorization_delegate); 13614 if (rc != TPM_RC_SUCCESS) { 13615 error_reporter.Run(rc); 13616 return; 13617 } 13618 callback.Run(rc, parameters); 13619 } 13620 13621 void Tpm::ECC_Parameters(const TPMI_ECC_CURVE& curve_id, 13622 AuthorizationDelegate* authorization_delegate, 13623 const ECC_ParametersResponse& callback) { 13624 VLOG(1) << __func__; 13625 base::Callback<void(TPM_RC)> error_reporter = 13626 base::Bind(ECC_ParametersErrorCallback, callback); 13627 base::Callback<void(const std::string&)> parser = base::Bind( 13628 ECC_ParametersResponseParser, callback, authorization_delegate); 13629 std::string command; 13630 TPM_RC rc = SerializeCommand_ECC_Parameters(curve_id, &command, 13631 authorization_delegate); 13632 if (rc != TPM_RC_SUCCESS) { 13633 error_reporter.Run(rc); 13634 return; 13635 } 13636 transceiver_->SendCommand(command, parser); 13637 } 13638 13639 TPM_RC Tpm::ECC_ParametersSync(const TPMI_ECC_CURVE& curve_id, 13640 TPMS_ALGORITHM_DETAIL_ECC* parameters, 13641 AuthorizationDelegate* authorization_delegate) { 13642 VLOG(1) << __func__; 13643 std::string command; 13644 TPM_RC rc = SerializeCommand_ECC_Parameters(curve_id, &command, 13645 authorization_delegate); 13646 if (rc != TPM_RC_SUCCESS) { 13647 return rc; 13648 } 13649 std::string response = transceiver_->SendCommandAndWait(command); 13650 rc = ParseResponse_ECC_Parameters(response, parameters, 13651 authorization_delegate); 13652 return rc; 13653 } 13654 13655 TPM_RC Tpm::SerializeCommand_ZGen_2Phase( 13656 const TPMI_DH_OBJECT& key_a, 13657 const std::string& key_a_name, 13658 const TPM2B_ECC_POINT& in_qs_b, 13659 const TPM2B_ECC_POINT& in_qe_b, 13660 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 13661 const UINT16& counter, 13662 std::string* serialized_command, 13663 AuthorizationDelegate* authorization_delegate) { 13664 VLOG(3) << __func__; 13665 TPM_RC rc = TPM_RC_SUCCESS; 13666 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13667 UINT32 command_size = 10; // Header size. 13668 std::string handle_section_bytes; 13669 std::string parameter_section_bytes; 13670 TPM_CC command_code = TPM_CC_ZGen_2Phase; 13671 bool is_command_parameter_encryption_possible = true; 13672 bool is_response_parameter_encryption_possible = true; 13673 std::string command_code_bytes; 13674 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13675 if (rc != TPM_RC_SUCCESS) { 13676 return rc; 13677 } 13678 std::string key_a_bytes; 13679 rc = Serialize_TPMI_DH_OBJECT(key_a, &key_a_bytes); 13680 if (rc != TPM_RC_SUCCESS) { 13681 return rc; 13682 } 13683 std::string in_qs_b_bytes; 13684 rc = Serialize_TPM2B_ECC_POINT(in_qs_b, &in_qs_b_bytes); 13685 if (rc != TPM_RC_SUCCESS) { 13686 return rc; 13687 } 13688 std::string in_qe_b_bytes; 13689 rc = Serialize_TPM2B_ECC_POINT(in_qe_b, &in_qe_b_bytes); 13690 if (rc != TPM_RC_SUCCESS) { 13691 return rc; 13692 } 13693 std::string in_scheme_bytes; 13694 rc = Serialize_TPMI_ECC_KEY_EXCHANGE(in_scheme, &in_scheme_bytes); 13695 if (rc != TPM_RC_SUCCESS) { 13696 return rc; 13697 } 13698 std::string counter_bytes; 13699 rc = Serialize_UINT16(counter, &counter_bytes); 13700 if (rc != TPM_RC_SUCCESS) { 13701 return rc; 13702 } 13703 if (authorization_delegate) { 13704 // Encrypt just the parameter data, not the size. 13705 std::string tmp = in_qs_b_bytes.substr(2); 13706 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 13707 return TRUNKS_RC_ENCRYPTION_FAILED; 13708 } 13709 in_qs_b_bytes.replace(2, std::string::npos, tmp); 13710 } 13711 std::unique_ptr<crypto::SecureHash> hash( 13712 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13713 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13714 hash->Update(key_a_name.data(), key_a_name.size()); 13715 handle_section_bytes += key_a_bytes; 13716 command_size += key_a_bytes.size(); 13717 hash->Update(in_qs_b_bytes.data(), in_qs_b_bytes.size()); 13718 parameter_section_bytes += in_qs_b_bytes; 13719 command_size += in_qs_b_bytes.size(); 13720 hash->Update(in_qe_b_bytes.data(), in_qe_b_bytes.size()); 13721 parameter_section_bytes += in_qe_b_bytes; 13722 command_size += in_qe_b_bytes.size(); 13723 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 13724 parameter_section_bytes += in_scheme_bytes; 13725 command_size += in_scheme_bytes.size(); 13726 hash->Update(counter_bytes.data(), counter_bytes.size()); 13727 parameter_section_bytes += counter_bytes; 13728 command_size += counter_bytes.size(); 13729 std::string command_hash(32, 0); 13730 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13731 std::string authorization_section_bytes; 13732 std::string authorization_size_bytes; 13733 if (authorization_delegate) { 13734 if (!authorization_delegate->GetCommandAuthorization( 13735 command_hash, is_command_parameter_encryption_possible, 13736 is_response_parameter_encryption_possible, 13737 &authorization_section_bytes)) { 13738 return TRUNKS_RC_AUTHORIZATION_FAILED; 13739 } 13740 if (!authorization_section_bytes.empty()) { 13741 tag = TPM_ST_SESSIONS; 13742 std::string tmp; 13743 rc = Serialize_UINT32(authorization_section_bytes.size(), 13744 &authorization_size_bytes); 13745 if (rc != TPM_RC_SUCCESS) { 13746 return rc; 13747 } 13748 command_size += 13749 authorization_size_bytes.size() + authorization_section_bytes.size(); 13750 } 13751 } 13752 std::string tag_bytes; 13753 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 13754 if (rc != TPM_RC_SUCCESS) { 13755 return rc; 13756 } 13757 std::string command_size_bytes; 13758 rc = Serialize_UINT32(command_size, &command_size_bytes); 13759 if (rc != TPM_RC_SUCCESS) { 13760 return rc; 13761 } 13762 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 13763 handle_section_bytes + authorization_size_bytes + 13764 authorization_section_bytes + parameter_section_bytes; 13765 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13766 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13767 serialized_command->size()); 13768 return TPM_RC_SUCCESS; 13769 } 13770 13771 TPM_RC Tpm::ParseResponse_ZGen_2Phase( 13772 const std::string& response, 13773 TPM2B_ECC_POINT* out_z1, 13774 TPM2B_ECC_POINT* out_z2, 13775 AuthorizationDelegate* authorization_delegate) { 13776 VLOG(3) << __func__; 13777 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13778 TPM_RC rc = TPM_RC_SUCCESS; 13779 std::string buffer(response); 13780 TPM_ST tag; 13781 std::string tag_bytes; 13782 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 13783 if (rc != TPM_RC_SUCCESS) { 13784 return rc; 13785 } 13786 UINT32 response_size; 13787 std::string response_size_bytes; 13788 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 13789 if (rc != TPM_RC_SUCCESS) { 13790 return rc; 13791 } 13792 TPM_RC response_code; 13793 std::string response_code_bytes; 13794 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 13795 if (rc != TPM_RC_SUCCESS) { 13796 return rc; 13797 } 13798 if (response_size != response.size()) { 13799 return TPM_RC_SIZE; 13800 } 13801 if (response_code != TPM_RC_SUCCESS) { 13802 return response_code; 13803 } 13804 TPM_CC command_code = TPM_CC_ZGen_2Phase; 13805 std::string command_code_bytes; 13806 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13807 if (rc != TPM_RC_SUCCESS) { 13808 return rc; 13809 } 13810 std::string authorization_section_bytes; 13811 if (tag == TPM_ST_SESSIONS) { 13812 UINT32 parameter_section_size = buffer.size(); 13813 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13814 if (rc != TPM_RC_SUCCESS) { 13815 return rc; 13816 } 13817 if (parameter_section_size > buffer.size()) { 13818 return TPM_RC_INSUFFICIENT; 13819 } 13820 authorization_section_bytes = buffer.substr(parameter_section_size); 13821 // Keep the parameter section in |buffer|. 13822 buffer.erase(parameter_section_size); 13823 } 13824 std::unique_ptr<crypto::SecureHash> hash( 13825 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13826 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 13827 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13828 hash->Update(buffer.data(), buffer.size()); 13829 std::string response_hash(32, 0); 13830 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13831 if (tag == TPM_ST_SESSIONS) { 13832 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13833 if (!authorization_delegate->CheckResponseAuthorization( 13834 response_hash, authorization_section_bytes)) { 13835 return TRUNKS_RC_AUTHORIZATION_FAILED; 13836 } 13837 } 13838 std::string out_z1_bytes; 13839 rc = Parse_TPM2B_ECC_POINT(&buffer, out_z1, &out_z1_bytes); 13840 if (rc != TPM_RC_SUCCESS) { 13841 return rc; 13842 } 13843 std::string out_z2_bytes; 13844 rc = Parse_TPM2B_ECC_POINT(&buffer, out_z2, &out_z2_bytes); 13845 if (rc != TPM_RC_SUCCESS) { 13846 return rc; 13847 } 13848 if (tag == TPM_ST_SESSIONS) { 13849 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13850 // Decrypt just the parameter data, not the size. 13851 std::string tmp = out_z1_bytes.substr(2); 13852 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13853 return TRUNKS_RC_ENCRYPTION_FAILED; 13854 } 13855 out_z1_bytes.replace(2, std::string::npos, tmp); 13856 rc = Parse_TPM2B_ECC_POINT(&out_z1_bytes, out_z1, nullptr); 13857 if (rc != TPM_RC_SUCCESS) { 13858 return rc; 13859 } 13860 } 13861 return TPM_RC_SUCCESS; 13862 } 13863 13864 void ZGen_2PhaseErrorCallback(const Tpm::ZGen_2PhaseResponse& callback, 13865 TPM_RC response_code) { 13866 VLOG(1) << __func__; 13867 callback.Run(response_code, TPM2B_ECC_POINT(), TPM2B_ECC_POINT()); 13868 } 13869 13870 void ZGen_2PhaseResponseParser(const Tpm::ZGen_2PhaseResponse& callback, 13871 AuthorizationDelegate* authorization_delegate, 13872 const std::string& response) { 13873 VLOG(1) << __func__; 13874 base::Callback<void(TPM_RC)> error_reporter = 13875 base::Bind(ZGen_2PhaseErrorCallback, callback); 13876 TPM2B_ECC_POINT out_z1; 13877 TPM2B_ECC_POINT out_z2; 13878 TPM_RC rc = Tpm::ParseResponse_ZGen_2Phase(response, &out_z1, &out_z2, 13879 authorization_delegate); 13880 if (rc != TPM_RC_SUCCESS) { 13881 error_reporter.Run(rc); 13882 return; 13883 } 13884 callback.Run(rc, out_z1, out_z2); 13885 } 13886 13887 void Tpm::ZGen_2Phase(const TPMI_DH_OBJECT& key_a, 13888 const std::string& key_a_name, 13889 const TPM2B_ECC_POINT& in_qs_b, 13890 const TPM2B_ECC_POINT& in_qe_b, 13891 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 13892 const UINT16& counter, 13893 AuthorizationDelegate* authorization_delegate, 13894 const ZGen_2PhaseResponse& callback) { 13895 VLOG(1) << __func__; 13896 base::Callback<void(TPM_RC)> error_reporter = 13897 base::Bind(ZGen_2PhaseErrorCallback, callback); 13898 base::Callback<void(const std::string&)> parser = 13899 base::Bind(ZGen_2PhaseResponseParser, callback, authorization_delegate); 13900 std::string command; 13901 TPM_RC rc = SerializeCommand_ZGen_2Phase(key_a, key_a_name, in_qs_b, in_qe_b, 13902 in_scheme, counter, &command, 13903 authorization_delegate); 13904 if (rc != TPM_RC_SUCCESS) { 13905 error_reporter.Run(rc); 13906 return; 13907 } 13908 transceiver_->SendCommand(command, parser); 13909 } 13910 13911 TPM_RC Tpm::ZGen_2PhaseSync(const TPMI_DH_OBJECT& key_a, 13912 const std::string& key_a_name, 13913 const TPM2B_ECC_POINT& in_qs_b, 13914 const TPM2B_ECC_POINT& in_qe_b, 13915 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 13916 const UINT16& counter, 13917 TPM2B_ECC_POINT* out_z1, 13918 TPM2B_ECC_POINT* out_z2, 13919 AuthorizationDelegate* authorization_delegate) { 13920 VLOG(1) << __func__; 13921 std::string command; 13922 TPM_RC rc = SerializeCommand_ZGen_2Phase(key_a, key_a_name, in_qs_b, in_qe_b, 13923 in_scheme, counter, &command, 13924 authorization_delegate); 13925 if (rc != TPM_RC_SUCCESS) { 13926 return rc; 13927 } 13928 std::string response = transceiver_->SendCommandAndWait(command); 13929 rc = ParseResponse_ZGen_2Phase(response, out_z1, out_z2, 13930 authorization_delegate); 13931 return rc; 13932 } 13933 13934 TPM_RC Tpm::SerializeCommand_EncryptDecrypt( 13935 const TPMI_DH_OBJECT& key_handle, 13936 const std::string& key_handle_name, 13937 const TPMI_YES_NO& decrypt, 13938 const TPMI_ALG_SYM_MODE& mode, 13939 const TPM2B_IV& iv_in, 13940 const TPM2B_MAX_BUFFER& in_data, 13941 std::string* serialized_command, 13942 AuthorizationDelegate* authorization_delegate) { 13943 VLOG(3) << __func__; 13944 TPM_RC rc = TPM_RC_SUCCESS; 13945 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13946 UINT32 command_size = 10; // Header size. 13947 std::string handle_section_bytes; 13948 std::string parameter_section_bytes; 13949 TPM_CC command_code = TPM_CC_EncryptDecrypt; 13950 bool is_command_parameter_encryption_possible = false; 13951 bool is_response_parameter_encryption_possible = true; 13952 std::string command_code_bytes; 13953 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 13954 if (rc != TPM_RC_SUCCESS) { 13955 return rc; 13956 } 13957 std::string key_handle_bytes; 13958 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 13959 if (rc != TPM_RC_SUCCESS) { 13960 return rc; 13961 } 13962 std::string decrypt_bytes; 13963 rc = Serialize_TPMI_YES_NO(decrypt, &decrypt_bytes); 13964 if (rc != TPM_RC_SUCCESS) { 13965 return rc; 13966 } 13967 std::string mode_bytes; 13968 rc = Serialize_TPMI_ALG_SYM_MODE(mode, &mode_bytes); 13969 if (rc != TPM_RC_SUCCESS) { 13970 return rc; 13971 } 13972 std::string iv_in_bytes; 13973 rc = Serialize_TPM2B_IV(iv_in, &iv_in_bytes); 13974 if (rc != TPM_RC_SUCCESS) { 13975 return rc; 13976 } 13977 std::string in_data_bytes; 13978 rc = Serialize_TPM2B_MAX_BUFFER(in_data, &in_data_bytes); 13979 if (rc != TPM_RC_SUCCESS) { 13980 return rc; 13981 } 13982 std::unique_ptr<crypto::SecureHash> hash( 13983 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 13984 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 13985 hash->Update(key_handle_name.data(), key_handle_name.size()); 13986 handle_section_bytes += key_handle_bytes; 13987 command_size += key_handle_bytes.size(); 13988 hash->Update(decrypt_bytes.data(), decrypt_bytes.size()); 13989 parameter_section_bytes += decrypt_bytes; 13990 command_size += decrypt_bytes.size(); 13991 hash->Update(mode_bytes.data(), mode_bytes.size()); 13992 parameter_section_bytes += mode_bytes; 13993 command_size += mode_bytes.size(); 13994 hash->Update(iv_in_bytes.data(), iv_in_bytes.size()); 13995 parameter_section_bytes += iv_in_bytes; 13996 command_size += iv_in_bytes.size(); 13997 hash->Update(in_data_bytes.data(), in_data_bytes.size()); 13998 parameter_section_bytes += in_data_bytes; 13999 command_size += in_data_bytes.size(); 14000 std::string command_hash(32, 0); 14001 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14002 std::string authorization_section_bytes; 14003 std::string authorization_size_bytes; 14004 if (authorization_delegate) { 14005 if (!authorization_delegate->GetCommandAuthorization( 14006 command_hash, is_command_parameter_encryption_possible, 14007 is_response_parameter_encryption_possible, 14008 &authorization_section_bytes)) { 14009 return TRUNKS_RC_AUTHORIZATION_FAILED; 14010 } 14011 if (!authorization_section_bytes.empty()) { 14012 tag = TPM_ST_SESSIONS; 14013 std::string tmp; 14014 rc = Serialize_UINT32(authorization_section_bytes.size(), 14015 &authorization_size_bytes); 14016 if (rc != TPM_RC_SUCCESS) { 14017 return rc; 14018 } 14019 command_size += 14020 authorization_size_bytes.size() + authorization_section_bytes.size(); 14021 } 14022 } 14023 std::string tag_bytes; 14024 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 14025 if (rc != TPM_RC_SUCCESS) { 14026 return rc; 14027 } 14028 std::string command_size_bytes; 14029 rc = Serialize_UINT32(command_size, &command_size_bytes); 14030 if (rc != TPM_RC_SUCCESS) { 14031 return rc; 14032 } 14033 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 14034 handle_section_bytes + authorization_size_bytes + 14035 authorization_section_bytes + parameter_section_bytes; 14036 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14037 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14038 serialized_command->size()); 14039 return TPM_RC_SUCCESS; 14040 } 14041 14042 TPM_RC Tpm::ParseResponse_EncryptDecrypt( 14043 const std::string& response, 14044 TPM2B_MAX_BUFFER* out_data, 14045 TPM2B_IV* iv_out, 14046 AuthorizationDelegate* authorization_delegate) { 14047 VLOG(3) << __func__; 14048 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14049 TPM_RC rc = TPM_RC_SUCCESS; 14050 std::string buffer(response); 14051 TPM_ST tag; 14052 std::string tag_bytes; 14053 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 14054 if (rc != TPM_RC_SUCCESS) { 14055 return rc; 14056 } 14057 UINT32 response_size; 14058 std::string response_size_bytes; 14059 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 14060 if (rc != TPM_RC_SUCCESS) { 14061 return rc; 14062 } 14063 TPM_RC response_code; 14064 std::string response_code_bytes; 14065 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 14066 if (rc != TPM_RC_SUCCESS) { 14067 return rc; 14068 } 14069 if (response_size != response.size()) { 14070 return TPM_RC_SIZE; 14071 } 14072 if (response_code != TPM_RC_SUCCESS) { 14073 return response_code; 14074 } 14075 TPM_CC command_code = TPM_CC_EncryptDecrypt; 14076 std::string command_code_bytes; 14077 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14078 if (rc != TPM_RC_SUCCESS) { 14079 return rc; 14080 } 14081 std::string authorization_section_bytes; 14082 if (tag == TPM_ST_SESSIONS) { 14083 UINT32 parameter_section_size = buffer.size(); 14084 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14085 if (rc != TPM_RC_SUCCESS) { 14086 return rc; 14087 } 14088 if (parameter_section_size > buffer.size()) { 14089 return TPM_RC_INSUFFICIENT; 14090 } 14091 authorization_section_bytes = buffer.substr(parameter_section_size); 14092 // Keep the parameter section in |buffer|. 14093 buffer.erase(parameter_section_size); 14094 } 14095 std::unique_ptr<crypto::SecureHash> hash( 14096 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14097 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 14098 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14099 hash->Update(buffer.data(), buffer.size()); 14100 std::string response_hash(32, 0); 14101 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14102 if (tag == TPM_ST_SESSIONS) { 14103 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14104 if (!authorization_delegate->CheckResponseAuthorization( 14105 response_hash, authorization_section_bytes)) { 14106 return TRUNKS_RC_AUTHORIZATION_FAILED; 14107 } 14108 } 14109 std::string out_data_bytes; 14110 rc = Parse_TPM2B_MAX_BUFFER(&buffer, out_data, &out_data_bytes); 14111 if (rc != TPM_RC_SUCCESS) { 14112 return rc; 14113 } 14114 std::string iv_out_bytes; 14115 rc = Parse_TPM2B_IV(&buffer, iv_out, &iv_out_bytes); 14116 if (rc != TPM_RC_SUCCESS) { 14117 return rc; 14118 } 14119 if (tag == TPM_ST_SESSIONS) { 14120 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14121 // Decrypt just the parameter data, not the size. 14122 std::string tmp = out_data_bytes.substr(2); 14123 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14124 return TRUNKS_RC_ENCRYPTION_FAILED; 14125 } 14126 out_data_bytes.replace(2, std::string::npos, tmp); 14127 rc = Parse_TPM2B_MAX_BUFFER(&out_data_bytes, out_data, nullptr); 14128 if (rc != TPM_RC_SUCCESS) { 14129 return rc; 14130 } 14131 } 14132 return TPM_RC_SUCCESS; 14133 } 14134 14135 void EncryptDecryptErrorCallback(const Tpm::EncryptDecryptResponse& callback, 14136 TPM_RC response_code) { 14137 VLOG(1) << __func__; 14138 callback.Run(response_code, TPM2B_MAX_BUFFER(), TPM2B_IV()); 14139 } 14140 14141 void EncryptDecryptResponseParser(const Tpm::EncryptDecryptResponse& callback, 14142 AuthorizationDelegate* authorization_delegate, 14143 const std::string& response) { 14144 VLOG(1) << __func__; 14145 base::Callback<void(TPM_RC)> error_reporter = 14146 base::Bind(EncryptDecryptErrorCallback, callback); 14147 TPM2B_MAX_BUFFER out_data; 14148 TPM2B_IV iv_out; 14149 TPM_RC rc = Tpm::ParseResponse_EncryptDecrypt(response, &out_data, &iv_out, 14150 authorization_delegate); 14151 if (rc != TPM_RC_SUCCESS) { 14152 error_reporter.Run(rc); 14153 return; 14154 } 14155 callback.Run(rc, out_data, iv_out); 14156 } 14157 14158 void Tpm::EncryptDecrypt(const TPMI_DH_OBJECT& key_handle, 14159 const std::string& key_handle_name, 14160 const TPMI_YES_NO& decrypt, 14161 const TPMI_ALG_SYM_MODE& mode, 14162 const TPM2B_IV& iv_in, 14163 const TPM2B_MAX_BUFFER& in_data, 14164 AuthorizationDelegate* authorization_delegate, 14165 const EncryptDecryptResponse& callback) { 14166 VLOG(1) << __func__; 14167 base::Callback<void(TPM_RC)> error_reporter = 14168 base::Bind(EncryptDecryptErrorCallback, callback); 14169 base::Callback<void(const std::string&)> parser = base::Bind( 14170 EncryptDecryptResponseParser, callback, authorization_delegate); 14171 std::string command; 14172 TPM_RC rc = SerializeCommand_EncryptDecrypt(key_handle, key_handle_name, 14173 decrypt, mode, iv_in, in_data, 14174 &command, authorization_delegate); 14175 if (rc != TPM_RC_SUCCESS) { 14176 error_reporter.Run(rc); 14177 return; 14178 } 14179 transceiver_->SendCommand(command, parser); 14180 } 14181 14182 TPM_RC Tpm::EncryptDecryptSync(const TPMI_DH_OBJECT& key_handle, 14183 const std::string& key_handle_name, 14184 const TPMI_YES_NO& decrypt, 14185 const TPMI_ALG_SYM_MODE& mode, 14186 const TPM2B_IV& iv_in, 14187 const TPM2B_MAX_BUFFER& in_data, 14188 TPM2B_MAX_BUFFER* out_data, 14189 TPM2B_IV* iv_out, 14190 AuthorizationDelegate* authorization_delegate) { 14191 VLOG(1) << __func__; 14192 std::string command; 14193 TPM_RC rc = SerializeCommand_EncryptDecrypt(key_handle, key_handle_name, 14194 decrypt, mode, iv_in, in_data, 14195 &command, authorization_delegate); 14196 if (rc != TPM_RC_SUCCESS) { 14197 return rc; 14198 } 14199 std::string response = transceiver_->SendCommandAndWait(command); 14200 rc = ParseResponse_EncryptDecrypt(response, out_data, iv_out, 14201 authorization_delegate); 14202 return rc; 14203 } 14204 14205 TPM_RC Tpm::SerializeCommand_Hash( 14206 const TPM2B_MAX_BUFFER& data, 14207 const TPMI_ALG_HASH& hash_alg, 14208 const TPMI_RH_HIERARCHY& hierarchy, 14209 std::string* serialized_command, 14210 AuthorizationDelegate* authorization_delegate) { 14211 VLOG(3) << __func__; 14212 TPM_RC rc = TPM_RC_SUCCESS; 14213 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14214 UINT32 command_size = 10; // Header size. 14215 std::string handle_section_bytes; 14216 std::string parameter_section_bytes; 14217 TPM_CC command_code = TPM_CC_Hash; 14218 bool is_command_parameter_encryption_possible = true; 14219 bool is_response_parameter_encryption_possible = true; 14220 std::string command_code_bytes; 14221 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14222 if (rc != TPM_RC_SUCCESS) { 14223 return rc; 14224 } 14225 std::string data_bytes; 14226 rc = Serialize_TPM2B_MAX_BUFFER(data, &data_bytes); 14227 if (rc != TPM_RC_SUCCESS) { 14228 return rc; 14229 } 14230 std::string hash_alg_bytes; 14231 rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes); 14232 if (rc != TPM_RC_SUCCESS) { 14233 return rc; 14234 } 14235 std::string hierarchy_bytes; 14236 rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes); 14237 if (rc != TPM_RC_SUCCESS) { 14238 return rc; 14239 } 14240 if (authorization_delegate) { 14241 // Encrypt just the parameter data, not the size. 14242 std::string tmp = data_bytes.substr(2); 14243 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 14244 return TRUNKS_RC_ENCRYPTION_FAILED; 14245 } 14246 data_bytes.replace(2, std::string::npos, tmp); 14247 } 14248 std::unique_ptr<crypto::SecureHash> hash( 14249 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14250 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14251 hash->Update(data_bytes.data(), data_bytes.size()); 14252 parameter_section_bytes += data_bytes; 14253 command_size += data_bytes.size(); 14254 hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size()); 14255 parameter_section_bytes += hash_alg_bytes; 14256 command_size += hash_alg_bytes.size(); 14257 hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size()); 14258 parameter_section_bytes += hierarchy_bytes; 14259 command_size += hierarchy_bytes.size(); 14260 std::string command_hash(32, 0); 14261 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14262 std::string authorization_section_bytes; 14263 std::string authorization_size_bytes; 14264 if (authorization_delegate) { 14265 if (!authorization_delegate->GetCommandAuthorization( 14266 command_hash, is_command_parameter_encryption_possible, 14267 is_response_parameter_encryption_possible, 14268 &authorization_section_bytes)) { 14269 return TRUNKS_RC_AUTHORIZATION_FAILED; 14270 } 14271 if (!authorization_section_bytes.empty()) { 14272 tag = TPM_ST_SESSIONS; 14273 std::string tmp; 14274 rc = Serialize_UINT32(authorization_section_bytes.size(), 14275 &authorization_size_bytes); 14276 if (rc != TPM_RC_SUCCESS) { 14277 return rc; 14278 } 14279 command_size += 14280 authorization_size_bytes.size() + authorization_section_bytes.size(); 14281 } 14282 } 14283 std::string tag_bytes; 14284 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 14285 if (rc != TPM_RC_SUCCESS) { 14286 return rc; 14287 } 14288 std::string command_size_bytes; 14289 rc = Serialize_UINT32(command_size, &command_size_bytes); 14290 if (rc != TPM_RC_SUCCESS) { 14291 return rc; 14292 } 14293 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 14294 handle_section_bytes + authorization_size_bytes + 14295 authorization_section_bytes + parameter_section_bytes; 14296 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14297 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14298 serialized_command->size()); 14299 return TPM_RC_SUCCESS; 14300 } 14301 14302 TPM_RC Tpm::ParseResponse_Hash(const std::string& response, 14303 TPM2B_DIGEST* out_hash, 14304 TPMT_TK_HASHCHECK* validation, 14305 AuthorizationDelegate* authorization_delegate) { 14306 VLOG(3) << __func__; 14307 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14308 TPM_RC rc = TPM_RC_SUCCESS; 14309 std::string buffer(response); 14310 TPM_ST tag; 14311 std::string tag_bytes; 14312 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 14313 if (rc != TPM_RC_SUCCESS) { 14314 return rc; 14315 } 14316 UINT32 response_size; 14317 std::string response_size_bytes; 14318 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 14319 if (rc != TPM_RC_SUCCESS) { 14320 return rc; 14321 } 14322 TPM_RC response_code; 14323 std::string response_code_bytes; 14324 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 14325 if (rc != TPM_RC_SUCCESS) { 14326 return rc; 14327 } 14328 if (response_size != response.size()) { 14329 return TPM_RC_SIZE; 14330 } 14331 if (response_code != TPM_RC_SUCCESS) { 14332 return response_code; 14333 } 14334 TPM_CC command_code = TPM_CC_Hash; 14335 std::string command_code_bytes; 14336 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14337 if (rc != TPM_RC_SUCCESS) { 14338 return rc; 14339 } 14340 std::string authorization_section_bytes; 14341 if (tag == TPM_ST_SESSIONS) { 14342 UINT32 parameter_section_size = buffer.size(); 14343 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14344 if (rc != TPM_RC_SUCCESS) { 14345 return rc; 14346 } 14347 if (parameter_section_size > buffer.size()) { 14348 return TPM_RC_INSUFFICIENT; 14349 } 14350 authorization_section_bytes = buffer.substr(parameter_section_size); 14351 // Keep the parameter section in |buffer|. 14352 buffer.erase(parameter_section_size); 14353 } 14354 std::unique_ptr<crypto::SecureHash> hash( 14355 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14356 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 14357 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14358 hash->Update(buffer.data(), buffer.size()); 14359 std::string response_hash(32, 0); 14360 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14361 if (tag == TPM_ST_SESSIONS) { 14362 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14363 if (!authorization_delegate->CheckResponseAuthorization( 14364 response_hash, authorization_section_bytes)) { 14365 return TRUNKS_RC_AUTHORIZATION_FAILED; 14366 } 14367 } 14368 std::string out_hash_bytes; 14369 rc = Parse_TPM2B_DIGEST(&buffer, out_hash, &out_hash_bytes); 14370 if (rc != TPM_RC_SUCCESS) { 14371 return rc; 14372 } 14373 std::string validation_bytes; 14374 rc = Parse_TPMT_TK_HASHCHECK(&buffer, validation, &validation_bytes); 14375 if (rc != TPM_RC_SUCCESS) { 14376 return rc; 14377 } 14378 if (tag == TPM_ST_SESSIONS) { 14379 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14380 // Decrypt just the parameter data, not the size. 14381 std::string tmp = out_hash_bytes.substr(2); 14382 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14383 return TRUNKS_RC_ENCRYPTION_FAILED; 14384 } 14385 out_hash_bytes.replace(2, std::string::npos, tmp); 14386 rc = Parse_TPM2B_DIGEST(&out_hash_bytes, out_hash, nullptr); 14387 if (rc != TPM_RC_SUCCESS) { 14388 return rc; 14389 } 14390 } 14391 return TPM_RC_SUCCESS; 14392 } 14393 14394 void HashErrorCallback(const Tpm::HashResponse& callback, 14395 TPM_RC response_code) { 14396 VLOG(1) << __func__; 14397 callback.Run(response_code, TPM2B_DIGEST(), TPMT_TK_HASHCHECK()); 14398 } 14399 14400 void HashResponseParser(const Tpm::HashResponse& callback, 14401 AuthorizationDelegate* authorization_delegate, 14402 const std::string& response) { 14403 VLOG(1) << __func__; 14404 base::Callback<void(TPM_RC)> error_reporter = 14405 base::Bind(HashErrorCallback, callback); 14406 TPM2B_DIGEST out_hash; 14407 TPMT_TK_HASHCHECK validation; 14408 TPM_RC rc = Tpm::ParseResponse_Hash(response, &out_hash, &validation, 14409 authorization_delegate); 14410 if (rc != TPM_RC_SUCCESS) { 14411 error_reporter.Run(rc); 14412 return; 14413 } 14414 callback.Run(rc, out_hash, validation); 14415 } 14416 14417 void Tpm::Hash(const TPM2B_MAX_BUFFER& data, 14418 const TPMI_ALG_HASH& hash_alg, 14419 const TPMI_RH_HIERARCHY& hierarchy, 14420 AuthorizationDelegate* authorization_delegate, 14421 const HashResponse& callback) { 14422 VLOG(1) << __func__; 14423 base::Callback<void(TPM_RC)> error_reporter = 14424 base::Bind(HashErrorCallback, callback); 14425 base::Callback<void(const std::string&)> parser = 14426 base::Bind(HashResponseParser, callback, authorization_delegate); 14427 std::string command; 14428 TPM_RC rc = SerializeCommand_Hash(data, hash_alg, hierarchy, &command, 14429 authorization_delegate); 14430 if (rc != TPM_RC_SUCCESS) { 14431 error_reporter.Run(rc); 14432 return; 14433 } 14434 transceiver_->SendCommand(command, parser); 14435 } 14436 14437 TPM_RC Tpm::HashSync(const TPM2B_MAX_BUFFER& data, 14438 const TPMI_ALG_HASH& hash_alg, 14439 const TPMI_RH_HIERARCHY& hierarchy, 14440 TPM2B_DIGEST* out_hash, 14441 TPMT_TK_HASHCHECK* validation, 14442 AuthorizationDelegate* authorization_delegate) { 14443 VLOG(1) << __func__; 14444 std::string command; 14445 TPM_RC rc = SerializeCommand_Hash(data, hash_alg, hierarchy, &command, 14446 authorization_delegate); 14447 if (rc != TPM_RC_SUCCESS) { 14448 return rc; 14449 } 14450 std::string response = transceiver_->SendCommandAndWait(command); 14451 rc = ParseResponse_Hash(response, out_hash, validation, 14452 authorization_delegate); 14453 return rc; 14454 } 14455 14456 TPM_RC Tpm::SerializeCommand_HMAC( 14457 const TPMI_DH_OBJECT& handle, 14458 const std::string& handle_name, 14459 const TPM2B_MAX_BUFFER& buffer, 14460 const TPMI_ALG_HASH& hash_alg, 14461 std::string* serialized_command, 14462 AuthorizationDelegate* authorization_delegate) { 14463 VLOG(3) << __func__; 14464 TPM_RC rc = TPM_RC_SUCCESS; 14465 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14466 UINT32 command_size = 10; // Header size. 14467 std::string handle_section_bytes; 14468 std::string parameter_section_bytes; 14469 TPM_CC command_code = TPM_CC_HMAC; 14470 bool is_command_parameter_encryption_possible = true; 14471 bool is_response_parameter_encryption_possible = true; 14472 std::string command_code_bytes; 14473 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14474 if (rc != TPM_RC_SUCCESS) { 14475 return rc; 14476 } 14477 std::string handle_bytes; 14478 rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes); 14479 if (rc != TPM_RC_SUCCESS) { 14480 return rc; 14481 } 14482 std::string buffer_bytes; 14483 rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes); 14484 if (rc != TPM_RC_SUCCESS) { 14485 return rc; 14486 } 14487 std::string hash_alg_bytes; 14488 rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes); 14489 if (rc != TPM_RC_SUCCESS) { 14490 return rc; 14491 } 14492 if (authorization_delegate) { 14493 // Encrypt just the parameter data, not the size. 14494 std::string tmp = buffer_bytes.substr(2); 14495 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 14496 return TRUNKS_RC_ENCRYPTION_FAILED; 14497 } 14498 buffer_bytes.replace(2, std::string::npos, tmp); 14499 } 14500 std::unique_ptr<crypto::SecureHash> hash( 14501 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14502 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14503 hash->Update(handle_name.data(), handle_name.size()); 14504 handle_section_bytes += handle_bytes; 14505 command_size += handle_bytes.size(); 14506 hash->Update(buffer_bytes.data(), buffer_bytes.size()); 14507 parameter_section_bytes += buffer_bytes; 14508 command_size += buffer_bytes.size(); 14509 hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size()); 14510 parameter_section_bytes += hash_alg_bytes; 14511 command_size += hash_alg_bytes.size(); 14512 std::string command_hash(32, 0); 14513 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14514 std::string authorization_section_bytes; 14515 std::string authorization_size_bytes; 14516 if (authorization_delegate) { 14517 if (!authorization_delegate->GetCommandAuthorization( 14518 command_hash, is_command_parameter_encryption_possible, 14519 is_response_parameter_encryption_possible, 14520 &authorization_section_bytes)) { 14521 return TRUNKS_RC_AUTHORIZATION_FAILED; 14522 } 14523 if (!authorization_section_bytes.empty()) { 14524 tag = TPM_ST_SESSIONS; 14525 std::string tmp; 14526 rc = Serialize_UINT32(authorization_section_bytes.size(), 14527 &authorization_size_bytes); 14528 if (rc != TPM_RC_SUCCESS) { 14529 return rc; 14530 } 14531 command_size += 14532 authorization_size_bytes.size() + authorization_section_bytes.size(); 14533 } 14534 } 14535 std::string tag_bytes; 14536 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 14537 if (rc != TPM_RC_SUCCESS) { 14538 return rc; 14539 } 14540 std::string command_size_bytes; 14541 rc = Serialize_UINT32(command_size, &command_size_bytes); 14542 if (rc != TPM_RC_SUCCESS) { 14543 return rc; 14544 } 14545 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 14546 handle_section_bytes + authorization_size_bytes + 14547 authorization_section_bytes + parameter_section_bytes; 14548 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14549 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14550 serialized_command->size()); 14551 return TPM_RC_SUCCESS; 14552 } 14553 14554 TPM_RC Tpm::ParseResponse_HMAC(const std::string& response, 14555 TPM2B_DIGEST* out_hmac, 14556 AuthorizationDelegate* authorization_delegate) { 14557 VLOG(3) << __func__; 14558 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14559 TPM_RC rc = TPM_RC_SUCCESS; 14560 std::string buffer(response); 14561 TPM_ST tag; 14562 std::string tag_bytes; 14563 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 14564 if (rc != TPM_RC_SUCCESS) { 14565 return rc; 14566 } 14567 UINT32 response_size; 14568 std::string response_size_bytes; 14569 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 14570 if (rc != TPM_RC_SUCCESS) { 14571 return rc; 14572 } 14573 TPM_RC response_code; 14574 std::string response_code_bytes; 14575 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 14576 if (rc != TPM_RC_SUCCESS) { 14577 return rc; 14578 } 14579 if (response_size != response.size()) { 14580 return TPM_RC_SIZE; 14581 } 14582 if (response_code != TPM_RC_SUCCESS) { 14583 return response_code; 14584 } 14585 TPM_CC command_code = TPM_CC_HMAC; 14586 std::string command_code_bytes; 14587 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14588 if (rc != TPM_RC_SUCCESS) { 14589 return rc; 14590 } 14591 std::string authorization_section_bytes; 14592 if (tag == TPM_ST_SESSIONS) { 14593 UINT32 parameter_section_size = buffer.size(); 14594 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14595 if (rc != TPM_RC_SUCCESS) { 14596 return rc; 14597 } 14598 if (parameter_section_size > buffer.size()) { 14599 return TPM_RC_INSUFFICIENT; 14600 } 14601 authorization_section_bytes = buffer.substr(parameter_section_size); 14602 // Keep the parameter section in |buffer|. 14603 buffer.erase(parameter_section_size); 14604 } 14605 std::unique_ptr<crypto::SecureHash> hash( 14606 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14607 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 14608 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14609 hash->Update(buffer.data(), buffer.size()); 14610 std::string response_hash(32, 0); 14611 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14612 if (tag == TPM_ST_SESSIONS) { 14613 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14614 if (!authorization_delegate->CheckResponseAuthorization( 14615 response_hash, authorization_section_bytes)) { 14616 return TRUNKS_RC_AUTHORIZATION_FAILED; 14617 } 14618 } 14619 std::string out_hmac_bytes; 14620 rc = Parse_TPM2B_DIGEST(&buffer, out_hmac, &out_hmac_bytes); 14621 if (rc != TPM_RC_SUCCESS) { 14622 return rc; 14623 } 14624 if (tag == TPM_ST_SESSIONS) { 14625 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14626 // Decrypt just the parameter data, not the size. 14627 std::string tmp = out_hmac_bytes.substr(2); 14628 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14629 return TRUNKS_RC_ENCRYPTION_FAILED; 14630 } 14631 out_hmac_bytes.replace(2, std::string::npos, tmp); 14632 rc = Parse_TPM2B_DIGEST(&out_hmac_bytes, out_hmac, nullptr); 14633 if (rc != TPM_RC_SUCCESS) { 14634 return rc; 14635 } 14636 } 14637 return TPM_RC_SUCCESS; 14638 } 14639 14640 void HMACErrorCallback(const Tpm::HMACResponse& callback, 14641 TPM_RC response_code) { 14642 VLOG(1) << __func__; 14643 callback.Run(response_code, TPM2B_DIGEST()); 14644 } 14645 14646 void HMACResponseParser(const Tpm::HMACResponse& callback, 14647 AuthorizationDelegate* authorization_delegate, 14648 const std::string& response) { 14649 VLOG(1) << __func__; 14650 base::Callback<void(TPM_RC)> error_reporter = 14651 base::Bind(HMACErrorCallback, callback); 14652 TPM2B_DIGEST out_hmac; 14653 TPM_RC rc = 14654 Tpm::ParseResponse_HMAC(response, &out_hmac, authorization_delegate); 14655 if (rc != TPM_RC_SUCCESS) { 14656 error_reporter.Run(rc); 14657 return; 14658 } 14659 callback.Run(rc, out_hmac); 14660 } 14661 14662 void Tpm::HMAC(const TPMI_DH_OBJECT& handle, 14663 const std::string& handle_name, 14664 const TPM2B_MAX_BUFFER& buffer, 14665 const TPMI_ALG_HASH& hash_alg, 14666 AuthorizationDelegate* authorization_delegate, 14667 const HMACResponse& callback) { 14668 VLOG(1) << __func__; 14669 base::Callback<void(TPM_RC)> error_reporter = 14670 base::Bind(HMACErrorCallback, callback); 14671 base::Callback<void(const std::string&)> parser = 14672 base::Bind(HMACResponseParser, callback, authorization_delegate); 14673 std::string command; 14674 TPM_RC rc = SerializeCommand_HMAC(handle, handle_name, buffer, hash_alg, 14675 &command, authorization_delegate); 14676 if (rc != TPM_RC_SUCCESS) { 14677 error_reporter.Run(rc); 14678 return; 14679 } 14680 transceiver_->SendCommand(command, parser); 14681 } 14682 14683 TPM_RC Tpm::HMACSync(const TPMI_DH_OBJECT& handle, 14684 const std::string& handle_name, 14685 const TPM2B_MAX_BUFFER& buffer, 14686 const TPMI_ALG_HASH& hash_alg, 14687 TPM2B_DIGEST* out_hmac, 14688 AuthorizationDelegate* authorization_delegate) { 14689 VLOG(1) << __func__; 14690 std::string command; 14691 TPM_RC rc = SerializeCommand_HMAC(handle, handle_name, buffer, hash_alg, 14692 &command, authorization_delegate); 14693 if (rc != TPM_RC_SUCCESS) { 14694 return rc; 14695 } 14696 std::string response = transceiver_->SendCommandAndWait(command); 14697 rc = ParseResponse_HMAC(response, out_hmac, authorization_delegate); 14698 return rc; 14699 } 14700 14701 TPM_RC Tpm::SerializeCommand_GetRandom( 14702 const UINT16& bytes_requested, 14703 std::string* serialized_command, 14704 AuthorizationDelegate* authorization_delegate) { 14705 VLOG(3) << __func__; 14706 TPM_RC rc = TPM_RC_SUCCESS; 14707 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14708 UINT32 command_size = 10; // Header size. 14709 std::string handle_section_bytes; 14710 std::string parameter_section_bytes; 14711 TPM_CC command_code = TPM_CC_GetRandom; 14712 bool is_command_parameter_encryption_possible = false; 14713 bool is_response_parameter_encryption_possible = true; 14714 std::string command_code_bytes; 14715 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14716 if (rc != TPM_RC_SUCCESS) { 14717 return rc; 14718 } 14719 std::string bytes_requested_bytes; 14720 rc = Serialize_UINT16(bytes_requested, &bytes_requested_bytes); 14721 if (rc != TPM_RC_SUCCESS) { 14722 return rc; 14723 } 14724 std::unique_ptr<crypto::SecureHash> hash( 14725 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14726 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14727 hash->Update(bytes_requested_bytes.data(), bytes_requested_bytes.size()); 14728 parameter_section_bytes += bytes_requested_bytes; 14729 command_size += bytes_requested_bytes.size(); 14730 std::string command_hash(32, 0); 14731 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14732 std::string authorization_section_bytes; 14733 std::string authorization_size_bytes; 14734 if (authorization_delegate) { 14735 if (!authorization_delegate->GetCommandAuthorization( 14736 command_hash, is_command_parameter_encryption_possible, 14737 is_response_parameter_encryption_possible, 14738 &authorization_section_bytes)) { 14739 return TRUNKS_RC_AUTHORIZATION_FAILED; 14740 } 14741 if (!authorization_section_bytes.empty()) { 14742 tag = TPM_ST_SESSIONS; 14743 std::string tmp; 14744 rc = Serialize_UINT32(authorization_section_bytes.size(), 14745 &authorization_size_bytes); 14746 if (rc != TPM_RC_SUCCESS) { 14747 return rc; 14748 } 14749 command_size += 14750 authorization_size_bytes.size() + authorization_section_bytes.size(); 14751 } 14752 } 14753 std::string tag_bytes; 14754 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 14755 if (rc != TPM_RC_SUCCESS) { 14756 return rc; 14757 } 14758 std::string command_size_bytes; 14759 rc = Serialize_UINT32(command_size, &command_size_bytes); 14760 if (rc != TPM_RC_SUCCESS) { 14761 return rc; 14762 } 14763 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 14764 handle_section_bytes + authorization_size_bytes + 14765 authorization_section_bytes + parameter_section_bytes; 14766 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14767 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14768 serialized_command->size()); 14769 return TPM_RC_SUCCESS; 14770 } 14771 14772 TPM_RC Tpm::ParseResponse_GetRandom( 14773 const std::string& response, 14774 TPM2B_DIGEST* random_bytes, 14775 AuthorizationDelegate* authorization_delegate) { 14776 VLOG(3) << __func__; 14777 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14778 TPM_RC rc = TPM_RC_SUCCESS; 14779 std::string buffer(response); 14780 TPM_ST tag; 14781 std::string tag_bytes; 14782 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 14783 if (rc != TPM_RC_SUCCESS) { 14784 return rc; 14785 } 14786 UINT32 response_size; 14787 std::string response_size_bytes; 14788 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 14789 if (rc != TPM_RC_SUCCESS) { 14790 return rc; 14791 } 14792 TPM_RC response_code; 14793 std::string response_code_bytes; 14794 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 14795 if (rc != TPM_RC_SUCCESS) { 14796 return rc; 14797 } 14798 if (response_size != response.size()) { 14799 return TPM_RC_SIZE; 14800 } 14801 if (response_code != TPM_RC_SUCCESS) { 14802 return response_code; 14803 } 14804 TPM_CC command_code = TPM_CC_GetRandom; 14805 std::string command_code_bytes; 14806 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14807 if (rc != TPM_RC_SUCCESS) { 14808 return rc; 14809 } 14810 std::string authorization_section_bytes; 14811 if (tag == TPM_ST_SESSIONS) { 14812 UINT32 parameter_section_size = buffer.size(); 14813 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14814 if (rc != TPM_RC_SUCCESS) { 14815 return rc; 14816 } 14817 if (parameter_section_size > buffer.size()) { 14818 return TPM_RC_INSUFFICIENT; 14819 } 14820 authorization_section_bytes = buffer.substr(parameter_section_size); 14821 // Keep the parameter section in |buffer|. 14822 buffer.erase(parameter_section_size); 14823 } 14824 std::unique_ptr<crypto::SecureHash> hash( 14825 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14826 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 14827 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14828 hash->Update(buffer.data(), buffer.size()); 14829 std::string response_hash(32, 0); 14830 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14831 if (tag == TPM_ST_SESSIONS) { 14832 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14833 if (!authorization_delegate->CheckResponseAuthorization( 14834 response_hash, authorization_section_bytes)) { 14835 return TRUNKS_RC_AUTHORIZATION_FAILED; 14836 } 14837 } 14838 std::string random_bytes_bytes; 14839 rc = Parse_TPM2B_DIGEST(&buffer, random_bytes, &random_bytes_bytes); 14840 if (rc != TPM_RC_SUCCESS) { 14841 return rc; 14842 } 14843 if (tag == TPM_ST_SESSIONS) { 14844 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14845 // Decrypt just the parameter data, not the size. 14846 std::string tmp = random_bytes_bytes.substr(2); 14847 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14848 return TRUNKS_RC_ENCRYPTION_FAILED; 14849 } 14850 random_bytes_bytes.replace(2, std::string::npos, tmp); 14851 rc = Parse_TPM2B_DIGEST(&random_bytes_bytes, random_bytes, nullptr); 14852 if (rc != TPM_RC_SUCCESS) { 14853 return rc; 14854 } 14855 } 14856 return TPM_RC_SUCCESS; 14857 } 14858 14859 void GetRandomErrorCallback(const Tpm::GetRandomResponse& callback, 14860 TPM_RC response_code) { 14861 VLOG(1) << __func__; 14862 callback.Run(response_code, TPM2B_DIGEST()); 14863 } 14864 14865 void GetRandomResponseParser(const Tpm::GetRandomResponse& callback, 14866 AuthorizationDelegate* authorization_delegate, 14867 const std::string& response) { 14868 VLOG(1) << __func__; 14869 base::Callback<void(TPM_RC)> error_reporter = 14870 base::Bind(GetRandomErrorCallback, callback); 14871 TPM2B_DIGEST random_bytes; 14872 TPM_RC rc = Tpm::ParseResponse_GetRandom(response, &random_bytes, 14873 authorization_delegate); 14874 if (rc != TPM_RC_SUCCESS) { 14875 error_reporter.Run(rc); 14876 return; 14877 } 14878 callback.Run(rc, random_bytes); 14879 } 14880 14881 void Tpm::GetRandom(const UINT16& bytes_requested, 14882 AuthorizationDelegate* authorization_delegate, 14883 const GetRandomResponse& callback) { 14884 VLOG(1) << __func__; 14885 base::Callback<void(TPM_RC)> error_reporter = 14886 base::Bind(GetRandomErrorCallback, callback); 14887 base::Callback<void(const std::string&)> parser = 14888 base::Bind(GetRandomResponseParser, callback, authorization_delegate); 14889 std::string command; 14890 TPM_RC rc = SerializeCommand_GetRandom(bytes_requested, &command, 14891 authorization_delegate); 14892 if (rc != TPM_RC_SUCCESS) { 14893 error_reporter.Run(rc); 14894 return; 14895 } 14896 transceiver_->SendCommand(command, parser); 14897 } 14898 14899 TPM_RC Tpm::GetRandomSync(const UINT16& bytes_requested, 14900 TPM2B_DIGEST* random_bytes, 14901 AuthorizationDelegate* authorization_delegate) { 14902 VLOG(1) << __func__; 14903 std::string command; 14904 TPM_RC rc = SerializeCommand_GetRandom(bytes_requested, &command, 14905 authorization_delegate); 14906 if (rc != TPM_RC_SUCCESS) { 14907 return rc; 14908 } 14909 std::string response = transceiver_->SendCommandAndWait(command); 14910 rc = ParseResponse_GetRandom(response, random_bytes, authorization_delegate); 14911 return rc; 14912 } 14913 14914 TPM_RC Tpm::SerializeCommand_StirRandom( 14915 const TPM2B_SENSITIVE_DATA& in_data, 14916 std::string* serialized_command, 14917 AuthorizationDelegate* authorization_delegate) { 14918 VLOG(3) << __func__; 14919 TPM_RC rc = TPM_RC_SUCCESS; 14920 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14921 UINT32 command_size = 10; // Header size. 14922 std::string handle_section_bytes; 14923 std::string parameter_section_bytes; 14924 TPM_CC command_code = TPM_CC_StirRandom; 14925 bool is_command_parameter_encryption_possible = true; 14926 bool is_response_parameter_encryption_possible = false; 14927 std::string command_code_bytes; 14928 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 14929 if (rc != TPM_RC_SUCCESS) { 14930 return rc; 14931 } 14932 std::string in_data_bytes; 14933 rc = Serialize_TPM2B_SENSITIVE_DATA(in_data, &in_data_bytes); 14934 if (rc != TPM_RC_SUCCESS) { 14935 return rc; 14936 } 14937 if (authorization_delegate) { 14938 // Encrypt just the parameter data, not the size. 14939 std::string tmp = in_data_bytes.substr(2); 14940 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 14941 return TRUNKS_RC_ENCRYPTION_FAILED; 14942 } 14943 in_data_bytes.replace(2, std::string::npos, tmp); 14944 } 14945 std::unique_ptr<crypto::SecureHash> hash( 14946 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 14947 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 14948 hash->Update(in_data_bytes.data(), in_data_bytes.size()); 14949 parameter_section_bytes += in_data_bytes; 14950 command_size += in_data_bytes.size(); 14951 std::string command_hash(32, 0); 14952 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14953 std::string authorization_section_bytes; 14954 std::string authorization_size_bytes; 14955 if (authorization_delegate) { 14956 if (!authorization_delegate->GetCommandAuthorization( 14957 command_hash, is_command_parameter_encryption_possible, 14958 is_response_parameter_encryption_possible, 14959 &authorization_section_bytes)) { 14960 return TRUNKS_RC_AUTHORIZATION_FAILED; 14961 } 14962 if (!authorization_section_bytes.empty()) { 14963 tag = TPM_ST_SESSIONS; 14964 std::string tmp; 14965 rc = Serialize_UINT32(authorization_section_bytes.size(), 14966 &authorization_size_bytes); 14967 if (rc != TPM_RC_SUCCESS) { 14968 return rc; 14969 } 14970 command_size += 14971 authorization_size_bytes.size() + authorization_section_bytes.size(); 14972 } 14973 } 14974 std::string tag_bytes; 14975 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 14976 if (rc != TPM_RC_SUCCESS) { 14977 return rc; 14978 } 14979 std::string command_size_bytes; 14980 rc = Serialize_UINT32(command_size, &command_size_bytes); 14981 if (rc != TPM_RC_SUCCESS) { 14982 return rc; 14983 } 14984 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 14985 handle_section_bytes + authorization_size_bytes + 14986 authorization_section_bytes + parameter_section_bytes; 14987 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14988 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14989 serialized_command->size()); 14990 return TPM_RC_SUCCESS; 14991 } 14992 14993 TPM_RC Tpm::ParseResponse_StirRandom( 14994 const std::string& response, 14995 AuthorizationDelegate* authorization_delegate) { 14996 VLOG(3) << __func__; 14997 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14998 TPM_RC rc = TPM_RC_SUCCESS; 14999 std::string buffer(response); 15000 TPM_ST tag; 15001 std::string tag_bytes; 15002 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 15003 if (rc != TPM_RC_SUCCESS) { 15004 return rc; 15005 } 15006 UINT32 response_size; 15007 std::string response_size_bytes; 15008 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 15009 if (rc != TPM_RC_SUCCESS) { 15010 return rc; 15011 } 15012 TPM_RC response_code; 15013 std::string response_code_bytes; 15014 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 15015 if (rc != TPM_RC_SUCCESS) { 15016 return rc; 15017 } 15018 if (response_size != response.size()) { 15019 return TPM_RC_SIZE; 15020 } 15021 if (response_code != TPM_RC_SUCCESS) { 15022 return response_code; 15023 } 15024 TPM_CC command_code = TPM_CC_StirRandom; 15025 std::string command_code_bytes; 15026 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15027 if (rc != TPM_RC_SUCCESS) { 15028 return rc; 15029 } 15030 std::string authorization_section_bytes; 15031 if (tag == TPM_ST_SESSIONS) { 15032 UINT32 parameter_section_size = buffer.size(); 15033 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15034 if (rc != TPM_RC_SUCCESS) { 15035 return rc; 15036 } 15037 if (parameter_section_size > buffer.size()) { 15038 return TPM_RC_INSUFFICIENT; 15039 } 15040 authorization_section_bytes = buffer.substr(parameter_section_size); 15041 // Keep the parameter section in |buffer|. 15042 buffer.erase(parameter_section_size); 15043 } 15044 std::unique_ptr<crypto::SecureHash> hash( 15045 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15046 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 15047 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15048 hash->Update(buffer.data(), buffer.size()); 15049 std::string response_hash(32, 0); 15050 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15051 if (tag == TPM_ST_SESSIONS) { 15052 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15053 if (!authorization_delegate->CheckResponseAuthorization( 15054 response_hash, authorization_section_bytes)) { 15055 return TRUNKS_RC_AUTHORIZATION_FAILED; 15056 } 15057 } 15058 return TPM_RC_SUCCESS; 15059 } 15060 15061 void StirRandomErrorCallback(const Tpm::StirRandomResponse& callback, 15062 TPM_RC response_code) { 15063 VLOG(1) << __func__; 15064 callback.Run(response_code); 15065 } 15066 15067 void StirRandomResponseParser(const Tpm::StirRandomResponse& callback, 15068 AuthorizationDelegate* authorization_delegate, 15069 const std::string& response) { 15070 VLOG(1) << __func__; 15071 base::Callback<void(TPM_RC)> error_reporter = 15072 base::Bind(StirRandomErrorCallback, callback); 15073 TPM_RC rc = Tpm::ParseResponse_StirRandom(response, authorization_delegate); 15074 if (rc != TPM_RC_SUCCESS) { 15075 error_reporter.Run(rc); 15076 return; 15077 } 15078 callback.Run(rc); 15079 } 15080 15081 void Tpm::StirRandom(const TPM2B_SENSITIVE_DATA& in_data, 15082 AuthorizationDelegate* authorization_delegate, 15083 const StirRandomResponse& callback) { 15084 VLOG(1) << __func__; 15085 base::Callback<void(TPM_RC)> error_reporter = 15086 base::Bind(StirRandomErrorCallback, callback); 15087 base::Callback<void(const std::string&)> parser = 15088 base::Bind(StirRandomResponseParser, callback, authorization_delegate); 15089 std::string command; 15090 TPM_RC rc = 15091 SerializeCommand_StirRandom(in_data, &command, authorization_delegate); 15092 if (rc != TPM_RC_SUCCESS) { 15093 error_reporter.Run(rc); 15094 return; 15095 } 15096 transceiver_->SendCommand(command, parser); 15097 } 15098 15099 TPM_RC Tpm::StirRandomSync(const TPM2B_SENSITIVE_DATA& in_data, 15100 AuthorizationDelegate* authorization_delegate) { 15101 VLOG(1) << __func__; 15102 std::string command; 15103 TPM_RC rc = 15104 SerializeCommand_StirRandom(in_data, &command, authorization_delegate); 15105 if (rc != TPM_RC_SUCCESS) { 15106 return rc; 15107 } 15108 std::string response = transceiver_->SendCommandAndWait(command); 15109 rc = ParseResponse_StirRandom(response, authorization_delegate); 15110 return rc; 15111 } 15112 15113 TPM_RC Tpm::SerializeCommand_HMAC_Start( 15114 const TPMI_DH_OBJECT& handle, 15115 const std::string& handle_name, 15116 const TPM2B_AUTH& auth, 15117 const TPMI_ALG_HASH& hash_alg, 15118 std::string* serialized_command, 15119 AuthorizationDelegate* authorization_delegate) { 15120 VLOG(3) << __func__; 15121 TPM_RC rc = TPM_RC_SUCCESS; 15122 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15123 UINT32 command_size = 10; // Header size. 15124 std::string handle_section_bytes; 15125 std::string parameter_section_bytes; 15126 TPM_CC command_code = TPM_CC_HMAC_Start; 15127 bool is_command_parameter_encryption_possible = true; 15128 bool is_response_parameter_encryption_possible = false; 15129 std::string command_code_bytes; 15130 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15131 if (rc != TPM_RC_SUCCESS) { 15132 return rc; 15133 } 15134 std::string handle_bytes; 15135 rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes); 15136 if (rc != TPM_RC_SUCCESS) { 15137 return rc; 15138 } 15139 std::string auth_bytes; 15140 rc = Serialize_TPM2B_AUTH(auth, &auth_bytes); 15141 if (rc != TPM_RC_SUCCESS) { 15142 return rc; 15143 } 15144 std::string hash_alg_bytes; 15145 rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes); 15146 if (rc != TPM_RC_SUCCESS) { 15147 return rc; 15148 } 15149 if (authorization_delegate) { 15150 // Encrypt just the parameter data, not the size. 15151 std::string tmp = auth_bytes.substr(2); 15152 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15153 return TRUNKS_RC_ENCRYPTION_FAILED; 15154 } 15155 auth_bytes.replace(2, std::string::npos, tmp); 15156 } 15157 std::unique_ptr<crypto::SecureHash> hash( 15158 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15159 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15160 hash->Update(handle_name.data(), handle_name.size()); 15161 handle_section_bytes += handle_bytes; 15162 command_size += handle_bytes.size(); 15163 hash->Update(auth_bytes.data(), auth_bytes.size()); 15164 parameter_section_bytes += auth_bytes; 15165 command_size += auth_bytes.size(); 15166 hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size()); 15167 parameter_section_bytes += hash_alg_bytes; 15168 command_size += hash_alg_bytes.size(); 15169 std::string command_hash(32, 0); 15170 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15171 std::string authorization_section_bytes; 15172 std::string authorization_size_bytes; 15173 if (authorization_delegate) { 15174 if (!authorization_delegate->GetCommandAuthorization( 15175 command_hash, is_command_parameter_encryption_possible, 15176 is_response_parameter_encryption_possible, 15177 &authorization_section_bytes)) { 15178 return TRUNKS_RC_AUTHORIZATION_FAILED; 15179 } 15180 if (!authorization_section_bytes.empty()) { 15181 tag = TPM_ST_SESSIONS; 15182 std::string tmp; 15183 rc = Serialize_UINT32(authorization_section_bytes.size(), 15184 &authorization_size_bytes); 15185 if (rc != TPM_RC_SUCCESS) { 15186 return rc; 15187 } 15188 command_size += 15189 authorization_size_bytes.size() + authorization_section_bytes.size(); 15190 } 15191 } 15192 std::string tag_bytes; 15193 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 15194 if (rc != TPM_RC_SUCCESS) { 15195 return rc; 15196 } 15197 std::string command_size_bytes; 15198 rc = Serialize_UINT32(command_size, &command_size_bytes); 15199 if (rc != TPM_RC_SUCCESS) { 15200 return rc; 15201 } 15202 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 15203 handle_section_bytes + authorization_size_bytes + 15204 authorization_section_bytes + parameter_section_bytes; 15205 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15206 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15207 serialized_command->size()); 15208 return TPM_RC_SUCCESS; 15209 } 15210 15211 TPM_RC Tpm::ParseResponse_HMAC_Start( 15212 const std::string& response, 15213 TPMI_DH_OBJECT* sequence_handle, 15214 AuthorizationDelegate* authorization_delegate) { 15215 VLOG(3) << __func__; 15216 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15217 TPM_RC rc = TPM_RC_SUCCESS; 15218 std::string buffer(response); 15219 TPM_ST tag; 15220 std::string tag_bytes; 15221 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 15222 if (rc != TPM_RC_SUCCESS) { 15223 return rc; 15224 } 15225 UINT32 response_size; 15226 std::string response_size_bytes; 15227 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 15228 if (rc != TPM_RC_SUCCESS) { 15229 return rc; 15230 } 15231 TPM_RC response_code; 15232 std::string response_code_bytes; 15233 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 15234 if (rc != TPM_RC_SUCCESS) { 15235 return rc; 15236 } 15237 if (response_size != response.size()) { 15238 return TPM_RC_SIZE; 15239 } 15240 if (response_code != TPM_RC_SUCCESS) { 15241 return response_code; 15242 } 15243 std::string sequence_handle_bytes; 15244 rc = Parse_TPMI_DH_OBJECT(&buffer, sequence_handle, &sequence_handle_bytes); 15245 if (rc != TPM_RC_SUCCESS) { 15246 return rc; 15247 } 15248 TPM_CC command_code = TPM_CC_HMAC_Start; 15249 std::string command_code_bytes; 15250 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15251 if (rc != TPM_RC_SUCCESS) { 15252 return rc; 15253 } 15254 std::string authorization_section_bytes; 15255 if (tag == TPM_ST_SESSIONS) { 15256 UINT32 parameter_section_size = buffer.size(); 15257 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15258 if (rc != TPM_RC_SUCCESS) { 15259 return rc; 15260 } 15261 if (parameter_section_size > buffer.size()) { 15262 return TPM_RC_INSUFFICIENT; 15263 } 15264 authorization_section_bytes = buffer.substr(parameter_section_size); 15265 // Keep the parameter section in |buffer|. 15266 buffer.erase(parameter_section_size); 15267 } 15268 std::unique_ptr<crypto::SecureHash> hash( 15269 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15270 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 15271 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15272 hash->Update(buffer.data(), buffer.size()); 15273 std::string response_hash(32, 0); 15274 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15275 if (tag == TPM_ST_SESSIONS) { 15276 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15277 if (!authorization_delegate->CheckResponseAuthorization( 15278 response_hash, authorization_section_bytes)) { 15279 return TRUNKS_RC_AUTHORIZATION_FAILED; 15280 } 15281 } 15282 return TPM_RC_SUCCESS; 15283 } 15284 15285 void HMAC_StartErrorCallback(const Tpm::HMAC_StartResponse& callback, 15286 TPM_RC response_code) { 15287 VLOG(1) << __func__; 15288 callback.Run(response_code, TPMI_DH_OBJECT()); 15289 } 15290 15291 void HMAC_StartResponseParser(const Tpm::HMAC_StartResponse& callback, 15292 AuthorizationDelegate* authorization_delegate, 15293 const std::string& response) { 15294 VLOG(1) << __func__; 15295 base::Callback<void(TPM_RC)> error_reporter = 15296 base::Bind(HMAC_StartErrorCallback, callback); 15297 TPMI_DH_OBJECT sequence_handle; 15298 TPM_RC rc = Tpm::ParseResponse_HMAC_Start(response, &sequence_handle, 15299 authorization_delegate); 15300 if (rc != TPM_RC_SUCCESS) { 15301 error_reporter.Run(rc); 15302 return; 15303 } 15304 callback.Run(rc, sequence_handle); 15305 } 15306 15307 void Tpm::HMAC_Start(const TPMI_DH_OBJECT& handle, 15308 const std::string& handle_name, 15309 const TPM2B_AUTH& auth, 15310 const TPMI_ALG_HASH& hash_alg, 15311 AuthorizationDelegate* authorization_delegate, 15312 const HMAC_StartResponse& callback) { 15313 VLOG(1) << __func__; 15314 base::Callback<void(TPM_RC)> error_reporter = 15315 base::Bind(HMAC_StartErrorCallback, callback); 15316 base::Callback<void(const std::string&)> parser = 15317 base::Bind(HMAC_StartResponseParser, callback, authorization_delegate); 15318 std::string command; 15319 TPM_RC rc = SerializeCommand_HMAC_Start(handle, handle_name, auth, hash_alg, 15320 &command, authorization_delegate); 15321 if (rc != TPM_RC_SUCCESS) { 15322 error_reporter.Run(rc); 15323 return; 15324 } 15325 transceiver_->SendCommand(command, parser); 15326 } 15327 15328 TPM_RC Tpm::HMAC_StartSync(const TPMI_DH_OBJECT& handle, 15329 const std::string& handle_name, 15330 const TPM2B_AUTH& auth, 15331 const TPMI_ALG_HASH& hash_alg, 15332 TPMI_DH_OBJECT* sequence_handle, 15333 AuthorizationDelegate* authorization_delegate) { 15334 VLOG(1) << __func__; 15335 std::string command; 15336 TPM_RC rc = SerializeCommand_HMAC_Start(handle, handle_name, auth, hash_alg, 15337 &command, authorization_delegate); 15338 if (rc != TPM_RC_SUCCESS) { 15339 return rc; 15340 } 15341 std::string response = transceiver_->SendCommandAndWait(command); 15342 rc = ParseResponse_HMAC_Start(response, sequence_handle, 15343 authorization_delegate); 15344 return rc; 15345 } 15346 15347 TPM_RC Tpm::SerializeCommand_HashSequenceStart( 15348 const TPM2B_AUTH& auth, 15349 const TPMI_ALG_HASH& hash_alg, 15350 std::string* serialized_command, 15351 AuthorizationDelegate* authorization_delegate) { 15352 VLOG(3) << __func__; 15353 TPM_RC rc = TPM_RC_SUCCESS; 15354 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15355 UINT32 command_size = 10; // Header size. 15356 std::string handle_section_bytes; 15357 std::string parameter_section_bytes; 15358 TPM_CC command_code = TPM_CC_HashSequenceStart; 15359 bool is_command_parameter_encryption_possible = true; 15360 bool is_response_parameter_encryption_possible = false; 15361 std::string command_code_bytes; 15362 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15363 if (rc != TPM_RC_SUCCESS) { 15364 return rc; 15365 } 15366 std::string auth_bytes; 15367 rc = Serialize_TPM2B_AUTH(auth, &auth_bytes); 15368 if (rc != TPM_RC_SUCCESS) { 15369 return rc; 15370 } 15371 std::string hash_alg_bytes; 15372 rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes); 15373 if (rc != TPM_RC_SUCCESS) { 15374 return rc; 15375 } 15376 if (authorization_delegate) { 15377 // Encrypt just the parameter data, not the size. 15378 std::string tmp = auth_bytes.substr(2); 15379 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15380 return TRUNKS_RC_ENCRYPTION_FAILED; 15381 } 15382 auth_bytes.replace(2, std::string::npos, tmp); 15383 } 15384 std::unique_ptr<crypto::SecureHash> hash( 15385 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15386 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15387 hash->Update(auth_bytes.data(), auth_bytes.size()); 15388 parameter_section_bytes += auth_bytes; 15389 command_size += auth_bytes.size(); 15390 hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size()); 15391 parameter_section_bytes += hash_alg_bytes; 15392 command_size += hash_alg_bytes.size(); 15393 std::string command_hash(32, 0); 15394 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15395 std::string authorization_section_bytes; 15396 std::string authorization_size_bytes; 15397 if (authorization_delegate) { 15398 if (!authorization_delegate->GetCommandAuthorization( 15399 command_hash, is_command_parameter_encryption_possible, 15400 is_response_parameter_encryption_possible, 15401 &authorization_section_bytes)) { 15402 return TRUNKS_RC_AUTHORIZATION_FAILED; 15403 } 15404 if (!authorization_section_bytes.empty()) { 15405 tag = TPM_ST_SESSIONS; 15406 std::string tmp; 15407 rc = Serialize_UINT32(authorization_section_bytes.size(), 15408 &authorization_size_bytes); 15409 if (rc != TPM_RC_SUCCESS) { 15410 return rc; 15411 } 15412 command_size += 15413 authorization_size_bytes.size() + authorization_section_bytes.size(); 15414 } 15415 } 15416 std::string tag_bytes; 15417 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 15418 if (rc != TPM_RC_SUCCESS) { 15419 return rc; 15420 } 15421 std::string command_size_bytes; 15422 rc = Serialize_UINT32(command_size, &command_size_bytes); 15423 if (rc != TPM_RC_SUCCESS) { 15424 return rc; 15425 } 15426 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 15427 handle_section_bytes + authorization_size_bytes + 15428 authorization_section_bytes + parameter_section_bytes; 15429 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15430 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15431 serialized_command->size()); 15432 return TPM_RC_SUCCESS; 15433 } 15434 15435 TPM_RC Tpm::ParseResponse_HashSequenceStart( 15436 const std::string& response, 15437 TPMI_DH_OBJECT* sequence_handle, 15438 AuthorizationDelegate* authorization_delegate) { 15439 VLOG(3) << __func__; 15440 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15441 TPM_RC rc = TPM_RC_SUCCESS; 15442 std::string buffer(response); 15443 TPM_ST tag; 15444 std::string tag_bytes; 15445 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 15446 if (rc != TPM_RC_SUCCESS) { 15447 return rc; 15448 } 15449 UINT32 response_size; 15450 std::string response_size_bytes; 15451 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 15452 if (rc != TPM_RC_SUCCESS) { 15453 return rc; 15454 } 15455 TPM_RC response_code; 15456 std::string response_code_bytes; 15457 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 15458 if (rc != TPM_RC_SUCCESS) { 15459 return rc; 15460 } 15461 if (response_size != response.size()) { 15462 return TPM_RC_SIZE; 15463 } 15464 if (response_code != TPM_RC_SUCCESS) { 15465 return response_code; 15466 } 15467 std::string sequence_handle_bytes; 15468 rc = Parse_TPMI_DH_OBJECT(&buffer, sequence_handle, &sequence_handle_bytes); 15469 if (rc != TPM_RC_SUCCESS) { 15470 return rc; 15471 } 15472 TPM_CC command_code = TPM_CC_HashSequenceStart; 15473 std::string command_code_bytes; 15474 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15475 if (rc != TPM_RC_SUCCESS) { 15476 return rc; 15477 } 15478 std::string authorization_section_bytes; 15479 if (tag == TPM_ST_SESSIONS) { 15480 UINT32 parameter_section_size = buffer.size(); 15481 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15482 if (rc != TPM_RC_SUCCESS) { 15483 return rc; 15484 } 15485 if (parameter_section_size > buffer.size()) { 15486 return TPM_RC_INSUFFICIENT; 15487 } 15488 authorization_section_bytes = buffer.substr(parameter_section_size); 15489 // Keep the parameter section in |buffer|. 15490 buffer.erase(parameter_section_size); 15491 } 15492 std::unique_ptr<crypto::SecureHash> hash( 15493 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15494 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 15495 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15496 hash->Update(buffer.data(), buffer.size()); 15497 std::string response_hash(32, 0); 15498 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15499 if (tag == TPM_ST_SESSIONS) { 15500 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15501 if (!authorization_delegate->CheckResponseAuthorization( 15502 response_hash, authorization_section_bytes)) { 15503 return TRUNKS_RC_AUTHORIZATION_FAILED; 15504 } 15505 } 15506 return TPM_RC_SUCCESS; 15507 } 15508 15509 void HashSequenceStartErrorCallback( 15510 const Tpm::HashSequenceStartResponse& callback, 15511 TPM_RC response_code) { 15512 VLOG(1) << __func__; 15513 callback.Run(response_code, TPMI_DH_OBJECT()); 15514 } 15515 15516 void HashSequenceStartResponseParser( 15517 const Tpm::HashSequenceStartResponse& callback, 15518 AuthorizationDelegate* authorization_delegate, 15519 const std::string& response) { 15520 VLOG(1) << __func__; 15521 base::Callback<void(TPM_RC)> error_reporter = 15522 base::Bind(HashSequenceStartErrorCallback, callback); 15523 TPMI_DH_OBJECT sequence_handle; 15524 TPM_RC rc = Tpm::ParseResponse_HashSequenceStart(response, &sequence_handle, 15525 authorization_delegate); 15526 if (rc != TPM_RC_SUCCESS) { 15527 error_reporter.Run(rc); 15528 return; 15529 } 15530 callback.Run(rc, sequence_handle); 15531 } 15532 15533 void Tpm::HashSequenceStart(const TPM2B_AUTH& auth, 15534 const TPMI_ALG_HASH& hash_alg, 15535 AuthorizationDelegate* authorization_delegate, 15536 const HashSequenceStartResponse& callback) { 15537 VLOG(1) << __func__; 15538 base::Callback<void(TPM_RC)> error_reporter = 15539 base::Bind(HashSequenceStartErrorCallback, callback); 15540 base::Callback<void(const std::string&)> parser = base::Bind( 15541 HashSequenceStartResponseParser, callback, authorization_delegate); 15542 std::string command; 15543 TPM_RC rc = SerializeCommand_HashSequenceStart(auth, hash_alg, &command, 15544 authorization_delegate); 15545 if (rc != TPM_RC_SUCCESS) { 15546 error_reporter.Run(rc); 15547 return; 15548 } 15549 transceiver_->SendCommand(command, parser); 15550 } 15551 15552 TPM_RC Tpm::HashSequenceStartSync( 15553 const TPM2B_AUTH& auth, 15554 const TPMI_ALG_HASH& hash_alg, 15555 TPMI_DH_OBJECT* sequence_handle, 15556 AuthorizationDelegate* authorization_delegate) { 15557 VLOG(1) << __func__; 15558 std::string command; 15559 TPM_RC rc = SerializeCommand_HashSequenceStart(auth, hash_alg, &command, 15560 authorization_delegate); 15561 if (rc != TPM_RC_SUCCESS) { 15562 return rc; 15563 } 15564 std::string response = transceiver_->SendCommandAndWait(command); 15565 rc = ParseResponse_HashSequenceStart(response, sequence_handle, 15566 authorization_delegate); 15567 return rc; 15568 } 15569 15570 TPM_RC Tpm::SerializeCommand_SequenceUpdate( 15571 const TPMI_DH_OBJECT& sequence_handle, 15572 const std::string& sequence_handle_name, 15573 const TPM2B_MAX_BUFFER& buffer, 15574 std::string* serialized_command, 15575 AuthorizationDelegate* authorization_delegate) { 15576 VLOG(3) << __func__; 15577 TPM_RC rc = TPM_RC_SUCCESS; 15578 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15579 UINT32 command_size = 10; // Header size. 15580 std::string handle_section_bytes; 15581 std::string parameter_section_bytes; 15582 TPM_CC command_code = TPM_CC_SequenceUpdate; 15583 bool is_command_parameter_encryption_possible = true; 15584 bool is_response_parameter_encryption_possible = false; 15585 std::string command_code_bytes; 15586 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15587 if (rc != TPM_RC_SUCCESS) { 15588 return rc; 15589 } 15590 std::string sequence_handle_bytes; 15591 rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes); 15592 if (rc != TPM_RC_SUCCESS) { 15593 return rc; 15594 } 15595 std::string buffer_bytes; 15596 rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes); 15597 if (rc != TPM_RC_SUCCESS) { 15598 return rc; 15599 } 15600 if (authorization_delegate) { 15601 // Encrypt just the parameter data, not the size. 15602 std::string tmp = buffer_bytes.substr(2); 15603 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15604 return TRUNKS_RC_ENCRYPTION_FAILED; 15605 } 15606 buffer_bytes.replace(2, std::string::npos, tmp); 15607 } 15608 std::unique_ptr<crypto::SecureHash> hash( 15609 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15610 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15611 hash->Update(sequence_handle_name.data(), sequence_handle_name.size()); 15612 handle_section_bytes += sequence_handle_bytes; 15613 command_size += sequence_handle_bytes.size(); 15614 hash->Update(buffer_bytes.data(), buffer_bytes.size()); 15615 parameter_section_bytes += buffer_bytes; 15616 command_size += buffer_bytes.size(); 15617 std::string command_hash(32, 0); 15618 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15619 std::string authorization_section_bytes; 15620 std::string authorization_size_bytes; 15621 if (authorization_delegate) { 15622 if (!authorization_delegate->GetCommandAuthorization( 15623 command_hash, is_command_parameter_encryption_possible, 15624 is_response_parameter_encryption_possible, 15625 &authorization_section_bytes)) { 15626 return TRUNKS_RC_AUTHORIZATION_FAILED; 15627 } 15628 if (!authorization_section_bytes.empty()) { 15629 tag = TPM_ST_SESSIONS; 15630 std::string tmp; 15631 rc = Serialize_UINT32(authorization_section_bytes.size(), 15632 &authorization_size_bytes); 15633 if (rc != TPM_RC_SUCCESS) { 15634 return rc; 15635 } 15636 command_size += 15637 authorization_size_bytes.size() + authorization_section_bytes.size(); 15638 } 15639 } 15640 std::string tag_bytes; 15641 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 15642 if (rc != TPM_RC_SUCCESS) { 15643 return rc; 15644 } 15645 std::string command_size_bytes; 15646 rc = Serialize_UINT32(command_size, &command_size_bytes); 15647 if (rc != TPM_RC_SUCCESS) { 15648 return rc; 15649 } 15650 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 15651 handle_section_bytes + authorization_size_bytes + 15652 authorization_section_bytes + parameter_section_bytes; 15653 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15654 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15655 serialized_command->size()); 15656 return TPM_RC_SUCCESS; 15657 } 15658 15659 TPM_RC Tpm::ParseResponse_SequenceUpdate( 15660 const std::string& response, 15661 AuthorizationDelegate* authorization_delegate) { 15662 VLOG(3) << __func__; 15663 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15664 TPM_RC rc = TPM_RC_SUCCESS; 15665 std::string buffer(response); 15666 TPM_ST tag; 15667 std::string tag_bytes; 15668 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 15669 if (rc != TPM_RC_SUCCESS) { 15670 return rc; 15671 } 15672 UINT32 response_size; 15673 std::string response_size_bytes; 15674 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 15675 if (rc != TPM_RC_SUCCESS) { 15676 return rc; 15677 } 15678 TPM_RC response_code; 15679 std::string response_code_bytes; 15680 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 15681 if (rc != TPM_RC_SUCCESS) { 15682 return rc; 15683 } 15684 if (response_size != response.size()) { 15685 return TPM_RC_SIZE; 15686 } 15687 if (response_code != TPM_RC_SUCCESS) { 15688 return response_code; 15689 } 15690 TPM_CC command_code = TPM_CC_SequenceUpdate; 15691 std::string command_code_bytes; 15692 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15693 if (rc != TPM_RC_SUCCESS) { 15694 return rc; 15695 } 15696 std::string authorization_section_bytes; 15697 if (tag == TPM_ST_SESSIONS) { 15698 UINT32 parameter_section_size = buffer.size(); 15699 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15700 if (rc != TPM_RC_SUCCESS) { 15701 return rc; 15702 } 15703 if (parameter_section_size > buffer.size()) { 15704 return TPM_RC_INSUFFICIENT; 15705 } 15706 authorization_section_bytes = buffer.substr(parameter_section_size); 15707 // Keep the parameter section in |buffer|. 15708 buffer.erase(parameter_section_size); 15709 } 15710 std::unique_ptr<crypto::SecureHash> hash( 15711 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15712 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 15713 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15714 hash->Update(buffer.data(), buffer.size()); 15715 std::string response_hash(32, 0); 15716 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15717 if (tag == TPM_ST_SESSIONS) { 15718 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15719 if (!authorization_delegate->CheckResponseAuthorization( 15720 response_hash, authorization_section_bytes)) { 15721 return TRUNKS_RC_AUTHORIZATION_FAILED; 15722 } 15723 } 15724 return TPM_RC_SUCCESS; 15725 } 15726 15727 void SequenceUpdateErrorCallback(const Tpm::SequenceUpdateResponse& callback, 15728 TPM_RC response_code) { 15729 VLOG(1) << __func__; 15730 callback.Run(response_code); 15731 } 15732 15733 void SequenceUpdateResponseParser(const Tpm::SequenceUpdateResponse& callback, 15734 AuthorizationDelegate* authorization_delegate, 15735 const std::string& response) { 15736 VLOG(1) << __func__; 15737 base::Callback<void(TPM_RC)> error_reporter = 15738 base::Bind(SequenceUpdateErrorCallback, callback); 15739 TPM_RC rc = 15740 Tpm::ParseResponse_SequenceUpdate(response, authorization_delegate); 15741 if (rc != TPM_RC_SUCCESS) { 15742 error_reporter.Run(rc); 15743 return; 15744 } 15745 callback.Run(rc); 15746 } 15747 15748 void Tpm::SequenceUpdate(const TPMI_DH_OBJECT& sequence_handle, 15749 const std::string& sequence_handle_name, 15750 const TPM2B_MAX_BUFFER& buffer, 15751 AuthorizationDelegate* authorization_delegate, 15752 const SequenceUpdateResponse& callback) { 15753 VLOG(1) << __func__; 15754 base::Callback<void(TPM_RC)> error_reporter = 15755 base::Bind(SequenceUpdateErrorCallback, callback); 15756 base::Callback<void(const std::string&)> parser = base::Bind( 15757 SequenceUpdateResponseParser, callback, authorization_delegate); 15758 std::string command; 15759 TPM_RC rc = 15760 SerializeCommand_SequenceUpdate(sequence_handle, sequence_handle_name, 15761 buffer, &command, authorization_delegate); 15762 if (rc != TPM_RC_SUCCESS) { 15763 error_reporter.Run(rc); 15764 return; 15765 } 15766 transceiver_->SendCommand(command, parser); 15767 } 15768 15769 TPM_RC Tpm::SequenceUpdateSync(const TPMI_DH_OBJECT& sequence_handle, 15770 const std::string& sequence_handle_name, 15771 const TPM2B_MAX_BUFFER& buffer, 15772 AuthorizationDelegate* authorization_delegate) { 15773 VLOG(1) << __func__; 15774 std::string command; 15775 TPM_RC rc = 15776 SerializeCommand_SequenceUpdate(sequence_handle, sequence_handle_name, 15777 buffer, &command, authorization_delegate); 15778 if (rc != TPM_RC_SUCCESS) { 15779 return rc; 15780 } 15781 std::string response = transceiver_->SendCommandAndWait(command); 15782 rc = ParseResponse_SequenceUpdate(response, authorization_delegate); 15783 return rc; 15784 } 15785 15786 TPM_RC Tpm::SerializeCommand_SequenceComplete( 15787 const TPMI_DH_OBJECT& sequence_handle, 15788 const std::string& sequence_handle_name, 15789 const TPM2B_MAX_BUFFER& buffer, 15790 const TPMI_RH_HIERARCHY& hierarchy, 15791 std::string* serialized_command, 15792 AuthorizationDelegate* authorization_delegate) { 15793 VLOG(3) << __func__; 15794 TPM_RC rc = TPM_RC_SUCCESS; 15795 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15796 UINT32 command_size = 10; // Header size. 15797 std::string handle_section_bytes; 15798 std::string parameter_section_bytes; 15799 TPM_CC command_code = TPM_CC_SequenceComplete; 15800 bool is_command_parameter_encryption_possible = true; 15801 bool is_response_parameter_encryption_possible = true; 15802 std::string command_code_bytes; 15803 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15804 if (rc != TPM_RC_SUCCESS) { 15805 return rc; 15806 } 15807 std::string sequence_handle_bytes; 15808 rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes); 15809 if (rc != TPM_RC_SUCCESS) { 15810 return rc; 15811 } 15812 std::string buffer_bytes; 15813 rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes); 15814 if (rc != TPM_RC_SUCCESS) { 15815 return rc; 15816 } 15817 std::string hierarchy_bytes; 15818 rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes); 15819 if (rc != TPM_RC_SUCCESS) { 15820 return rc; 15821 } 15822 if (authorization_delegate) { 15823 // Encrypt just the parameter data, not the size. 15824 std::string tmp = buffer_bytes.substr(2); 15825 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15826 return TRUNKS_RC_ENCRYPTION_FAILED; 15827 } 15828 buffer_bytes.replace(2, std::string::npos, tmp); 15829 } 15830 std::unique_ptr<crypto::SecureHash> hash( 15831 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15832 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15833 hash->Update(sequence_handle_name.data(), sequence_handle_name.size()); 15834 handle_section_bytes += sequence_handle_bytes; 15835 command_size += sequence_handle_bytes.size(); 15836 hash->Update(buffer_bytes.data(), buffer_bytes.size()); 15837 parameter_section_bytes += buffer_bytes; 15838 command_size += buffer_bytes.size(); 15839 hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size()); 15840 parameter_section_bytes += hierarchy_bytes; 15841 command_size += hierarchy_bytes.size(); 15842 std::string command_hash(32, 0); 15843 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15844 std::string authorization_section_bytes; 15845 std::string authorization_size_bytes; 15846 if (authorization_delegate) { 15847 if (!authorization_delegate->GetCommandAuthorization( 15848 command_hash, is_command_parameter_encryption_possible, 15849 is_response_parameter_encryption_possible, 15850 &authorization_section_bytes)) { 15851 return TRUNKS_RC_AUTHORIZATION_FAILED; 15852 } 15853 if (!authorization_section_bytes.empty()) { 15854 tag = TPM_ST_SESSIONS; 15855 std::string tmp; 15856 rc = Serialize_UINT32(authorization_section_bytes.size(), 15857 &authorization_size_bytes); 15858 if (rc != TPM_RC_SUCCESS) { 15859 return rc; 15860 } 15861 command_size += 15862 authorization_size_bytes.size() + authorization_section_bytes.size(); 15863 } 15864 } 15865 std::string tag_bytes; 15866 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 15867 if (rc != TPM_RC_SUCCESS) { 15868 return rc; 15869 } 15870 std::string command_size_bytes; 15871 rc = Serialize_UINT32(command_size, &command_size_bytes); 15872 if (rc != TPM_RC_SUCCESS) { 15873 return rc; 15874 } 15875 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 15876 handle_section_bytes + authorization_size_bytes + 15877 authorization_section_bytes + parameter_section_bytes; 15878 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15879 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15880 serialized_command->size()); 15881 return TPM_RC_SUCCESS; 15882 } 15883 15884 TPM_RC Tpm::ParseResponse_SequenceComplete( 15885 const std::string& response, 15886 TPM2B_DIGEST* result, 15887 TPMT_TK_HASHCHECK* validation, 15888 AuthorizationDelegate* authorization_delegate) { 15889 VLOG(3) << __func__; 15890 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15891 TPM_RC rc = TPM_RC_SUCCESS; 15892 std::string buffer(response); 15893 TPM_ST tag; 15894 std::string tag_bytes; 15895 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 15896 if (rc != TPM_RC_SUCCESS) { 15897 return rc; 15898 } 15899 UINT32 response_size; 15900 std::string response_size_bytes; 15901 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 15902 if (rc != TPM_RC_SUCCESS) { 15903 return rc; 15904 } 15905 TPM_RC response_code; 15906 std::string response_code_bytes; 15907 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 15908 if (rc != TPM_RC_SUCCESS) { 15909 return rc; 15910 } 15911 if (response_size != response.size()) { 15912 return TPM_RC_SIZE; 15913 } 15914 if (response_code != TPM_RC_SUCCESS) { 15915 return response_code; 15916 } 15917 TPM_CC command_code = TPM_CC_SequenceComplete; 15918 std::string command_code_bytes; 15919 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 15920 if (rc != TPM_RC_SUCCESS) { 15921 return rc; 15922 } 15923 std::string authorization_section_bytes; 15924 if (tag == TPM_ST_SESSIONS) { 15925 UINT32 parameter_section_size = buffer.size(); 15926 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15927 if (rc != TPM_RC_SUCCESS) { 15928 return rc; 15929 } 15930 if (parameter_section_size > buffer.size()) { 15931 return TPM_RC_INSUFFICIENT; 15932 } 15933 authorization_section_bytes = buffer.substr(parameter_section_size); 15934 // Keep the parameter section in |buffer|. 15935 buffer.erase(parameter_section_size); 15936 } 15937 std::unique_ptr<crypto::SecureHash> hash( 15938 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 15939 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 15940 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 15941 hash->Update(buffer.data(), buffer.size()); 15942 std::string response_hash(32, 0); 15943 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15944 if (tag == TPM_ST_SESSIONS) { 15945 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15946 if (!authorization_delegate->CheckResponseAuthorization( 15947 response_hash, authorization_section_bytes)) { 15948 return TRUNKS_RC_AUTHORIZATION_FAILED; 15949 } 15950 } 15951 std::string result_bytes; 15952 rc = Parse_TPM2B_DIGEST(&buffer, result, &result_bytes); 15953 if (rc != TPM_RC_SUCCESS) { 15954 return rc; 15955 } 15956 std::string validation_bytes; 15957 rc = Parse_TPMT_TK_HASHCHECK(&buffer, validation, &validation_bytes); 15958 if (rc != TPM_RC_SUCCESS) { 15959 return rc; 15960 } 15961 if (tag == TPM_ST_SESSIONS) { 15962 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15963 // Decrypt just the parameter data, not the size. 15964 std::string tmp = result_bytes.substr(2); 15965 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 15966 return TRUNKS_RC_ENCRYPTION_FAILED; 15967 } 15968 result_bytes.replace(2, std::string::npos, tmp); 15969 rc = Parse_TPM2B_DIGEST(&result_bytes, result, nullptr); 15970 if (rc != TPM_RC_SUCCESS) { 15971 return rc; 15972 } 15973 } 15974 return TPM_RC_SUCCESS; 15975 } 15976 15977 void SequenceCompleteErrorCallback( 15978 const Tpm::SequenceCompleteResponse& callback, 15979 TPM_RC response_code) { 15980 VLOG(1) << __func__; 15981 callback.Run(response_code, TPM2B_DIGEST(), TPMT_TK_HASHCHECK()); 15982 } 15983 15984 void SequenceCompleteResponseParser( 15985 const Tpm::SequenceCompleteResponse& callback, 15986 AuthorizationDelegate* authorization_delegate, 15987 const std::string& response) { 15988 VLOG(1) << __func__; 15989 base::Callback<void(TPM_RC)> error_reporter = 15990 base::Bind(SequenceCompleteErrorCallback, callback); 15991 TPM2B_DIGEST result; 15992 TPMT_TK_HASHCHECK validation; 15993 TPM_RC rc = Tpm::ParseResponse_SequenceComplete( 15994 response, &result, &validation, authorization_delegate); 15995 if (rc != TPM_RC_SUCCESS) { 15996 error_reporter.Run(rc); 15997 return; 15998 } 15999 callback.Run(rc, result, validation); 16000 } 16001 16002 void Tpm::SequenceComplete(const TPMI_DH_OBJECT& sequence_handle, 16003 const std::string& sequence_handle_name, 16004 const TPM2B_MAX_BUFFER& buffer, 16005 const TPMI_RH_HIERARCHY& hierarchy, 16006 AuthorizationDelegate* authorization_delegate, 16007 const SequenceCompleteResponse& callback) { 16008 VLOG(1) << __func__; 16009 base::Callback<void(TPM_RC)> error_reporter = 16010 base::Bind(SequenceCompleteErrorCallback, callback); 16011 base::Callback<void(const std::string&)> parser = base::Bind( 16012 SequenceCompleteResponseParser, callback, authorization_delegate); 16013 std::string command; 16014 TPM_RC rc = SerializeCommand_SequenceComplete( 16015 sequence_handle, sequence_handle_name, buffer, hierarchy, &command, 16016 authorization_delegate); 16017 if (rc != TPM_RC_SUCCESS) { 16018 error_reporter.Run(rc); 16019 return; 16020 } 16021 transceiver_->SendCommand(command, parser); 16022 } 16023 16024 TPM_RC Tpm::SequenceCompleteSync( 16025 const TPMI_DH_OBJECT& sequence_handle, 16026 const std::string& sequence_handle_name, 16027 const TPM2B_MAX_BUFFER& buffer, 16028 const TPMI_RH_HIERARCHY& hierarchy, 16029 TPM2B_DIGEST* result, 16030 TPMT_TK_HASHCHECK* validation, 16031 AuthorizationDelegate* authorization_delegate) { 16032 VLOG(1) << __func__; 16033 std::string command; 16034 TPM_RC rc = SerializeCommand_SequenceComplete( 16035 sequence_handle, sequence_handle_name, buffer, hierarchy, &command, 16036 authorization_delegate); 16037 if (rc != TPM_RC_SUCCESS) { 16038 return rc; 16039 } 16040 std::string response = transceiver_->SendCommandAndWait(command); 16041 rc = ParseResponse_SequenceComplete(response, result, validation, 16042 authorization_delegate); 16043 return rc; 16044 } 16045 16046 TPM_RC Tpm::SerializeCommand_EventSequenceComplete( 16047 const TPMI_DH_PCR& pcr_handle, 16048 const std::string& pcr_handle_name, 16049 const TPMI_DH_OBJECT& sequence_handle, 16050 const std::string& sequence_handle_name, 16051 const TPM2B_MAX_BUFFER& buffer, 16052 std::string* serialized_command, 16053 AuthorizationDelegate* authorization_delegate) { 16054 VLOG(3) << __func__; 16055 TPM_RC rc = TPM_RC_SUCCESS; 16056 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16057 UINT32 command_size = 10; // Header size. 16058 std::string handle_section_bytes; 16059 std::string parameter_section_bytes; 16060 TPM_CC command_code = TPM_CC_EventSequenceComplete; 16061 bool is_command_parameter_encryption_possible = true; 16062 bool is_response_parameter_encryption_possible = false; 16063 std::string command_code_bytes; 16064 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16065 if (rc != TPM_RC_SUCCESS) { 16066 return rc; 16067 } 16068 std::string pcr_handle_bytes; 16069 rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes); 16070 if (rc != TPM_RC_SUCCESS) { 16071 return rc; 16072 } 16073 std::string sequence_handle_bytes; 16074 rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes); 16075 if (rc != TPM_RC_SUCCESS) { 16076 return rc; 16077 } 16078 std::string buffer_bytes; 16079 rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes); 16080 if (rc != TPM_RC_SUCCESS) { 16081 return rc; 16082 } 16083 if (authorization_delegate) { 16084 // Encrypt just the parameter data, not the size. 16085 std::string tmp = buffer_bytes.substr(2); 16086 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 16087 return TRUNKS_RC_ENCRYPTION_FAILED; 16088 } 16089 buffer_bytes.replace(2, std::string::npos, tmp); 16090 } 16091 std::unique_ptr<crypto::SecureHash> hash( 16092 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16093 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16094 hash->Update(pcr_handle_name.data(), pcr_handle_name.size()); 16095 handle_section_bytes += pcr_handle_bytes; 16096 command_size += pcr_handle_bytes.size(); 16097 hash->Update(sequence_handle_name.data(), sequence_handle_name.size()); 16098 handle_section_bytes += sequence_handle_bytes; 16099 command_size += sequence_handle_bytes.size(); 16100 hash->Update(buffer_bytes.data(), buffer_bytes.size()); 16101 parameter_section_bytes += buffer_bytes; 16102 command_size += buffer_bytes.size(); 16103 std::string command_hash(32, 0); 16104 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16105 std::string authorization_section_bytes; 16106 std::string authorization_size_bytes; 16107 if (authorization_delegate) { 16108 if (!authorization_delegate->GetCommandAuthorization( 16109 command_hash, is_command_parameter_encryption_possible, 16110 is_response_parameter_encryption_possible, 16111 &authorization_section_bytes)) { 16112 return TRUNKS_RC_AUTHORIZATION_FAILED; 16113 } 16114 if (!authorization_section_bytes.empty()) { 16115 tag = TPM_ST_SESSIONS; 16116 std::string tmp; 16117 rc = Serialize_UINT32(authorization_section_bytes.size(), 16118 &authorization_size_bytes); 16119 if (rc != TPM_RC_SUCCESS) { 16120 return rc; 16121 } 16122 command_size += 16123 authorization_size_bytes.size() + authorization_section_bytes.size(); 16124 } 16125 } 16126 std::string tag_bytes; 16127 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 16128 if (rc != TPM_RC_SUCCESS) { 16129 return rc; 16130 } 16131 std::string command_size_bytes; 16132 rc = Serialize_UINT32(command_size, &command_size_bytes); 16133 if (rc != TPM_RC_SUCCESS) { 16134 return rc; 16135 } 16136 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 16137 handle_section_bytes + authorization_size_bytes + 16138 authorization_section_bytes + parameter_section_bytes; 16139 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16140 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16141 serialized_command->size()); 16142 return TPM_RC_SUCCESS; 16143 } 16144 16145 TPM_RC Tpm::ParseResponse_EventSequenceComplete( 16146 const std::string& response, 16147 TPML_DIGEST_VALUES* results, 16148 AuthorizationDelegate* authorization_delegate) { 16149 VLOG(3) << __func__; 16150 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16151 TPM_RC rc = TPM_RC_SUCCESS; 16152 std::string buffer(response); 16153 TPM_ST tag; 16154 std::string tag_bytes; 16155 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 16156 if (rc != TPM_RC_SUCCESS) { 16157 return rc; 16158 } 16159 UINT32 response_size; 16160 std::string response_size_bytes; 16161 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 16162 if (rc != TPM_RC_SUCCESS) { 16163 return rc; 16164 } 16165 TPM_RC response_code; 16166 std::string response_code_bytes; 16167 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 16168 if (rc != TPM_RC_SUCCESS) { 16169 return rc; 16170 } 16171 if (response_size != response.size()) { 16172 return TPM_RC_SIZE; 16173 } 16174 if (response_code != TPM_RC_SUCCESS) { 16175 return response_code; 16176 } 16177 TPM_CC command_code = TPM_CC_EventSequenceComplete; 16178 std::string command_code_bytes; 16179 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16180 if (rc != TPM_RC_SUCCESS) { 16181 return rc; 16182 } 16183 std::string authorization_section_bytes; 16184 if (tag == TPM_ST_SESSIONS) { 16185 UINT32 parameter_section_size = buffer.size(); 16186 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16187 if (rc != TPM_RC_SUCCESS) { 16188 return rc; 16189 } 16190 if (parameter_section_size > buffer.size()) { 16191 return TPM_RC_INSUFFICIENT; 16192 } 16193 authorization_section_bytes = buffer.substr(parameter_section_size); 16194 // Keep the parameter section in |buffer|. 16195 buffer.erase(parameter_section_size); 16196 } 16197 std::unique_ptr<crypto::SecureHash> hash( 16198 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16199 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 16200 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16201 hash->Update(buffer.data(), buffer.size()); 16202 std::string response_hash(32, 0); 16203 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16204 if (tag == TPM_ST_SESSIONS) { 16205 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16206 if (!authorization_delegate->CheckResponseAuthorization( 16207 response_hash, authorization_section_bytes)) { 16208 return TRUNKS_RC_AUTHORIZATION_FAILED; 16209 } 16210 } 16211 std::string results_bytes; 16212 rc = Parse_TPML_DIGEST_VALUES(&buffer, results, &results_bytes); 16213 if (rc != TPM_RC_SUCCESS) { 16214 return rc; 16215 } 16216 return TPM_RC_SUCCESS; 16217 } 16218 16219 void EventSequenceCompleteErrorCallback( 16220 const Tpm::EventSequenceCompleteResponse& callback, 16221 TPM_RC response_code) { 16222 VLOG(1) << __func__; 16223 callback.Run(response_code, TPML_DIGEST_VALUES()); 16224 } 16225 16226 void EventSequenceCompleteResponseParser( 16227 const Tpm::EventSequenceCompleteResponse& callback, 16228 AuthorizationDelegate* authorization_delegate, 16229 const std::string& response) { 16230 VLOG(1) << __func__; 16231 base::Callback<void(TPM_RC)> error_reporter = 16232 base::Bind(EventSequenceCompleteErrorCallback, callback); 16233 TPML_DIGEST_VALUES results; 16234 TPM_RC rc = Tpm::ParseResponse_EventSequenceComplete(response, &results, 16235 authorization_delegate); 16236 if (rc != TPM_RC_SUCCESS) { 16237 error_reporter.Run(rc); 16238 return; 16239 } 16240 callback.Run(rc, results); 16241 } 16242 16243 void Tpm::EventSequenceComplete(const TPMI_DH_PCR& pcr_handle, 16244 const std::string& pcr_handle_name, 16245 const TPMI_DH_OBJECT& sequence_handle, 16246 const std::string& sequence_handle_name, 16247 const TPM2B_MAX_BUFFER& buffer, 16248 AuthorizationDelegate* authorization_delegate, 16249 const EventSequenceCompleteResponse& callback) { 16250 VLOG(1) << __func__; 16251 base::Callback<void(TPM_RC)> error_reporter = 16252 base::Bind(EventSequenceCompleteErrorCallback, callback); 16253 base::Callback<void(const std::string&)> parser = base::Bind( 16254 EventSequenceCompleteResponseParser, callback, authorization_delegate); 16255 std::string command; 16256 TPM_RC rc = SerializeCommand_EventSequenceComplete( 16257 pcr_handle, pcr_handle_name, sequence_handle, sequence_handle_name, 16258 buffer, &command, authorization_delegate); 16259 if (rc != TPM_RC_SUCCESS) { 16260 error_reporter.Run(rc); 16261 return; 16262 } 16263 transceiver_->SendCommand(command, parser); 16264 } 16265 16266 TPM_RC Tpm::EventSequenceCompleteSync( 16267 const TPMI_DH_PCR& pcr_handle, 16268 const std::string& pcr_handle_name, 16269 const TPMI_DH_OBJECT& sequence_handle, 16270 const std::string& sequence_handle_name, 16271 const TPM2B_MAX_BUFFER& buffer, 16272 TPML_DIGEST_VALUES* results, 16273 AuthorizationDelegate* authorization_delegate) { 16274 VLOG(1) << __func__; 16275 std::string command; 16276 TPM_RC rc = SerializeCommand_EventSequenceComplete( 16277 pcr_handle, pcr_handle_name, sequence_handle, sequence_handle_name, 16278 buffer, &command, authorization_delegate); 16279 if (rc != TPM_RC_SUCCESS) { 16280 return rc; 16281 } 16282 std::string response = transceiver_->SendCommandAndWait(command); 16283 rc = ParseResponse_EventSequenceComplete(response, results, 16284 authorization_delegate); 16285 return rc; 16286 } 16287 16288 TPM_RC Tpm::SerializeCommand_Certify( 16289 const TPMI_DH_OBJECT& object_handle, 16290 const std::string& object_handle_name, 16291 const TPMI_DH_OBJECT& sign_handle, 16292 const std::string& sign_handle_name, 16293 const TPM2B_DATA& qualifying_data, 16294 const TPMT_SIG_SCHEME& in_scheme, 16295 std::string* serialized_command, 16296 AuthorizationDelegate* authorization_delegate) { 16297 VLOG(3) << __func__; 16298 TPM_RC rc = TPM_RC_SUCCESS; 16299 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16300 UINT32 command_size = 10; // Header size. 16301 std::string handle_section_bytes; 16302 std::string parameter_section_bytes; 16303 TPM_CC command_code = TPM_CC_Certify; 16304 bool is_command_parameter_encryption_possible = true; 16305 bool is_response_parameter_encryption_possible = true; 16306 std::string command_code_bytes; 16307 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16308 if (rc != TPM_RC_SUCCESS) { 16309 return rc; 16310 } 16311 std::string object_handle_bytes; 16312 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 16313 if (rc != TPM_RC_SUCCESS) { 16314 return rc; 16315 } 16316 std::string sign_handle_bytes; 16317 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 16318 if (rc != TPM_RC_SUCCESS) { 16319 return rc; 16320 } 16321 std::string qualifying_data_bytes; 16322 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 16323 if (rc != TPM_RC_SUCCESS) { 16324 return rc; 16325 } 16326 std::string in_scheme_bytes; 16327 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 16328 if (rc != TPM_RC_SUCCESS) { 16329 return rc; 16330 } 16331 if (authorization_delegate) { 16332 // Encrypt just the parameter data, not the size. 16333 std::string tmp = qualifying_data_bytes.substr(2); 16334 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 16335 return TRUNKS_RC_ENCRYPTION_FAILED; 16336 } 16337 qualifying_data_bytes.replace(2, std::string::npos, tmp); 16338 } 16339 std::unique_ptr<crypto::SecureHash> hash( 16340 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16341 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16342 hash->Update(object_handle_name.data(), object_handle_name.size()); 16343 handle_section_bytes += object_handle_bytes; 16344 command_size += object_handle_bytes.size(); 16345 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 16346 handle_section_bytes += sign_handle_bytes; 16347 command_size += sign_handle_bytes.size(); 16348 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 16349 parameter_section_bytes += qualifying_data_bytes; 16350 command_size += qualifying_data_bytes.size(); 16351 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 16352 parameter_section_bytes += in_scheme_bytes; 16353 command_size += in_scheme_bytes.size(); 16354 std::string command_hash(32, 0); 16355 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16356 std::string authorization_section_bytes; 16357 std::string authorization_size_bytes; 16358 if (authorization_delegate) { 16359 if (!authorization_delegate->GetCommandAuthorization( 16360 command_hash, is_command_parameter_encryption_possible, 16361 is_response_parameter_encryption_possible, 16362 &authorization_section_bytes)) { 16363 return TRUNKS_RC_AUTHORIZATION_FAILED; 16364 } 16365 if (!authorization_section_bytes.empty()) { 16366 tag = TPM_ST_SESSIONS; 16367 std::string tmp; 16368 rc = Serialize_UINT32(authorization_section_bytes.size(), 16369 &authorization_size_bytes); 16370 if (rc != TPM_RC_SUCCESS) { 16371 return rc; 16372 } 16373 command_size += 16374 authorization_size_bytes.size() + authorization_section_bytes.size(); 16375 } 16376 } 16377 std::string tag_bytes; 16378 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 16379 if (rc != TPM_RC_SUCCESS) { 16380 return rc; 16381 } 16382 std::string command_size_bytes; 16383 rc = Serialize_UINT32(command_size, &command_size_bytes); 16384 if (rc != TPM_RC_SUCCESS) { 16385 return rc; 16386 } 16387 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 16388 handle_section_bytes + authorization_size_bytes + 16389 authorization_section_bytes + parameter_section_bytes; 16390 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16391 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16392 serialized_command->size()); 16393 return TPM_RC_SUCCESS; 16394 } 16395 16396 TPM_RC Tpm::ParseResponse_Certify( 16397 const std::string& response, 16398 TPM2B_ATTEST* certify_info, 16399 TPMT_SIGNATURE* signature, 16400 AuthorizationDelegate* authorization_delegate) { 16401 VLOG(3) << __func__; 16402 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16403 TPM_RC rc = TPM_RC_SUCCESS; 16404 std::string buffer(response); 16405 TPM_ST tag; 16406 std::string tag_bytes; 16407 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 16408 if (rc != TPM_RC_SUCCESS) { 16409 return rc; 16410 } 16411 UINT32 response_size; 16412 std::string response_size_bytes; 16413 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 16414 if (rc != TPM_RC_SUCCESS) { 16415 return rc; 16416 } 16417 TPM_RC response_code; 16418 std::string response_code_bytes; 16419 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 16420 if (rc != TPM_RC_SUCCESS) { 16421 return rc; 16422 } 16423 if (response_size != response.size()) { 16424 return TPM_RC_SIZE; 16425 } 16426 if (response_code != TPM_RC_SUCCESS) { 16427 return response_code; 16428 } 16429 TPM_CC command_code = TPM_CC_Certify; 16430 std::string command_code_bytes; 16431 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16432 if (rc != TPM_RC_SUCCESS) { 16433 return rc; 16434 } 16435 std::string authorization_section_bytes; 16436 if (tag == TPM_ST_SESSIONS) { 16437 UINT32 parameter_section_size = buffer.size(); 16438 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16439 if (rc != TPM_RC_SUCCESS) { 16440 return rc; 16441 } 16442 if (parameter_section_size > buffer.size()) { 16443 return TPM_RC_INSUFFICIENT; 16444 } 16445 authorization_section_bytes = buffer.substr(parameter_section_size); 16446 // Keep the parameter section in |buffer|. 16447 buffer.erase(parameter_section_size); 16448 } 16449 std::unique_ptr<crypto::SecureHash> hash( 16450 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16451 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 16452 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16453 hash->Update(buffer.data(), buffer.size()); 16454 std::string response_hash(32, 0); 16455 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16456 if (tag == TPM_ST_SESSIONS) { 16457 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16458 if (!authorization_delegate->CheckResponseAuthorization( 16459 response_hash, authorization_section_bytes)) { 16460 return TRUNKS_RC_AUTHORIZATION_FAILED; 16461 } 16462 } 16463 std::string certify_info_bytes; 16464 rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes); 16465 if (rc != TPM_RC_SUCCESS) { 16466 return rc; 16467 } 16468 std::string signature_bytes; 16469 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 16470 if (rc != TPM_RC_SUCCESS) { 16471 return rc; 16472 } 16473 if (tag == TPM_ST_SESSIONS) { 16474 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16475 // Decrypt just the parameter data, not the size. 16476 std::string tmp = certify_info_bytes.substr(2); 16477 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 16478 return TRUNKS_RC_ENCRYPTION_FAILED; 16479 } 16480 certify_info_bytes.replace(2, std::string::npos, tmp); 16481 rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr); 16482 if (rc != TPM_RC_SUCCESS) { 16483 return rc; 16484 } 16485 } 16486 return TPM_RC_SUCCESS; 16487 } 16488 16489 void CertifyErrorCallback(const Tpm::CertifyResponse& callback, 16490 TPM_RC response_code) { 16491 VLOG(1) << __func__; 16492 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 16493 } 16494 16495 void CertifyResponseParser(const Tpm::CertifyResponse& callback, 16496 AuthorizationDelegate* authorization_delegate, 16497 const std::string& response) { 16498 VLOG(1) << __func__; 16499 base::Callback<void(TPM_RC)> error_reporter = 16500 base::Bind(CertifyErrorCallback, callback); 16501 TPM2B_ATTEST certify_info; 16502 TPMT_SIGNATURE signature; 16503 TPM_RC rc = Tpm::ParseResponse_Certify(response, &certify_info, &signature, 16504 authorization_delegate); 16505 if (rc != TPM_RC_SUCCESS) { 16506 error_reporter.Run(rc); 16507 return; 16508 } 16509 callback.Run(rc, certify_info, signature); 16510 } 16511 16512 void Tpm::Certify(const TPMI_DH_OBJECT& object_handle, 16513 const std::string& object_handle_name, 16514 const TPMI_DH_OBJECT& sign_handle, 16515 const std::string& sign_handle_name, 16516 const TPM2B_DATA& qualifying_data, 16517 const TPMT_SIG_SCHEME& in_scheme, 16518 AuthorizationDelegate* authorization_delegate, 16519 const CertifyResponse& callback) { 16520 VLOG(1) << __func__; 16521 base::Callback<void(TPM_RC)> error_reporter = 16522 base::Bind(CertifyErrorCallback, callback); 16523 base::Callback<void(const std::string&)> parser = 16524 base::Bind(CertifyResponseParser, callback, authorization_delegate); 16525 std::string command; 16526 TPM_RC rc = SerializeCommand_Certify( 16527 object_handle, object_handle_name, sign_handle, sign_handle_name, 16528 qualifying_data, in_scheme, &command, authorization_delegate); 16529 if (rc != TPM_RC_SUCCESS) { 16530 error_reporter.Run(rc); 16531 return; 16532 } 16533 transceiver_->SendCommand(command, parser); 16534 } 16535 16536 TPM_RC Tpm::CertifySync(const TPMI_DH_OBJECT& object_handle, 16537 const std::string& object_handle_name, 16538 const TPMI_DH_OBJECT& sign_handle, 16539 const std::string& sign_handle_name, 16540 const TPM2B_DATA& qualifying_data, 16541 const TPMT_SIG_SCHEME& in_scheme, 16542 TPM2B_ATTEST* certify_info, 16543 TPMT_SIGNATURE* signature, 16544 AuthorizationDelegate* authorization_delegate) { 16545 VLOG(1) << __func__; 16546 std::string command; 16547 TPM_RC rc = SerializeCommand_Certify( 16548 object_handle, object_handle_name, sign_handle, sign_handle_name, 16549 qualifying_data, in_scheme, &command, authorization_delegate); 16550 if (rc != TPM_RC_SUCCESS) { 16551 return rc; 16552 } 16553 std::string response = transceiver_->SendCommandAndWait(command); 16554 rc = ParseResponse_Certify(response, certify_info, signature, 16555 authorization_delegate); 16556 return rc; 16557 } 16558 16559 TPM_RC Tpm::SerializeCommand_CertifyCreation( 16560 const TPMI_DH_OBJECT& sign_handle, 16561 const std::string& sign_handle_name, 16562 const TPMI_DH_OBJECT& object_handle, 16563 const std::string& object_handle_name, 16564 const TPM2B_DATA& qualifying_data, 16565 const TPM2B_DIGEST& creation_hash, 16566 const TPMT_SIG_SCHEME& in_scheme, 16567 const TPMT_TK_CREATION& creation_ticket, 16568 std::string* serialized_command, 16569 AuthorizationDelegate* authorization_delegate) { 16570 VLOG(3) << __func__; 16571 TPM_RC rc = TPM_RC_SUCCESS; 16572 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16573 UINT32 command_size = 10; // Header size. 16574 std::string handle_section_bytes; 16575 std::string parameter_section_bytes; 16576 TPM_CC command_code = TPM_CC_CertifyCreation; 16577 bool is_command_parameter_encryption_possible = true; 16578 bool is_response_parameter_encryption_possible = true; 16579 std::string command_code_bytes; 16580 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16581 if (rc != TPM_RC_SUCCESS) { 16582 return rc; 16583 } 16584 std::string sign_handle_bytes; 16585 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 16586 if (rc != TPM_RC_SUCCESS) { 16587 return rc; 16588 } 16589 std::string object_handle_bytes; 16590 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 16591 if (rc != TPM_RC_SUCCESS) { 16592 return rc; 16593 } 16594 std::string qualifying_data_bytes; 16595 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 16596 if (rc != TPM_RC_SUCCESS) { 16597 return rc; 16598 } 16599 std::string creation_hash_bytes; 16600 rc = Serialize_TPM2B_DIGEST(creation_hash, &creation_hash_bytes); 16601 if (rc != TPM_RC_SUCCESS) { 16602 return rc; 16603 } 16604 std::string in_scheme_bytes; 16605 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 16606 if (rc != TPM_RC_SUCCESS) { 16607 return rc; 16608 } 16609 std::string creation_ticket_bytes; 16610 rc = Serialize_TPMT_TK_CREATION(creation_ticket, &creation_ticket_bytes); 16611 if (rc != TPM_RC_SUCCESS) { 16612 return rc; 16613 } 16614 if (authorization_delegate) { 16615 // Encrypt just the parameter data, not the size. 16616 std::string tmp = qualifying_data_bytes.substr(2); 16617 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 16618 return TRUNKS_RC_ENCRYPTION_FAILED; 16619 } 16620 qualifying_data_bytes.replace(2, std::string::npos, tmp); 16621 } 16622 std::unique_ptr<crypto::SecureHash> hash( 16623 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16624 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16625 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 16626 handle_section_bytes += sign_handle_bytes; 16627 command_size += sign_handle_bytes.size(); 16628 hash->Update(object_handle_name.data(), object_handle_name.size()); 16629 handle_section_bytes += object_handle_bytes; 16630 command_size += object_handle_bytes.size(); 16631 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 16632 parameter_section_bytes += qualifying_data_bytes; 16633 command_size += qualifying_data_bytes.size(); 16634 hash->Update(creation_hash_bytes.data(), creation_hash_bytes.size()); 16635 parameter_section_bytes += creation_hash_bytes; 16636 command_size += creation_hash_bytes.size(); 16637 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 16638 parameter_section_bytes += in_scheme_bytes; 16639 command_size += in_scheme_bytes.size(); 16640 hash->Update(creation_ticket_bytes.data(), creation_ticket_bytes.size()); 16641 parameter_section_bytes += creation_ticket_bytes; 16642 command_size += creation_ticket_bytes.size(); 16643 std::string command_hash(32, 0); 16644 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16645 std::string authorization_section_bytes; 16646 std::string authorization_size_bytes; 16647 if (authorization_delegate) { 16648 if (!authorization_delegate->GetCommandAuthorization( 16649 command_hash, is_command_parameter_encryption_possible, 16650 is_response_parameter_encryption_possible, 16651 &authorization_section_bytes)) { 16652 return TRUNKS_RC_AUTHORIZATION_FAILED; 16653 } 16654 if (!authorization_section_bytes.empty()) { 16655 tag = TPM_ST_SESSIONS; 16656 std::string tmp; 16657 rc = Serialize_UINT32(authorization_section_bytes.size(), 16658 &authorization_size_bytes); 16659 if (rc != TPM_RC_SUCCESS) { 16660 return rc; 16661 } 16662 command_size += 16663 authorization_size_bytes.size() + authorization_section_bytes.size(); 16664 } 16665 } 16666 std::string tag_bytes; 16667 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 16668 if (rc != TPM_RC_SUCCESS) { 16669 return rc; 16670 } 16671 std::string command_size_bytes; 16672 rc = Serialize_UINT32(command_size, &command_size_bytes); 16673 if (rc != TPM_RC_SUCCESS) { 16674 return rc; 16675 } 16676 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 16677 handle_section_bytes + authorization_size_bytes + 16678 authorization_section_bytes + parameter_section_bytes; 16679 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16680 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16681 serialized_command->size()); 16682 return TPM_RC_SUCCESS; 16683 } 16684 16685 TPM_RC Tpm::ParseResponse_CertifyCreation( 16686 const std::string& response, 16687 TPM2B_ATTEST* certify_info, 16688 TPMT_SIGNATURE* signature, 16689 AuthorizationDelegate* authorization_delegate) { 16690 VLOG(3) << __func__; 16691 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16692 TPM_RC rc = TPM_RC_SUCCESS; 16693 std::string buffer(response); 16694 TPM_ST tag; 16695 std::string tag_bytes; 16696 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 16697 if (rc != TPM_RC_SUCCESS) { 16698 return rc; 16699 } 16700 UINT32 response_size; 16701 std::string response_size_bytes; 16702 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 16703 if (rc != TPM_RC_SUCCESS) { 16704 return rc; 16705 } 16706 TPM_RC response_code; 16707 std::string response_code_bytes; 16708 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 16709 if (rc != TPM_RC_SUCCESS) { 16710 return rc; 16711 } 16712 if (response_size != response.size()) { 16713 return TPM_RC_SIZE; 16714 } 16715 if (response_code != TPM_RC_SUCCESS) { 16716 return response_code; 16717 } 16718 TPM_CC command_code = TPM_CC_CertifyCreation; 16719 std::string command_code_bytes; 16720 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16721 if (rc != TPM_RC_SUCCESS) { 16722 return rc; 16723 } 16724 std::string authorization_section_bytes; 16725 if (tag == TPM_ST_SESSIONS) { 16726 UINT32 parameter_section_size = buffer.size(); 16727 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16728 if (rc != TPM_RC_SUCCESS) { 16729 return rc; 16730 } 16731 if (parameter_section_size > buffer.size()) { 16732 return TPM_RC_INSUFFICIENT; 16733 } 16734 authorization_section_bytes = buffer.substr(parameter_section_size); 16735 // Keep the parameter section in |buffer|. 16736 buffer.erase(parameter_section_size); 16737 } 16738 std::unique_ptr<crypto::SecureHash> hash( 16739 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16740 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 16741 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16742 hash->Update(buffer.data(), buffer.size()); 16743 std::string response_hash(32, 0); 16744 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16745 if (tag == TPM_ST_SESSIONS) { 16746 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16747 if (!authorization_delegate->CheckResponseAuthorization( 16748 response_hash, authorization_section_bytes)) { 16749 return TRUNKS_RC_AUTHORIZATION_FAILED; 16750 } 16751 } 16752 std::string certify_info_bytes; 16753 rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes); 16754 if (rc != TPM_RC_SUCCESS) { 16755 return rc; 16756 } 16757 std::string signature_bytes; 16758 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 16759 if (rc != TPM_RC_SUCCESS) { 16760 return rc; 16761 } 16762 if (tag == TPM_ST_SESSIONS) { 16763 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16764 // Decrypt just the parameter data, not the size. 16765 std::string tmp = certify_info_bytes.substr(2); 16766 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 16767 return TRUNKS_RC_ENCRYPTION_FAILED; 16768 } 16769 certify_info_bytes.replace(2, std::string::npos, tmp); 16770 rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr); 16771 if (rc != TPM_RC_SUCCESS) { 16772 return rc; 16773 } 16774 } 16775 return TPM_RC_SUCCESS; 16776 } 16777 16778 void CertifyCreationErrorCallback(const Tpm::CertifyCreationResponse& callback, 16779 TPM_RC response_code) { 16780 VLOG(1) << __func__; 16781 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 16782 } 16783 16784 void CertifyCreationResponseParser( 16785 const Tpm::CertifyCreationResponse& callback, 16786 AuthorizationDelegate* authorization_delegate, 16787 const std::string& response) { 16788 VLOG(1) << __func__; 16789 base::Callback<void(TPM_RC)> error_reporter = 16790 base::Bind(CertifyCreationErrorCallback, callback); 16791 TPM2B_ATTEST certify_info; 16792 TPMT_SIGNATURE signature; 16793 TPM_RC rc = Tpm::ParseResponse_CertifyCreation( 16794 response, &certify_info, &signature, authorization_delegate); 16795 if (rc != TPM_RC_SUCCESS) { 16796 error_reporter.Run(rc); 16797 return; 16798 } 16799 callback.Run(rc, certify_info, signature); 16800 } 16801 16802 void Tpm::CertifyCreation(const TPMI_DH_OBJECT& sign_handle, 16803 const std::string& sign_handle_name, 16804 const TPMI_DH_OBJECT& object_handle, 16805 const std::string& object_handle_name, 16806 const TPM2B_DATA& qualifying_data, 16807 const TPM2B_DIGEST& creation_hash, 16808 const TPMT_SIG_SCHEME& in_scheme, 16809 const TPMT_TK_CREATION& creation_ticket, 16810 AuthorizationDelegate* authorization_delegate, 16811 const CertifyCreationResponse& callback) { 16812 VLOG(1) << __func__; 16813 base::Callback<void(TPM_RC)> error_reporter = 16814 base::Bind(CertifyCreationErrorCallback, callback); 16815 base::Callback<void(const std::string&)> parser = base::Bind( 16816 CertifyCreationResponseParser, callback, authorization_delegate); 16817 std::string command; 16818 TPM_RC rc = SerializeCommand_CertifyCreation( 16819 sign_handle, sign_handle_name, object_handle, object_handle_name, 16820 qualifying_data, creation_hash, in_scheme, creation_ticket, &command, 16821 authorization_delegate); 16822 if (rc != TPM_RC_SUCCESS) { 16823 error_reporter.Run(rc); 16824 return; 16825 } 16826 transceiver_->SendCommand(command, parser); 16827 } 16828 16829 TPM_RC Tpm::CertifyCreationSync(const TPMI_DH_OBJECT& sign_handle, 16830 const std::string& sign_handle_name, 16831 const TPMI_DH_OBJECT& object_handle, 16832 const std::string& object_handle_name, 16833 const TPM2B_DATA& qualifying_data, 16834 const TPM2B_DIGEST& creation_hash, 16835 const TPMT_SIG_SCHEME& in_scheme, 16836 const TPMT_TK_CREATION& creation_ticket, 16837 TPM2B_ATTEST* certify_info, 16838 TPMT_SIGNATURE* signature, 16839 AuthorizationDelegate* authorization_delegate) { 16840 VLOG(1) << __func__; 16841 std::string command; 16842 TPM_RC rc = SerializeCommand_CertifyCreation( 16843 sign_handle, sign_handle_name, object_handle, object_handle_name, 16844 qualifying_data, creation_hash, in_scheme, creation_ticket, &command, 16845 authorization_delegate); 16846 if (rc != TPM_RC_SUCCESS) { 16847 return rc; 16848 } 16849 std::string response = transceiver_->SendCommandAndWait(command); 16850 rc = ParseResponse_CertifyCreation(response, certify_info, signature, 16851 authorization_delegate); 16852 return rc; 16853 } 16854 16855 TPM_RC Tpm::SerializeCommand_Quote( 16856 const TPMI_DH_OBJECT& sign_handle, 16857 const std::string& sign_handle_name, 16858 const TPM2B_DATA& qualifying_data, 16859 const TPMT_SIG_SCHEME& in_scheme, 16860 const TPML_PCR_SELECTION& pcrselect, 16861 std::string* serialized_command, 16862 AuthorizationDelegate* authorization_delegate) { 16863 VLOG(3) << __func__; 16864 TPM_RC rc = TPM_RC_SUCCESS; 16865 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16866 UINT32 command_size = 10; // Header size. 16867 std::string handle_section_bytes; 16868 std::string parameter_section_bytes; 16869 TPM_CC command_code = TPM_CC_Quote; 16870 bool is_command_parameter_encryption_possible = true; 16871 bool is_response_parameter_encryption_possible = true; 16872 std::string command_code_bytes; 16873 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16874 if (rc != TPM_RC_SUCCESS) { 16875 return rc; 16876 } 16877 std::string sign_handle_bytes; 16878 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 16879 if (rc != TPM_RC_SUCCESS) { 16880 return rc; 16881 } 16882 std::string qualifying_data_bytes; 16883 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 16884 if (rc != TPM_RC_SUCCESS) { 16885 return rc; 16886 } 16887 std::string in_scheme_bytes; 16888 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 16889 if (rc != TPM_RC_SUCCESS) { 16890 return rc; 16891 } 16892 std::string pcrselect_bytes; 16893 rc = Serialize_TPML_PCR_SELECTION(pcrselect, &pcrselect_bytes); 16894 if (rc != TPM_RC_SUCCESS) { 16895 return rc; 16896 } 16897 if (authorization_delegate) { 16898 // Encrypt just the parameter data, not the size. 16899 std::string tmp = qualifying_data_bytes.substr(2); 16900 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 16901 return TRUNKS_RC_ENCRYPTION_FAILED; 16902 } 16903 qualifying_data_bytes.replace(2, std::string::npos, tmp); 16904 } 16905 std::unique_ptr<crypto::SecureHash> hash( 16906 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 16907 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 16908 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 16909 handle_section_bytes += sign_handle_bytes; 16910 command_size += sign_handle_bytes.size(); 16911 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 16912 parameter_section_bytes += qualifying_data_bytes; 16913 command_size += qualifying_data_bytes.size(); 16914 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 16915 parameter_section_bytes += in_scheme_bytes; 16916 command_size += in_scheme_bytes.size(); 16917 hash->Update(pcrselect_bytes.data(), pcrselect_bytes.size()); 16918 parameter_section_bytes += pcrselect_bytes; 16919 command_size += pcrselect_bytes.size(); 16920 std::string command_hash(32, 0); 16921 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16922 std::string authorization_section_bytes; 16923 std::string authorization_size_bytes; 16924 if (authorization_delegate) { 16925 if (!authorization_delegate->GetCommandAuthorization( 16926 command_hash, is_command_parameter_encryption_possible, 16927 is_response_parameter_encryption_possible, 16928 &authorization_section_bytes)) { 16929 return TRUNKS_RC_AUTHORIZATION_FAILED; 16930 } 16931 if (!authorization_section_bytes.empty()) { 16932 tag = TPM_ST_SESSIONS; 16933 std::string tmp; 16934 rc = Serialize_UINT32(authorization_section_bytes.size(), 16935 &authorization_size_bytes); 16936 if (rc != TPM_RC_SUCCESS) { 16937 return rc; 16938 } 16939 command_size += 16940 authorization_size_bytes.size() + authorization_section_bytes.size(); 16941 } 16942 } 16943 std::string tag_bytes; 16944 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 16945 if (rc != TPM_RC_SUCCESS) { 16946 return rc; 16947 } 16948 std::string command_size_bytes; 16949 rc = Serialize_UINT32(command_size, &command_size_bytes); 16950 if (rc != TPM_RC_SUCCESS) { 16951 return rc; 16952 } 16953 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 16954 handle_section_bytes + authorization_size_bytes + 16955 authorization_section_bytes + parameter_section_bytes; 16956 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16957 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16958 serialized_command->size()); 16959 return TPM_RC_SUCCESS; 16960 } 16961 16962 TPM_RC Tpm::ParseResponse_Quote(const std::string& response, 16963 TPM2B_ATTEST* quoted, 16964 TPMT_SIGNATURE* signature, 16965 AuthorizationDelegate* authorization_delegate) { 16966 VLOG(3) << __func__; 16967 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16968 TPM_RC rc = TPM_RC_SUCCESS; 16969 std::string buffer(response); 16970 TPM_ST tag; 16971 std::string tag_bytes; 16972 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 16973 if (rc != TPM_RC_SUCCESS) { 16974 return rc; 16975 } 16976 UINT32 response_size; 16977 std::string response_size_bytes; 16978 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 16979 if (rc != TPM_RC_SUCCESS) { 16980 return rc; 16981 } 16982 TPM_RC response_code; 16983 std::string response_code_bytes; 16984 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 16985 if (rc != TPM_RC_SUCCESS) { 16986 return rc; 16987 } 16988 if (response_size != response.size()) { 16989 return TPM_RC_SIZE; 16990 } 16991 if (response_code != TPM_RC_SUCCESS) { 16992 return response_code; 16993 } 16994 TPM_CC command_code = TPM_CC_Quote; 16995 std::string command_code_bytes; 16996 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 16997 if (rc != TPM_RC_SUCCESS) { 16998 return rc; 16999 } 17000 std::string authorization_section_bytes; 17001 if (tag == TPM_ST_SESSIONS) { 17002 UINT32 parameter_section_size = buffer.size(); 17003 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17004 if (rc != TPM_RC_SUCCESS) { 17005 return rc; 17006 } 17007 if (parameter_section_size > buffer.size()) { 17008 return TPM_RC_INSUFFICIENT; 17009 } 17010 authorization_section_bytes = buffer.substr(parameter_section_size); 17011 // Keep the parameter section in |buffer|. 17012 buffer.erase(parameter_section_size); 17013 } 17014 std::unique_ptr<crypto::SecureHash> hash( 17015 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17016 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 17017 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17018 hash->Update(buffer.data(), buffer.size()); 17019 std::string response_hash(32, 0); 17020 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17021 if (tag == TPM_ST_SESSIONS) { 17022 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17023 if (!authorization_delegate->CheckResponseAuthorization( 17024 response_hash, authorization_section_bytes)) { 17025 return TRUNKS_RC_AUTHORIZATION_FAILED; 17026 } 17027 } 17028 std::string quoted_bytes; 17029 rc = Parse_TPM2B_ATTEST(&buffer, quoted, "ed_bytes); 17030 if (rc != TPM_RC_SUCCESS) { 17031 return rc; 17032 } 17033 std::string signature_bytes; 17034 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 17035 if (rc != TPM_RC_SUCCESS) { 17036 return rc; 17037 } 17038 if (tag == TPM_ST_SESSIONS) { 17039 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17040 // Decrypt just the parameter data, not the size. 17041 std::string tmp = quoted_bytes.substr(2); 17042 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17043 return TRUNKS_RC_ENCRYPTION_FAILED; 17044 } 17045 quoted_bytes.replace(2, std::string::npos, tmp); 17046 rc = Parse_TPM2B_ATTEST("ed_bytes, quoted, nullptr); 17047 if (rc != TPM_RC_SUCCESS) { 17048 return rc; 17049 } 17050 } 17051 return TPM_RC_SUCCESS; 17052 } 17053 17054 void QuoteErrorCallback(const Tpm::QuoteResponse& callback, 17055 TPM_RC response_code) { 17056 VLOG(1) << __func__; 17057 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 17058 } 17059 17060 void QuoteResponseParser(const Tpm::QuoteResponse& callback, 17061 AuthorizationDelegate* authorization_delegate, 17062 const std::string& response) { 17063 VLOG(1) << __func__; 17064 base::Callback<void(TPM_RC)> error_reporter = 17065 base::Bind(QuoteErrorCallback, callback); 17066 TPM2B_ATTEST quoted; 17067 TPMT_SIGNATURE signature; 17068 TPM_RC rc = Tpm::ParseResponse_Quote(response, "ed, &signature, 17069 authorization_delegate); 17070 if (rc != TPM_RC_SUCCESS) { 17071 error_reporter.Run(rc); 17072 return; 17073 } 17074 callback.Run(rc, quoted, signature); 17075 } 17076 17077 void Tpm::Quote(const TPMI_DH_OBJECT& sign_handle, 17078 const std::string& sign_handle_name, 17079 const TPM2B_DATA& qualifying_data, 17080 const TPMT_SIG_SCHEME& in_scheme, 17081 const TPML_PCR_SELECTION& pcrselect, 17082 AuthorizationDelegate* authorization_delegate, 17083 const QuoteResponse& callback) { 17084 VLOG(1) << __func__; 17085 base::Callback<void(TPM_RC)> error_reporter = 17086 base::Bind(QuoteErrorCallback, callback); 17087 base::Callback<void(const std::string&)> parser = 17088 base::Bind(QuoteResponseParser, callback, authorization_delegate); 17089 std::string command; 17090 TPM_RC rc = SerializeCommand_Quote(sign_handle, sign_handle_name, 17091 qualifying_data, in_scheme, pcrselect, 17092 &command, authorization_delegate); 17093 if (rc != TPM_RC_SUCCESS) { 17094 error_reporter.Run(rc); 17095 return; 17096 } 17097 transceiver_->SendCommand(command, parser); 17098 } 17099 17100 TPM_RC Tpm::QuoteSync(const TPMI_DH_OBJECT& sign_handle, 17101 const std::string& sign_handle_name, 17102 const TPM2B_DATA& qualifying_data, 17103 const TPMT_SIG_SCHEME& in_scheme, 17104 const TPML_PCR_SELECTION& pcrselect, 17105 TPM2B_ATTEST* quoted, 17106 TPMT_SIGNATURE* signature, 17107 AuthorizationDelegate* authorization_delegate) { 17108 VLOG(1) << __func__; 17109 std::string command; 17110 TPM_RC rc = SerializeCommand_Quote(sign_handle, sign_handle_name, 17111 qualifying_data, in_scheme, pcrselect, 17112 &command, authorization_delegate); 17113 if (rc != TPM_RC_SUCCESS) { 17114 return rc; 17115 } 17116 std::string response = transceiver_->SendCommandAndWait(command); 17117 rc = ParseResponse_Quote(response, quoted, signature, authorization_delegate); 17118 return rc; 17119 } 17120 17121 TPM_RC Tpm::SerializeCommand_GetSessionAuditDigest( 17122 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17123 const std::string& privacy_admin_handle_name, 17124 const TPMI_DH_OBJECT& sign_handle, 17125 const std::string& sign_handle_name, 17126 const TPMI_SH_HMAC& session_handle, 17127 const std::string& session_handle_name, 17128 const TPM2B_DATA& qualifying_data, 17129 const TPMT_SIG_SCHEME& in_scheme, 17130 std::string* serialized_command, 17131 AuthorizationDelegate* authorization_delegate) { 17132 VLOG(3) << __func__; 17133 TPM_RC rc = TPM_RC_SUCCESS; 17134 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17135 UINT32 command_size = 10; // Header size. 17136 std::string handle_section_bytes; 17137 std::string parameter_section_bytes; 17138 TPM_CC command_code = TPM_CC_GetSessionAuditDigest; 17139 bool is_command_parameter_encryption_possible = true; 17140 bool is_response_parameter_encryption_possible = true; 17141 std::string command_code_bytes; 17142 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17143 if (rc != TPM_RC_SUCCESS) { 17144 return rc; 17145 } 17146 std::string privacy_admin_handle_bytes; 17147 rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_admin_handle, 17148 &privacy_admin_handle_bytes); 17149 if (rc != TPM_RC_SUCCESS) { 17150 return rc; 17151 } 17152 std::string sign_handle_bytes; 17153 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 17154 if (rc != TPM_RC_SUCCESS) { 17155 return rc; 17156 } 17157 std::string session_handle_bytes; 17158 rc = Serialize_TPMI_SH_HMAC(session_handle, &session_handle_bytes); 17159 if (rc != TPM_RC_SUCCESS) { 17160 return rc; 17161 } 17162 std::string qualifying_data_bytes; 17163 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 17164 if (rc != TPM_RC_SUCCESS) { 17165 return rc; 17166 } 17167 std::string in_scheme_bytes; 17168 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 17169 if (rc != TPM_RC_SUCCESS) { 17170 return rc; 17171 } 17172 if (authorization_delegate) { 17173 // Encrypt just the parameter data, not the size. 17174 std::string tmp = qualifying_data_bytes.substr(2); 17175 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 17176 return TRUNKS_RC_ENCRYPTION_FAILED; 17177 } 17178 qualifying_data_bytes.replace(2, std::string::npos, tmp); 17179 } 17180 std::unique_ptr<crypto::SecureHash> hash( 17181 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17182 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17183 hash->Update(privacy_admin_handle_name.data(), 17184 privacy_admin_handle_name.size()); 17185 handle_section_bytes += privacy_admin_handle_bytes; 17186 command_size += privacy_admin_handle_bytes.size(); 17187 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 17188 handle_section_bytes += sign_handle_bytes; 17189 command_size += sign_handle_bytes.size(); 17190 hash->Update(session_handle_name.data(), session_handle_name.size()); 17191 handle_section_bytes += session_handle_bytes; 17192 command_size += session_handle_bytes.size(); 17193 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 17194 parameter_section_bytes += qualifying_data_bytes; 17195 command_size += qualifying_data_bytes.size(); 17196 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 17197 parameter_section_bytes += in_scheme_bytes; 17198 command_size += in_scheme_bytes.size(); 17199 std::string command_hash(32, 0); 17200 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17201 std::string authorization_section_bytes; 17202 std::string authorization_size_bytes; 17203 if (authorization_delegate) { 17204 if (!authorization_delegate->GetCommandAuthorization( 17205 command_hash, is_command_parameter_encryption_possible, 17206 is_response_parameter_encryption_possible, 17207 &authorization_section_bytes)) { 17208 return TRUNKS_RC_AUTHORIZATION_FAILED; 17209 } 17210 if (!authorization_section_bytes.empty()) { 17211 tag = TPM_ST_SESSIONS; 17212 std::string tmp; 17213 rc = Serialize_UINT32(authorization_section_bytes.size(), 17214 &authorization_size_bytes); 17215 if (rc != TPM_RC_SUCCESS) { 17216 return rc; 17217 } 17218 command_size += 17219 authorization_size_bytes.size() + authorization_section_bytes.size(); 17220 } 17221 } 17222 std::string tag_bytes; 17223 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 17224 if (rc != TPM_RC_SUCCESS) { 17225 return rc; 17226 } 17227 std::string command_size_bytes; 17228 rc = Serialize_UINT32(command_size, &command_size_bytes); 17229 if (rc != TPM_RC_SUCCESS) { 17230 return rc; 17231 } 17232 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 17233 handle_section_bytes + authorization_size_bytes + 17234 authorization_section_bytes + parameter_section_bytes; 17235 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17236 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17237 serialized_command->size()); 17238 return TPM_RC_SUCCESS; 17239 } 17240 17241 TPM_RC Tpm::ParseResponse_GetSessionAuditDigest( 17242 const std::string& response, 17243 TPM2B_ATTEST* audit_info, 17244 TPMT_SIGNATURE* signature, 17245 AuthorizationDelegate* authorization_delegate) { 17246 VLOG(3) << __func__; 17247 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17248 TPM_RC rc = TPM_RC_SUCCESS; 17249 std::string buffer(response); 17250 TPM_ST tag; 17251 std::string tag_bytes; 17252 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 17253 if (rc != TPM_RC_SUCCESS) { 17254 return rc; 17255 } 17256 UINT32 response_size; 17257 std::string response_size_bytes; 17258 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 17259 if (rc != TPM_RC_SUCCESS) { 17260 return rc; 17261 } 17262 TPM_RC response_code; 17263 std::string response_code_bytes; 17264 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 17265 if (rc != TPM_RC_SUCCESS) { 17266 return rc; 17267 } 17268 if (response_size != response.size()) { 17269 return TPM_RC_SIZE; 17270 } 17271 if (response_code != TPM_RC_SUCCESS) { 17272 return response_code; 17273 } 17274 TPM_CC command_code = TPM_CC_GetSessionAuditDigest; 17275 std::string command_code_bytes; 17276 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17277 if (rc != TPM_RC_SUCCESS) { 17278 return rc; 17279 } 17280 std::string authorization_section_bytes; 17281 if (tag == TPM_ST_SESSIONS) { 17282 UINT32 parameter_section_size = buffer.size(); 17283 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17284 if (rc != TPM_RC_SUCCESS) { 17285 return rc; 17286 } 17287 if (parameter_section_size > buffer.size()) { 17288 return TPM_RC_INSUFFICIENT; 17289 } 17290 authorization_section_bytes = buffer.substr(parameter_section_size); 17291 // Keep the parameter section in |buffer|. 17292 buffer.erase(parameter_section_size); 17293 } 17294 std::unique_ptr<crypto::SecureHash> hash( 17295 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17296 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 17297 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17298 hash->Update(buffer.data(), buffer.size()); 17299 std::string response_hash(32, 0); 17300 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17301 if (tag == TPM_ST_SESSIONS) { 17302 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17303 if (!authorization_delegate->CheckResponseAuthorization( 17304 response_hash, authorization_section_bytes)) { 17305 return TRUNKS_RC_AUTHORIZATION_FAILED; 17306 } 17307 } 17308 std::string audit_info_bytes; 17309 rc = Parse_TPM2B_ATTEST(&buffer, audit_info, &audit_info_bytes); 17310 if (rc != TPM_RC_SUCCESS) { 17311 return rc; 17312 } 17313 std::string signature_bytes; 17314 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 17315 if (rc != TPM_RC_SUCCESS) { 17316 return rc; 17317 } 17318 if (tag == TPM_ST_SESSIONS) { 17319 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17320 // Decrypt just the parameter data, not the size. 17321 std::string tmp = audit_info_bytes.substr(2); 17322 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17323 return TRUNKS_RC_ENCRYPTION_FAILED; 17324 } 17325 audit_info_bytes.replace(2, std::string::npos, tmp); 17326 rc = Parse_TPM2B_ATTEST(&audit_info_bytes, audit_info, nullptr); 17327 if (rc != TPM_RC_SUCCESS) { 17328 return rc; 17329 } 17330 } 17331 return TPM_RC_SUCCESS; 17332 } 17333 17334 void GetSessionAuditDigestErrorCallback( 17335 const Tpm::GetSessionAuditDigestResponse& callback, 17336 TPM_RC response_code) { 17337 VLOG(1) << __func__; 17338 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 17339 } 17340 17341 void GetSessionAuditDigestResponseParser( 17342 const Tpm::GetSessionAuditDigestResponse& callback, 17343 AuthorizationDelegate* authorization_delegate, 17344 const std::string& response) { 17345 VLOG(1) << __func__; 17346 base::Callback<void(TPM_RC)> error_reporter = 17347 base::Bind(GetSessionAuditDigestErrorCallback, callback); 17348 TPM2B_ATTEST audit_info; 17349 TPMT_SIGNATURE signature; 17350 TPM_RC rc = Tpm::ParseResponse_GetSessionAuditDigest( 17351 response, &audit_info, &signature, authorization_delegate); 17352 if (rc != TPM_RC_SUCCESS) { 17353 error_reporter.Run(rc); 17354 return; 17355 } 17356 callback.Run(rc, audit_info, signature); 17357 } 17358 17359 void Tpm::GetSessionAuditDigest(const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17360 const std::string& privacy_admin_handle_name, 17361 const TPMI_DH_OBJECT& sign_handle, 17362 const std::string& sign_handle_name, 17363 const TPMI_SH_HMAC& session_handle, 17364 const std::string& session_handle_name, 17365 const TPM2B_DATA& qualifying_data, 17366 const TPMT_SIG_SCHEME& in_scheme, 17367 AuthorizationDelegate* authorization_delegate, 17368 const GetSessionAuditDigestResponse& callback) { 17369 VLOG(1) << __func__; 17370 base::Callback<void(TPM_RC)> error_reporter = 17371 base::Bind(GetSessionAuditDigestErrorCallback, callback); 17372 base::Callback<void(const std::string&)> parser = base::Bind( 17373 GetSessionAuditDigestResponseParser, callback, authorization_delegate); 17374 std::string command; 17375 TPM_RC rc = SerializeCommand_GetSessionAuditDigest( 17376 privacy_admin_handle, privacy_admin_handle_name, sign_handle, 17377 sign_handle_name, session_handle, session_handle_name, qualifying_data, 17378 in_scheme, &command, authorization_delegate); 17379 if (rc != TPM_RC_SUCCESS) { 17380 error_reporter.Run(rc); 17381 return; 17382 } 17383 transceiver_->SendCommand(command, parser); 17384 } 17385 17386 TPM_RC Tpm::GetSessionAuditDigestSync( 17387 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17388 const std::string& privacy_admin_handle_name, 17389 const TPMI_DH_OBJECT& sign_handle, 17390 const std::string& sign_handle_name, 17391 const TPMI_SH_HMAC& session_handle, 17392 const std::string& session_handle_name, 17393 const TPM2B_DATA& qualifying_data, 17394 const TPMT_SIG_SCHEME& in_scheme, 17395 TPM2B_ATTEST* audit_info, 17396 TPMT_SIGNATURE* signature, 17397 AuthorizationDelegate* authorization_delegate) { 17398 VLOG(1) << __func__; 17399 std::string command; 17400 TPM_RC rc = SerializeCommand_GetSessionAuditDigest( 17401 privacy_admin_handle, privacy_admin_handle_name, sign_handle, 17402 sign_handle_name, session_handle, session_handle_name, qualifying_data, 17403 in_scheme, &command, authorization_delegate); 17404 if (rc != TPM_RC_SUCCESS) { 17405 return rc; 17406 } 17407 std::string response = transceiver_->SendCommandAndWait(command); 17408 rc = ParseResponse_GetSessionAuditDigest(response, audit_info, signature, 17409 authorization_delegate); 17410 return rc; 17411 } 17412 17413 TPM_RC Tpm::SerializeCommand_GetCommandAuditDigest( 17414 const TPMI_RH_ENDORSEMENT& privacy_handle, 17415 const std::string& privacy_handle_name, 17416 const TPMI_DH_OBJECT& sign_handle, 17417 const std::string& sign_handle_name, 17418 const TPM2B_DATA& qualifying_data, 17419 const TPMT_SIG_SCHEME& in_scheme, 17420 std::string* serialized_command, 17421 AuthorizationDelegate* authorization_delegate) { 17422 VLOG(3) << __func__; 17423 TPM_RC rc = TPM_RC_SUCCESS; 17424 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17425 UINT32 command_size = 10; // Header size. 17426 std::string handle_section_bytes; 17427 std::string parameter_section_bytes; 17428 TPM_CC command_code = TPM_CC_GetCommandAuditDigest; 17429 bool is_command_parameter_encryption_possible = true; 17430 bool is_response_parameter_encryption_possible = true; 17431 std::string command_code_bytes; 17432 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17433 if (rc != TPM_RC_SUCCESS) { 17434 return rc; 17435 } 17436 std::string privacy_handle_bytes; 17437 rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_handle, &privacy_handle_bytes); 17438 if (rc != TPM_RC_SUCCESS) { 17439 return rc; 17440 } 17441 std::string sign_handle_bytes; 17442 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 17443 if (rc != TPM_RC_SUCCESS) { 17444 return rc; 17445 } 17446 std::string qualifying_data_bytes; 17447 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 17448 if (rc != TPM_RC_SUCCESS) { 17449 return rc; 17450 } 17451 std::string in_scheme_bytes; 17452 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 17453 if (rc != TPM_RC_SUCCESS) { 17454 return rc; 17455 } 17456 if (authorization_delegate) { 17457 // Encrypt just the parameter data, not the size. 17458 std::string tmp = qualifying_data_bytes.substr(2); 17459 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 17460 return TRUNKS_RC_ENCRYPTION_FAILED; 17461 } 17462 qualifying_data_bytes.replace(2, std::string::npos, tmp); 17463 } 17464 std::unique_ptr<crypto::SecureHash> hash( 17465 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17466 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17467 hash->Update(privacy_handle_name.data(), privacy_handle_name.size()); 17468 handle_section_bytes += privacy_handle_bytes; 17469 command_size += privacy_handle_bytes.size(); 17470 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 17471 handle_section_bytes += sign_handle_bytes; 17472 command_size += sign_handle_bytes.size(); 17473 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 17474 parameter_section_bytes += qualifying_data_bytes; 17475 command_size += qualifying_data_bytes.size(); 17476 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 17477 parameter_section_bytes += in_scheme_bytes; 17478 command_size += in_scheme_bytes.size(); 17479 std::string command_hash(32, 0); 17480 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17481 std::string authorization_section_bytes; 17482 std::string authorization_size_bytes; 17483 if (authorization_delegate) { 17484 if (!authorization_delegate->GetCommandAuthorization( 17485 command_hash, is_command_parameter_encryption_possible, 17486 is_response_parameter_encryption_possible, 17487 &authorization_section_bytes)) { 17488 return TRUNKS_RC_AUTHORIZATION_FAILED; 17489 } 17490 if (!authorization_section_bytes.empty()) { 17491 tag = TPM_ST_SESSIONS; 17492 std::string tmp; 17493 rc = Serialize_UINT32(authorization_section_bytes.size(), 17494 &authorization_size_bytes); 17495 if (rc != TPM_RC_SUCCESS) { 17496 return rc; 17497 } 17498 command_size += 17499 authorization_size_bytes.size() + authorization_section_bytes.size(); 17500 } 17501 } 17502 std::string tag_bytes; 17503 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 17504 if (rc != TPM_RC_SUCCESS) { 17505 return rc; 17506 } 17507 std::string command_size_bytes; 17508 rc = Serialize_UINT32(command_size, &command_size_bytes); 17509 if (rc != TPM_RC_SUCCESS) { 17510 return rc; 17511 } 17512 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 17513 handle_section_bytes + authorization_size_bytes + 17514 authorization_section_bytes + parameter_section_bytes; 17515 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17516 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17517 serialized_command->size()); 17518 return TPM_RC_SUCCESS; 17519 } 17520 17521 TPM_RC Tpm::ParseResponse_GetCommandAuditDigest( 17522 const std::string& response, 17523 TPM2B_ATTEST* audit_info, 17524 TPMT_SIGNATURE* signature, 17525 AuthorizationDelegate* authorization_delegate) { 17526 VLOG(3) << __func__; 17527 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17528 TPM_RC rc = TPM_RC_SUCCESS; 17529 std::string buffer(response); 17530 TPM_ST tag; 17531 std::string tag_bytes; 17532 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 17533 if (rc != TPM_RC_SUCCESS) { 17534 return rc; 17535 } 17536 UINT32 response_size; 17537 std::string response_size_bytes; 17538 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 17539 if (rc != TPM_RC_SUCCESS) { 17540 return rc; 17541 } 17542 TPM_RC response_code; 17543 std::string response_code_bytes; 17544 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 17545 if (rc != TPM_RC_SUCCESS) { 17546 return rc; 17547 } 17548 if (response_size != response.size()) { 17549 return TPM_RC_SIZE; 17550 } 17551 if (response_code != TPM_RC_SUCCESS) { 17552 return response_code; 17553 } 17554 TPM_CC command_code = TPM_CC_GetCommandAuditDigest; 17555 std::string command_code_bytes; 17556 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17557 if (rc != TPM_RC_SUCCESS) { 17558 return rc; 17559 } 17560 std::string authorization_section_bytes; 17561 if (tag == TPM_ST_SESSIONS) { 17562 UINT32 parameter_section_size = buffer.size(); 17563 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17564 if (rc != TPM_RC_SUCCESS) { 17565 return rc; 17566 } 17567 if (parameter_section_size > buffer.size()) { 17568 return TPM_RC_INSUFFICIENT; 17569 } 17570 authorization_section_bytes = buffer.substr(parameter_section_size); 17571 // Keep the parameter section in |buffer|. 17572 buffer.erase(parameter_section_size); 17573 } 17574 std::unique_ptr<crypto::SecureHash> hash( 17575 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17576 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 17577 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17578 hash->Update(buffer.data(), buffer.size()); 17579 std::string response_hash(32, 0); 17580 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17581 if (tag == TPM_ST_SESSIONS) { 17582 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17583 if (!authorization_delegate->CheckResponseAuthorization( 17584 response_hash, authorization_section_bytes)) { 17585 return TRUNKS_RC_AUTHORIZATION_FAILED; 17586 } 17587 } 17588 std::string audit_info_bytes; 17589 rc = Parse_TPM2B_ATTEST(&buffer, audit_info, &audit_info_bytes); 17590 if (rc != TPM_RC_SUCCESS) { 17591 return rc; 17592 } 17593 std::string signature_bytes; 17594 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 17595 if (rc != TPM_RC_SUCCESS) { 17596 return rc; 17597 } 17598 if (tag == TPM_ST_SESSIONS) { 17599 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17600 // Decrypt just the parameter data, not the size. 17601 std::string tmp = audit_info_bytes.substr(2); 17602 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17603 return TRUNKS_RC_ENCRYPTION_FAILED; 17604 } 17605 audit_info_bytes.replace(2, std::string::npos, tmp); 17606 rc = Parse_TPM2B_ATTEST(&audit_info_bytes, audit_info, nullptr); 17607 if (rc != TPM_RC_SUCCESS) { 17608 return rc; 17609 } 17610 } 17611 return TPM_RC_SUCCESS; 17612 } 17613 17614 void GetCommandAuditDigestErrorCallback( 17615 const Tpm::GetCommandAuditDigestResponse& callback, 17616 TPM_RC response_code) { 17617 VLOG(1) << __func__; 17618 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 17619 } 17620 17621 void GetCommandAuditDigestResponseParser( 17622 const Tpm::GetCommandAuditDigestResponse& callback, 17623 AuthorizationDelegate* authorization_delegate, 17624 const std::string& response) { 17625 VLOG(1) << __func__; 17626 base::Callback<void(TPM_RC)> error_reporter = 17627 base::Bind(GetCommandAuditDigestErrorCallback, callback); 17628 TPM2B_ATTEST audit_info; 17629 TPMT_SIGNATURE signature; 17630 TPM_RC rc = Tpm::ParseResponse_GetCommandAuditDigest( 17631 response, &audit_info, &signature, authorization_delegate); 17632 if (rc != TPM_RC_SUCCESS) { 17633 error_reporter.Run(rc); 17634 return; 17635 } 17636 callback.Run(rc, audit_info, signature); 17637 } 17638 17639 void Tpm::GetCommandAuditDigest(const TPMI_RH_ENDORSEMENT& privacy_handle, 17640 const std::string& privacy_handle_name, 17641 const TPMI_DH_OBJECT& sign_handle, 17642 const std::string& sign_handle_name, 17643 const TPM2B_DATA& qualifying_data, 17644 const TPMT_SIG_SCHEME& in_scheme, 17645 AuthorizationDelegate* authorization_delegate, 17646 const GetCommandAuditDigestResponse& callback) { 17647 VLOG(1) << __func__; 17648 base::Callback<void(TPM_RC)> error_reporter = 17649 base::Bind(GetCommandAuditDigestErrorCallback, callback); 17650 base::Callback<void(const std::string&)> parser = base::Bind( 17651 GetCommandAuditDigestResponseParser, callback, authorization_delegate); 17652 std::string command; 17653 TPM_RC rc = SerializeCommand_GetCommandAuditDigest( 17654 privacy_handle, privacy_handle_name, sign_handle, sign_handle_name, 17655 qualifying_data, in_scheme, &command, authorization_delegate); 17656 if (rc != TPM_RC_SUCCESS) { 17657 error_reporter.Run(rc); 17658 return; 17659 } 17660 transceiver_->SendCommand(command, parser); 17661 } 17662 17663 TPM_RC Tpm::GetCommandAuditDigestSync( 17664 const TPMI_RH_ENDORSEMENT& privacy_handle, 17665 const std::string& privacy_handle_name, 17666 const TPMI_DH_OBJECT& sign_handle, 17667 const std::string& sign_handle_name, 17668 const TPM2B_DATA& qualifying_data, 17669 const TPMT_SIG_SCHEME& in_scheme, 17670 TPM2B_ATTEST* audit_info, 17671 TPMT_SIGNATURE* signature, 17672 AuthorizationDelegate* authorization_delegate) { 17673 VLOG(1) << __func__; 17674 std::string command; 17675 TPM_RC rc = SerializeCommand_GetCommandAuditDigest( 17676 privacy_handle, privacy_handle_name, sign_handle, sign_handle_name, 17677 qualifying_data, in_scheme, &command, authorization_delegate); 17678 if (rc != TPM_RC_SUCCESS) { 17679 return rc; 17680 } 17681 std::string response = transceiver_->SendCommandAndWait(command); 17682 rc = ParseResponse_GetCommandAuditDigest(response, audit_info, signature, 17683 authorization_delegate); 17684 return rc; 17685 } 17686 17687 TPM_RC Tpm::SerializeCommand_GetTime( 17688 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17689 const std::string& privacy_admin_handle_name, 17690 const TPMI_DH_OBJECT& sign_handle, 17691 const std::string& sign_handle_name, 17692 const TPM2B_DATA& qualifying_data, 17693 const TPMT_SIG_SCHEME& in_scheme, 17694 std::string* serialized_command, 17695 AuthorizationDelegate* authorization_delegate) { 17696 VLOG(3) << __func__; 17697 TPM_RC rc = TPM_RC_SUCCESS; 17698 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17699 UINT32 command_size = 10; // Header size. 17700 std::string handle_section_bytes; 17701 std::string parameter_section_bytes; 17702 TPM_CC command_code = TPM_CC_GetTime; 17703 bool is_command_parameter_encryption_possible = true; 17704 bool is_response_parameter_encryption_possible = true; 17705 std::string command_code_bytes; 17706 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17707 if (rc != TPM_RC_SUCCESS) { 17708 return rc; 17709 } 17710 std::string privacy_admin_handle_bytes; 17711 rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_admin_handle, 17712 &privacy_admin_handle_bytes); 17713 if (rc != TPM_RC_SUCCESS) { 17714 return rc; 17715 } 17716 std::string sign_handle_bytes; 17717 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 17718 if (rc != TPM_RC_SUCCESS) { 17719 return rc; 17720 } 17721 std::string qualifying_data_bytes; 17722 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 17723 if (rc != TPM_RC_SUCCESS) { 17724 return rc; 17725 } 17726 std::string in_scheme_bytes; 17727 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 17728 if (rc != TPM_RC_SUCCESS) { 17729 return rc; 17730 } 17731 if (authorization_delegate) { 17732 // Encrypt just the parameter data, not the size. 17733 std::string tmp = qualifying_data_bytes.substr(2); 17734 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 17735 return TRUNKS_RC_ENCRYPTION_FAILED; 17736 } 17737 qualifying_data_bytes.replace(2, std::string::npos, tmp); 17738 } 17739 std::unique_ptr<crypto::SecureHash> hash( 17740 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17741 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17742 hash->Update(privacy_admin_handle_name.data(), 17743 privacy_admin_handle_name.size()); 17744 handle_section_bytes += privacy_admin_handle_bytes; 17745 command_size += privacy_admin_handle_bytes.size(); 17746 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 17747 handle_section_bytes += sign_handle_bytes; 17748 command_size += sign_handle_bytes.size(); 17749 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 17750 parameter_section_bytes += qualifying_data_bytes; 17751 command_size += qualifying_data_bytes.size(); 17752 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 17753 parameter_section_bytes += in_scheme_bytes; 17754 command_size += in_scheme_bytes.size(); 17755 std::string command_hash(32, 0); 17756 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17757 std::string authorization_section_bytes; 17758 std::string authorization_size_bytes; 17759 if (authorization_delegate) { 17760 if (!authorization_delegate->GetCommandAuthorization( 17761 command_hash, is_command_parameter_encryption_possible, 17762 is_response_parameter_encryption_possible, 17763 &authorization_section_bytes)) { 17764 return TRUNKS_RC_AUTHORIZATION_FAILED; 17765 } 17766 if (!authorization_section_bytes.empty()) { 17767 tag = TPM_ST_SESSIONS; 17768 std::string tmp; 17769 rc = Serialize_UINT32(authorization_section_bytes.size(), 17770 &authorization_size_bytes); 17771 if (rc != TPM_RC_SUCCESS) { 17772 return rc; 17773 } 17774 command_size += 17775 authorization_size_bytes.size() + authorization_section_bytes.size(); 17776 } 17777 } 17778 std::string tag_bytes; 17779 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 17780 if (rc != TPM_RC_SUCCESS) { 17781 return rc; 17782 } 17783 std::string command_size_bytes; 17784 rc = Serialize_UINT32(command_size, &command_size_bytes); 17785 if (rc != TPM_RC_SUCCESS) { 17786 return rc; 17787 } 17788 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 17789 handle_section_bytes + authorization_size_bytes + 17790 authorization_section_bytes + parameter_section_bytes; 17791 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17792 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17793 serialized_command->size()); 17794 return TPM_RC_SUCCESS; 17795 } 17796 17797 TPM_RC Tpm::ParseResponse_GetTime( 17798 const std::string& response, 17799 TPM2B_ATTEST* time_info, 17800 TPMT_SIGNATURE* signature, 17801 AuthorizationDelegate* authorization_delegate) { 17802 VLOG(3) << __func__; 17803 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17804 TPM_RC rc = TPM_RC_SUCCESS; 17805 std::string buffer(response); 17806 TPM_ST tag; 17807 std::string tag_bytes; 17808 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 17809 if (rc != TPM_RC_SUCCESS) { 17810 return rc; 17811 } 17812 UINT32 response_size; 17813 std::string response_size_bytes; 17814 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 17815 if (rc != TPM_RC_SUCCESS) { 17816 return rc; 17817 } 17818 TPM_RC response_code; 17819 std::string response_code_bytes; 17820 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 17821 if (rc != TPM_RC_SUCCESS) { 17822 return rc; 17823 } 17824 if (response_size != response.size()) { 17825 return TPM_RC_SIZE; 17826 } 17827 if (response_code != TPM_RC_SUCCESS) { 17828 return response_code; 17829 } 17830 TPM_CC command_code = TPM_CC_GetTime; 17831 std::string command_code_bytes; 17832 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17833 if (rc != TPM_RC_SUCCESS) { 17834 return rc; 17835 } 17836 std::string authorization_section_bytes; 17837 if (tag == TPM_ST_SESSIONS) { 17838 UINT32 parameter_section_size = buffer.size(); 17839 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17840 if (rc != TPM_RC_SUCCESS) { 17841 return rc; 17842 } 17843 if (parameter_section_size > buffer.size()) { 17844 return TPM_RC_INSUFFICIENT; 17845 } 17846 authorization_section_bytes = buffer.substr(parameter_section_size); 17847 // Keep the parameter section in |buffer|. 17848 buffer.erase(parameter_section_size); 17849 } 17850 std::unique_ptr<crypto::SecureHash> hash( 17851 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 17852 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 17853 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 17854 hash->Update(buffer.data(), buffer.size()); 17855 std::string response_hash(32, 0); 17856 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17857 if (tag == TPM_ST_SESSIONS) { 17858 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17859 if (!authorization_delegate->CheckResponseAuthorization( 17860 response_hash, authorization_section_bytes)) { 17861 return TRUNKS_RC_AUTHORIZATION_FAILED; 17862 } 17863 } 17864 std::string time_info_bytes; 17865 rc = Parse_TPM2B_ATTEST(&buffer, time_info, &time_info_bytes); 17866 if (rc != TPM_RC_SUCCESS) { 17867 return rc; 17868 } 17869 std::string signature_bytes; 17870 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 17871 if (rc != TPM_RC_SUCCESS) { 17872 return rc; 17873 } 17874 if (tag == TPM_ST_SESSIONS) { 17875 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17876 // Decrypt just the parameter data, not the size. 17877 std::string tmp = time_info_bytes.substr(2); 17878 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17879 return TRUNKS_RC_ENCRYPTION_FAILED; 17880 } 17881 time_info_bytes.replace(2, std::string::npos, tmp); 17882 rc = Parse_TPM2B_ATTEST(&time_info_bytes, time_info, nullptr); 17883 if (rc != TPM_RC_SUCCESS) { 17884 return rc; 17885 } 17886 } 17887 return TPM_RC_SUCCESS; 17888 } 17889 17890 void GetTimeErrorCallback(const Tpm::GetTimeResponse& callback, 17891 TPM_RC response_code) { 17892 VLOG(1) << __func__; 17893 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 17894 } 17895 17896 void GetTimeResponseParser(const Tpm::GetTimeResponse& callback, 17897 AuthorizationDelegate* authorization_delegate, 17898 const std::string& response) { 17899 VLOG(1) << __func__; 17900 base::Callback<void(TPM_RC)> error_reporter = 17901 base::Bind(GetTimeErrorCallback, callback); 17902 TPM2B_ATTEST time_info; 17903 TPMT_SIGNATURE signature; 17904 TPM_RC rc = Tpm::ParseResponse_GetTime(response, &time_info, &signature, 17905 authorization_delegate); 17906 if (rc != TPM_RC_SUCCESS) { 17907 error_reporter.Run(rc); 17908 return; 17909 } 17910 callback.Run(rc, time_info, signature); 17911 } 17912 17913 void Tpm::GetTime(const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17914 const std::string& privacy_admin_handle_name, 17915 const TPMI_DH_OBJECT& sign_handle, 17916 const std::string& sign_handle_name, 17917 const TPM2B_DATA& qualifying_data, 17918 const TPMT_SIG_SCHEME& in_scheme, 17919 AuthorizationDelegate* authorization_delegate, 17920 const GetTimeResponse& callback) { 17921 VLOG(1) << __func__; 17922 base::Callback<void(TPM_RC)> error_reporter = 17923 base::Bind(GetTimeErrorCallback, callback); 17924 base::Callback<void(const std::string&)> parser = 17925 base::Bind(GetTimeResponseParser, callback, authorization_delegate); 17926 std::string command; 17927 TPM_RC rc = 17928 SerializeCommand_GetTime(privacy_admin_handle, privacy_admin_handle_name, 17929 sign_handle, sign_handle_name, qualifying_data, 17930 in_scheme, &command, authorization_delegate); 17931 if (rc != TPM_RC_SUCCESS) { 17932 error_reporter.Run(rc); 17933 return; 17934 } 17935 transceiver_->SendCommand(command, parser); 17936 } 17937 17938 TPM_RC Tpm::GetTimeSync(const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 17939 const std::string& privacy_admin_handle_name, 17940 const TPMI_DH_OBJECT& sign_handle, 17941 const std::string& sign_handle_name, 17942 const TPM2B_DATA& qualifying_data, 17943 const TPMT_SIG_SCHEME& in_scheme, 17944 TPM2B_ATTEST* time_info, 17945 TPMT_SIGNATURE* signature, 17946 AuthorizationDelegate* authorization_delegate) { 17947 VLOG(1) << __func__; 17948 std::string command; 17949 TPM_RC rc = 17950 SerializeCommand_GetTime(privacy_admin_handle, privacy_admin_handle_name, 17951 sign_handle, sign_handle_name, qualifying_data, 17952 in_scheme, &command, authorization_delegate); 17953 if (rc != TPM_RC_SUCCESS) { 17954 return rc; 17955 } 17956 std::string response = transceiver_->SendCommandAndWait(command); 17957 rc = ParseResponse_GetTime(response, time_info, signature, 17958 authorization_delegate); 17959 return rc; 17960 } 17961 17962 TPM_RC Tpm::SerializeCommand_Commit( 17963 const TPMI_DH_OBJECT& sign_handle, 17964 const std::string& sign_handle_name, 17965 const UINT32& param_size, 17966 const TPM2B_ECC_POINT& p1, 17967 const TPM2B_SENSITIVE_DATA& s2, 17968 const TPM2B_ECC_PARAMETER& y2, 17969 std::string* serialized_command, 17970 AuthorizationDelegate* authorization_delegate) { 17971 VLOG(3) << __func__; 17972 TPM_RC rc = TPM_RC_SUCCESS; 17973 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17974 UINT32 command_size = 10; // Header size. 17975 std::string handle_section_bytes; 17976 std::string parameter_section_bytes; 17977 TPM_CC command_code = TPM_CC_Commit; 17978 bool is_command_parameter_encryption_possible = false; 17979 bool is_response_parameter_encryption_possible = false; 17980 std::string command_code_bytes; 17981 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 17982 if (rc != TPM_RC_SUCCESS) { 17983 return rc; 17984 } 17985 std::string param_size_bytes; 17986 rc = Serialize_UINT32(param_size, ¶m_size_bytes); 17987 if (rc != TPM_RC_SUCCESS) { 17988 return rc; 17989 } 17990 std::string sign_handle_bytes; 17991 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 17992 if (rc != TPM_RC_SUCCESS) { 17993 return rc; 17994 } 17995 std::string p1_bytes; 17996 rc = Serialize_TPM2B_ECC_POINT(p1, &p1_bytes); 17997 if (rc != TPM_RC_SUCCESS) { 17998 return rc; 17999 } 18000 std::string s2_bytes; 18001 rc = Serialize_TPM2B_SENSITIVE_DATA(s2, &s2_bytes); 18002 if (rc != TPM_RC_SUCCESS) { 18003 return rc; 18004 } 18005 std::string y2_bytes; 18006 rc = Serialize_TPM2B_ECC_PARAMETER(y2, &y2_bytes); 18007 if (rc != TPM_RC_SUCCESS) { 18008 return rc; 18009 } 18010 std::unique_ptr<crypto::SecureHash> hash( 18011 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18012 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18013 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 18014 handle_section_bytes += sign_handle_bytes; 18015 command_size += sign_handle_bytes.size(); 18016 hash->Update(param_size_bytes.data(), param_size_bytes.size()); 18017 parameter_section_bytes += param_size_bytes; 18018 command_size += param_size_bytes.size(); 18019 hash->Update(p1_bytes.data(), p1_bytes.size()); 18020 parameter_section_bytes += p1_bytes; 18021 command_size += p1_bytes.size(); 18022 hash->Update(s2_bytes.data(), s2_bytes.size()); 18023 parameter_section_bytes += s2_bytes; 18024 command_size += s2_bytes.size(); 18025 hash->Update(y2_bytes.data(), y2_bytes.size()); 18026 parameter_section_bytes += y2_bytes; 18027 command_size += y2_bytes.size(); 18028 std::string command_hash(32, 0); 18029 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18030 std::string authorization_section_bytes; 18031 std::string authorization_size_bytes; 18032 if (authorization_delegate) { 18033 if (!authorization_delegate->GetCommandAuthorization( 18034 command_hash, is_command_parameter_encryption_possible, 18035 is_response_parameter_encryption_possible, 18036 &authorization_section_bytes)) { 18037 return TRUNKS_RC_AUTHORIZATION_FAILED; 18038 } 18039 if (!authorization_section_bytes.empty()) { 18040 tag = TPM_ST_SESSIONS; 18041 std::string tmp; 18042 rc = Serialize_UINT32(authorization_section_bytes.size(), 18043 &authorization_size_bytes); 18044 if (rc != TPM_RC_SUCCESS) { 18045 return rc; 18046 } 18047 command_size += 18048 authorization_size_bytes.size() + authorization_section_bytes.size(); 18049 } 18050 } 18051 std::string tag_bytes; 18052 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 18053 if (rc != TPM_RC_SUCCESS) { 18054 return rc; 18055 } 18056 std::string command_size_bytes; 18057 rc = Serialize_UINT32(command_size, &command_size_bytes); 18058 if (rc != TPM_RC_SUCCESS) { 18059 return rc; 18060 } 18061 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 18062 handle_section_bytes + authorization_size_bytes + 18063 authorization_section_bytes + parameter_section_bytes; 18064 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18065 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18066 serialized_command->size()); 18067 return TPM_RC_SUCCESS; 18068 } 18069 18070 TPM_RC Tpm::ParseResponse_Commit( 18071 const std::string& response, 18072 UINT32* param_size_out, 18073 TPM2B_ECC_POINT* k, 18074 TPM2B_ECC_POINT* l, 18075 TPM2B_ECC_POINT* e, 18076 UINT16* counter, 18077 AuthorizationDelegate* authorization_delegate) { 18078 VLOG(3) << __func__; 18079 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18080 TPM_RC rc = TPM_RC_SUCCESS; 18081 std::string buffer(response); 18082 TPM_ST tag; 18083 std::string tag_bytes; 18084 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 18085 if (rc != TPM_RC_SUCCESS) { 18086 return rc; 18087 } 18088 UINT32 response_size; 18089 std::string response_size_bytes; 18090 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 18091 if (rc != TPM_RC_SUCCESS) { 18092 return rc; 18093 } 18094 TPM_RC response_code; 18095 std::string response_code_bytes; 18096 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 18097 if (rc != TPM_RC_SUCCESS) { 18098 return rc; 18099 } 18100 if (response_size != response.size()) { 18101 return TPM_RC_SIZE; 18102 } 18103 if (response_code != TPM_RC_SUCCESS) { 18104 return response_code; 18105 } 18106 TPM_CC command_code = TPM_CC_Commit; 18107 std::string command_code_bytes; 18108 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18109 if (rc != TPM_RC_SUCCESS) { 18110 return rc; 18111 } 18112 std::string authorization_section_bytes; 18113 if (tag == TPM_ST_SESSIONS) { 18114 UINT32 parameter_section_size = buffer.size(); 18115 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18116 if (rc != TPM_RC_SUCCESS) { 18117 return rc; 18118 } 18119 if (parameter_section_size > buffer.size()) { 18120 return TPM_RC_INSUFFICIENT; 18121 } 18122 authorization_section_bytes = buffer.substr(parameter_section_size); 18123 // Keep the parameter section in |buffer|. 18124 buffer.erase(parameter_section_size); 18125 } 18126 std::unique_ptr<crypto::SecureHash> hash( 18127 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18128 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 18129 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18130 hash->Update(buffer.data(), buffer.size()); 18131 std::string response_hash(32, 0); 18132 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18133 if (tag == TPM_ST_SESSIONS) { 18134 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18135 if (!authorization_delegate->CheckResponseAuthorization( 18136 response_hash, authorization_section_bytes)) { 18137 return TRUNKS_RC_AUTHORIZATION_FAILED; 18138 } 18139 } 18140 std::string param_size_out_bytes; 18141 rc = Parse_UINT32(&buffer, param_size_out, ¶m_size_out_bytes); 18142 if (rc != TPM_RC_SUCCESS) { 18143 return rc; 18144 } 18145 std::string k_bytes; 18146 rc = Parse_TPM2B_ECC_POINT(&buffer, k, &k_bytes); 18147 if (rc != TPM_RC_SUCCESS) { 18148 return rc; 18149 } 18150 std::string l_bytes; 18151 rc = Parse_TPM2B_ECC_POINT(&buffer, l, &l_bytes); 18152 if (rc != TPM_RC_SUCCESS) { 18153 return rc; 18154 } 18155 std::string e_bytes; 18156 rc = Parse_TPM2B_ECC_POINT(&buffer, e, &e_bytes); 18157 if (rc != TPM_RC_SUCCESS) { 18158 return rc; 18159 } 18160 std::string counter_bytes; 18161 rc = Parse_UINT16(&buffer, counter, &counter_bytes); 18162 if (rc != TPM_RC_SUCCESS) { 18163 return rc; 18164 } 18165 return TPM_RC_SUCCESS; 18166 } 18167 18168 void CommitErrorCallback(const Tpm::CommitResponse& callback, 18169 TPM_RC response_code) { 18170 VLOG(1) << __func__; 18171 callback.Run(response_code, UINT32(), TPM2B_ECC_POINT(), TPM2B_ECC_POINT(), 18172 TPM2B_ECC_POINT(), UINT16()); 18173 } 18174 18175 void CommitResponseParser(const Tpm::CommitResponse& callback, 18176 AuthorizationDelegate* authorization_delegate, 18177 const std::string& response) { 18178 VLOG(1) << __func__; 18179 base::Callback<void(TPM_RC)> error_reporter = 18180 base::Bind(CommitErrorCallback, callback); 18181 UINT32 param_size_out; 18182 TPM2B_ECC_POINT k; 18183 TPM2B_ECC_POINT l; 18184 TPM2B_ECC_POINT e; 18185 UINT16 counter; 18186 TPM_RC rc = Tpm::ParseResponse_Commit(response, ¶m_size_out, &k, &l, &e, 18187 &counter, authorization_delegate); 18188 if (rc != TPM_RC_SUCCESS) { 18189 error_reporter.Run(rc); 18190 return; 18191 } 18192 callback.Run(rc, param_size_out, k, l, e, counter); 18193 } 18194 18195 void Tpm::Commit(const TPMI_DH_OBJECT& sign_handle, 18196 const std::string& sign_handle_name, 18197 const UINT32& param_size, 18198 const TPM2B_ECC_POINT& p1, 18199 const TPM2B_SENSITIVE_DATA& s2, 18200 const TPM2B_ECC_PARAMETER& y2, 18201 AuthorizationDelegate* authorization_delegate, 18202 const CommitResponse& callback) { 18203 VLOG(1) << __func__; 18204 base::Callback<void(TPM_RC)> error_reporter = 18205 base::Bind(CommitErrorCallback, callback); 18206 base::Callback<void(const std::string&)> parser = 18207 base::Bind(CommitResponseParser, callback, authorization_delegate); 18208 std::string command; 18209 TPM_RC rc = 18210 SerializeCommand_Commit(sign_handle, sign_handle_name, param_size, p1, s2, 18211 y2, &command, authorization_delegate); 18212 if (rc != TPM_RC_SUCCESS) { 18213 error_reporter.Run(rc); 18214 return; 18215 } 18216 transceiver_->SendCommand(command, parser); 18217 } 18218 18219 TPM_RC Tpm::CommitSync(const TPMI_DH_OBJECT& sign_handle, 18220 const std::string& sign_handle_name, 18221 const UINT32& param_size, 18222 const TPM2B_ECC_POINT& p1, 18223 const TPM2B_SENSITIVE_DATA& s2, 18224 const TPM2B_ECC_PARAMETER& y2, 18225 UINT32* param_size_out, 18226 TPM2B_ECC_POINT* k, 18227 TPM2B_ECC_POINT* l, 18228 TPM2B_ECC_POINT* e, 18229 UINT16* counter, 18230 AuthorizationDelegate* authorization_delegate) { 18231 VLOG(1) << __func__; 18232 std::string command; 18233 TPM_RC rc = 18234 SerializeCommand_Commit(sign_handle, sign_handle_name, param_size, p1, s2, 18235 y2, &command, authorization_delegate); 18236 if (rc != TPM_RC_SUCCESS) { 18237 return rc; 18238 } 18239 std::string response = transceiver_->SendCommandAndWait(command); 18240 rc = ParseResponse_Commit(response, param_size_out, k, l, e, counter, 18241 authorization_delegate); 18242 return rc; 18243 } 18244 18245 TPM_RC Tpm::SerializeCommand_EC_Ephemeral( 18246 const UINT32& param_size, 18247 const TPMI_ECC_CURVE& curve_id, 18248 std::string* serialized_command, 18249 AuthorizationDelegate* authorization_delegate) { 18250 VLOG(3) << __func__; 18251 TPM_RC rc = TPM_RC_SUCCESS; 18252 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18253 UINT32 command_size = 10; // Header size. 18254 std::string handle_section_bytes; 18255 std::string parameter_section_bytes; 18256 TPM_CC command_code = TPM_CC_EC_Ephemeral; 18257 bool is_command_parameter_encryption_possible = false; 18258 bool is_response_parameter_encryption_possible = false; 18259 std::string command_code_bytes; 18260 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18261 if (rc != TPM_RC_SUCCESS) { 18262 return rc; 18263 } 18264 std::string param_size_bytes; 18265 rc = Serialize_UINT32(param_size, ¶m_size_bytes); 18266 if (rc != TPM_RC_SUCCESS) { 18267 return rc; 18268 } 18269 std::string curve_id_bytes; 18270 rc = Serialize_TPMI_ECC_CURVE(curve_id, &curve_id_bytes); 18271 if (rc != TPM_RC_SUCCESS) { 18272 return rc; 18273 } 18274 std::unique_ptr<crypto::SecureHash> hash( 18275 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18276 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18277 hash->Update(param_size_bytes.data(), param_size_bytes.size()); 18278 parameter_section_bytes += param_size_bytes; 18279 command_size += param_size_bytes.size(); 18280 hash->Update(curve_id_bytes.data(), curve_id_bytes.size()); 18281 parameter_section_bytes += curve_id_bytes; 18282 command_size += curve_id_bytes.size(); 18283 std::string command_hash(32, 0); 18284 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18285 std::string authorization_section_bytes; 18286 std::string authorization_size_bytes; 18287 if (authorization_delegate) { 18288 if (!authorization_delegate->GetCommandAuthorization( 18289 command_hash, is_command_parameter_encryption_possible, 18290 is_response_parameter_encryption_possible, 18291 &authorization_section_bytes)) { 18292 return TRUNKS_RC_AUTHORIZATION_FAILED; 18293 } 18294 if (!authorization_section_bytes.empty()) { 18295 tag = TPM_ST_SESSIONS; 18296 std::string tmp; 18297 rc = Serialize_UINT32(authorization_section_bytes.size(), 18298 &authorization_size_bytes); 18299 if (rc != TPM_RC_SUCCESS) { 18300 return rc; 18301 } 18302 command_size += 18303 authorization_size_bytes.size() + authorization_section_bytes.size(); 18304 } 18305 } 18306 std::string tag_bytes; 18307 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 18308 if (rc != TPM_RC_SUCCESS) { 18309 return rc; 18310 } 18311 std::string command_size_bytes; 18312 rc = Serialize_UINT32(command_size, &command_size_bytes); 18313 if (rc != TPM_RC_SUCCESS) { 18314 return rc; 18315 } 18316 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 18317 handle_section_bytes + authorization_size_bytes + 18318 authorization_section_bytes + parameter_section_bytes; 18319 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18320 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18321 serialized_command->size()); 18322 return TPM_RC_SUCCESS; 18323 } 18324 18325 TPM_RC Tpm::ParseResponse_EC_Ephemeral( 18326 const std::string& response, 18327 UINT32* param_size_out, 18328 TPM2B_ECC_POINT* q, 18329 UINT16* counter, 18330 AuthorizationDelegate* authorization_delegate) { 18331 VLOG(3) << __func__; 18332 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18333 TPM_RC rc = TPM_RC_SUCCESS; 18334 std::string buffer(response); 18335 TPM_ST tag; 18336 std::string tag_bytes; 18337 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 18338 if (rc != TPM_RC_SUCCESS) { 18339 return rc; 18340 } 18341 UINT32 response_size; 18342 std::string response_size_bytes; 18343 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 18344 if (rc != TPM_RC_SUCCESS) { 18345 return rc; 18346 } 18347 TPM_RC response_code; 18348 std::string response_code_bytes; 18349 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 18350 if (rc != TPM_RC_SUCCESS) { 18351 return rc; 18352 } 18353 if (response_size != response.size()) { 18354 return TPM_RC_SIZE; 18355 } 18356 if (response_code != TPM_RC_SUCCESS) { 18357 return response_code; 18358 } 18359 TPM_CC command_code = TPM_CC_EC_Ephemeral; 18360 std::string command_code_bytes; 18361 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18362 if (rc != TPM_RC_SUCCESS) { 18363 return rc; 18364 } 18365 std::string authorization_section_bytes; 18366 if (tag == TPM_ST_SESSIONS) { 18367 UINT32 parameter_section_size = buffer.size(); 18368 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18369 if (rc != TPM_RC_SUCCESS) { 18370 return rc; 18371 } 18372 if (parameter_section_size > buffer.size()) { 18373 return TPM_RC_INSUFFICIENT; 18374 } 18375 authorization_section_bytes = buffer.substr(parameter_section_size); 18376 // Keep the parameter section in |buffer|. 18377 buffer.erase(parameter_section_size); 18378 } 18379 std::unique_ptr<crypto::SecureHash> hash( 18380 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18381 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 18382 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18383 hash->Update(buffer.data(), buffer.size()); 18384 std::string response_hash(32, 0); 18385 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18386 if (tag == TPM_ST_SESSIONS) { 18387 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18388 if (!authorization_delegate->CheckResponseAuthorization( 18389 response_hash, authorization_section_bytes)) { 18390 return TRUNKS_RC_AUTHORIZATION_FAILED; 18391 } 18392 } 18393 std::string param_size_out_bytes; 18394 rc = Parse_UINT32(&buffer, param_size_out, ¶m_size_out_bytes); 18395 if (rc != TPM_RC_SUCCESS) { 18396 return rc; 18397 } 18398 std::string q_bytes; 18399 rc = Parse_TPM2B_ECC_POINT(&buffer, q, &q_bytes); 18400 if (rc != TPM_RC_SUCCESS) { 18401 return rc; 18402 } 18403 std::string counter_bytes; 18404 rc = Parse_UINT16(&buffer, counter, &counter_bytes); 18405 if (rc != TPM_RC_SUCCESS) { 18406 return rc; 18407 } 18408 return TPM_RC_SUCCESS; 18409 } 18410 18411 void EC_EphemeralErrorCallback(const Tpm::EC_EphemeralResponse& callback, 18412 TPM_RC response_code) { 18413 VLOG(1) << __func__; 18414 callback.Run(response_code, UINT32(), TPM2B_ECC_POINT(), UINT16()); 18415 } 18416 18417 void EC_EphemeralResponseParser(const Tpm::EC_EphemeralResponse& callback, 18418 AuthorizationDelegate* authorization_delegate, 18419 const std::string& response) { 18420 VLOG(1) << __func__; 18421 base::Callback<void(TPM_RC)> error_reporter = 18422 base::Bind(EC_EphemeralErrorCallback, callback); 18423 UINT32 param_size_out; 18424 TPM2B_ECC_POINT q; 18425 UINT16 counter; 18426 TPM_RC rc = Tpm::ParseResponse_EC_Ephemeral(response, ¶m_size_out, &q, 18427 &counter, authorization_delegate); 18428 if (rc != TPM_RC_SUCCESS) { 18429 error_reporter.Run(rc); 18430 return; 18431 } 18432 callback.Run(rc, param_size_out, q, counter); 18433 } 18434 18435 void Tpm::EC_Ephemeral(const UINT32& param_size, 18436 const TPMI_ECC_CURVE& curve_id, 18437 AuthorizationDelegate* authorization_delegate, 18438 const EC_EphemeralResponse& callback) { 18439 VLOG(1) << __func__; 18440 base::Callback<void(TPM_RC)> error_reporter = 18441 base::Bind(EC_EphemeralErrorCallback, callback); 18442 base::Callback<void(const std::string&)> parser = 18443 base::Bind(EC_EphemeralResponseParser, callback, authorization_delegate); 18444 std::string command; 18445 TPM_RC rc = SerializeCommand_EC_Ephemeral(param_size, curve_id, &command, 18446 authorization_delegate); 18447 if (rc != TPM_RC_SUCCESS) { 18448 error_reporter.Run(rc); 18449 return; 18450 } 18451 transceiver_->SendCommand(command, parser); 18452 } 18453 18454 TPM_RC Tpm::EC_EphemeralSync(const UINT32& param_size, 18455 const TPMI_ECC_CURVE& curve_id, 18456 UINT32* param_size_out, 18457 TPM2B_ECC_POINT* q, 18458 UINT16* counter, 18459 AuthorizationDelegate* authorization_delegate) { 18460 VLOG(1) << __func__; 18461 std::string command; 18462 TPM_RC rc = SerializeCommand_EC_Ephemeral(param_size, curve_id, &command, 18463 authorization_delegate); 18464 if (rc != TPM_RC_SUCCESS) { 18465 return rc; 18466 } 18467 std::string response = transceiver_->SendCommandAndWait(command); 18468 rc = ParseResponse_EC_Ephemeral(response, param_size_out, q, counter, 18469 authorization_delegate); 18470 return rc; 18471 } 18472 18473 TPM_RC Tpm::SerializeCommand_VerifySignature( 18474 const TPMI_DH_OBJECT& key_handle, 18475 const std::string& key_handle_name, 18476 const TPM2B_DIGEST& digest, 18477 const TPMT_SIGNATURE& signature, 18478 std::string* serialized_command, 18479 AuthorizationDelegate* authorization_delegate) { 18480 VLOG(3) << __func__; 18481 TPM_RC rc = TPM_RC_SUCCESS; 18482 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18483 UINT32 command_size = 10; // Header size. 18484 std::string handle_section_bytes; 18485 std::string parameter_section_bytes; 18486 TPM_CC command_code = TPM_CC_VerifySignature; 18487 bool is_command_parameter_encryption_possible = true; 18488 bool is_response_parameter_encryption_possible = false; 18489 std::string command_code_bytes; 18490 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18491 if (rc != TPM_RC_SUCCESS) { 18492 return rc; 18493 } 18494 std::string key_handle_bytes; 18495 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 18496 if (rc != TPM_RC_SUCCESS) { 18497 return rc; 18498 } 18499 std::string digest_bytes; 18500 rc = Serialize_TPM2B_DIGEST(digest, &digest_bytes); 18501 if (rc != TPM_RC_SUCCESS) { 18502 return rc; 18503 } 18504 std::string signature_bytes; 18505 rc = Serialize_TPMT_SIGNATURE(signature, &signature_bytes); 18506 if (rc != TPM_RC_SUCCESS) { 18507 return rc; 18508 } 18509 if (authorization_delegate) { 18510 // Encrypt just the parameter data, not the size. 18511 std::string tmp = digest_bytes.substr(2); 18512 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18513 return TRUNKS_RC_ENCRYPTION_FAILED; 18514 } 18515 digest_bytes.replace(2, std::string::npos, tmp); 18516 } 18517 std::unique_ptr<crypto::SecureHash> hash( 18518 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18519 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18520 hash->Update(key_handle_name.data(), key_handle_name.size()); 18521 handle_section_bytes += key_handle_bytes; 18522 command_size += key_handle_bytes.size(); 18523 hash->Update(digest_bytes.data(), digest_bytes.size()); 18524 parameter_section_bytes += digest_bytes; 18525 command_size += digest_bytes.size(); 18526 hash->Update(signature_bytes.data(), signature_bytes.size()); 18527 parameter_section_bytes += signature_bytes; 18528 command_size += signature_bytes.size(); 18529 std::string command_hash(32, 0); 18530 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18531 std::string authorization_section_bytes; 18532 std::string authorization_size_bytes; 18533 if (authorization_delegate) { 18534 if (!authorization_delegate->GetCommandAuthorization( 18535 command_hash, is_command_parameter_encryption_possible, 18536 is_response_parameter_encryption_possible, 18537 &authorization_section_bytes)) { 18538 return TRUNKS_RC_AUTHORIZATION_FAILED; 18539 } 18540 if (!authorization_section_bytes.empty()) { 18541 tag = TPM_ST_SESSIONS; 18542 std::string tmp; 18543 rc = Serialize_UINT32(authorization_section_bytes.size(), 18544 &authorization_size_bytes); 18545 if (rc != TPM_RC_SUCCESS) { 18546 return rc; 18547 } 18548 command_size += 18549 authorization_size_bytes.size() + authorization_section_bytes.size(); 18550 } 18551 } 18552 std::string tag_bytes; 18553 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 18554 if (rc != TPM_RC_SUCCESS) { 18555 return rc; 18556 } 18557 std::string command_size_bytes; 18558 rc = Serialize_UINT32(command_size, &command_size_bytes); 18559 if (rc != TPM_RC_SUCCESS) { 18560 return rc; 18561 } 18562 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 18563 handle_section_bytes + authorization_size_bytes + 18564 authorization_section_bytes + parameter_section_bytes; 18565 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18566 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18567 serialized_command->size()); 18568 return TPM_RC_SUCCESS; 18569 } 18570 18571 TPM_RC Tpm::ParseResponse_VerifySignature( 18572 const std::string& response, 18573 TPMT_TK_VERIFIED* validation, 18574 AuthorizationDelegate* authorization_delegate) { 18575 VLOG(3) << __func__; 18576 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18577 TPM_RC rc = TPM_RC_SUCCESS; 18578 std::string buffer(response); 18579 TPM_ST tag; 18580 std::string tag_bytes; 18581 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 18582 if (rc != TPM_RC_SUCCESS) { 18583 return rc; 18584 } 18585 UINT32 response_size; 18586 std::string response_size_bytes; 18587 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 18588 if (rc != TPM_RC_SUCCESS) { 18589 return rc; 18590 } 18591 TPM_RC response_code; 18592 std::string response_code_bytes; 18593 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 18594 if (rc != TPM_RC_SUCCESS) { 18595 return rc; 18596 } 18597 if (response_size != response.size()) { 18598 return TPM_RC_SIZE; 18599 } 18600 if (response_code != TPM_RC_SUCCESS) { 18601 return response_code; 18602 } 18603 TPM_CC command_code = TPM_CC_VerifySignature; 18604 std::string command_code_bytes; 18605 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18606 if (rc != TPM_RC_SUCCESS) { 18607 return rc; 18608 } 18609 std::string authorization_section_bytes; 18610 if (tag == TPM_ST_SESSIONS) { 18611 UINT32 parameter_section_size = buffer.size(); 18612 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18613 if (rc != TPM_RC_SUCCESS) { 18614 return rc; 18615 } 18616 if (parameter_section_size > buffer.size()) { 18617 return TPM_RC_INSUFFICIENT; 18618 } 18619 authorization_section_bytes = buffer.substr(parameter_section_size); 18620 // Keep the parameter section in |buffer|. 18621 buffer.erase(parameter_section_size); 18622 } 18623 std::unique_ptr<crypto::SecureHash> hash( 18624 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18625 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 18626 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18627 hash->Update(buffer.data(), buffer.size()); 18628 std::string response_hash(32, 0); 18629 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18630 if (tag == TPM_ST_SESSIONS) { 18631 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18632 if (!authorization_delegate->CheckResponseAuthorization( 18633 response_hash, authorization_section_bytes)) { 18634 return TRUNKS_RC_AUTHORIZATION_FAILED; 18635 } 18636 } 18637 std::string validation_bytes; 18638 rc = Parse_TPMT_TK_VERIFIED(&buffer, validation, &validation_bytes); 18639 if (rc != TPM_RC_SUCCESS) { 18640 return rc; 18641 } 18642 return TPM_RC_SUCCESS; 18643 } 18644 18645 void VerifySignatureErrorCallback(const Tpm::VerifySignatureResponse& callback, 18646 TPM_RC response_code) { 18647 VLOG(1) << __func__; 18648 callback.Run(response_code, TPMT_TK_VERIFIED()); 18649 } 18650 18651 void VerifySignatureResponseParser( 18652 const Tpm::VerifySignatureResponse& callback, 18653 AuthorizationDelegate* authorization_delegate, 18654 const std::string& response) { 18655 VLOG(1) << __func__; 18656 base::Callback<void(TPM_RC)> error_reporter = 18657 base::Bind(VerifySignatureErrorCallback, callback); 18658 TPMT_TK_VERIFIED validation; 18659 TPM_RC rc = Tpm::ParseResponse_VerifySignature(response, &validation, 18660 authorization_delegate); 18661 if (rc != TPM_RC_SUCCESS) { 18662 error_reporter.Run(rc); 18663 return; 18664 } 18665 callback.Run(rc, validation); 18666 } 18667 18668 void Tpm::VerifySignature(const TPMI_DH_OBJECT& key_handle, 18669 const std::string& key_handle_name, 18670 const TPM2B_DIGEST& digest, 18671 const TPMT_SIGNATURE& signature, 18672 AuthorizationDelegate* authorization_delegate, 18673 const VerifySignatureResponse& callback) { 18674 VLOG(1) << __func__; 18675 base::Callback<void(TPM_RC)> error_reporter = 18676 base::Bind(VerifySignatureErrorCallback, callback); 18677 base::Callback<void(const std::string&)> parser = base::Bind( 18678 VerifySignatureResponseParser, callback, authorization_delegate); 18679 std::string command; 18680 TPM_RC rc = SerializeCommand_VerifySignature(key_handle, key_handle_name, 18681 digest, signature, &command, 18682 authorization_delegate); 18683 if (rc != TPM_RC_SUCCESS) { 18684 error_reporter.Run(rc); 18685 return; 18686 } 18687 transceiver_->SendCommand(command, parser); 18688 } 18689 18690 TPM_RC Tpm::VerifySignatureSync(const TPMI_DH_OBJECT& key_handle, 18691 const std::string& key_handle_name, 18692 const TPM2B_DIGEST& digest, 18693 const TPMT_SIGNATURE& signature, 18694 TPMT_TK_VERIFIED* validation, 18695 AuthorizationDelegate* authorization_delegate) { 18696 VLOG(1) << __func__; 18697 std::string command; 18698 TPM_RC rc = SerializeCommand_VerifySignature(key_handle, key_handle_name, 18699 digest, signature, &command, 18700 authorization_delegate); 18701 if (rc != TPM_RC_SUCCESS) { 18702 return rc; 18703 } 18704 std::string response = transceiver_->SendCommandAndWait(command); 18705 rc = ParseResponse_VerifySignature(response, validation, 18706 authorization_delegate); 18707 return rc; 18708 } 18709 18710 TPM_RC Tpm::SerializeCommand_Sign( 18711 const TPMI_DH_OBJECT& key_handle, 18712 const std::string& key_handle_name, 18713 const TPM2B_DIGEST& digest, 18714 const TPMT_SIG_SCHEME& in_scheme, 18715 const TPMT_TK_HASHCHECK& validation, 18716 std::string* serialized_command, 18717 AuthorizationDelegate* authorization_delegate) { 18718 VLOG(3) << __func__; 18719 TPM_RC rc = TPM_RC_SUCCESS; 18720 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18721 UINT32 command_size = 10; // Header size. 18722 std::string handle_section_bytes; 18723 std::string parameter_section_bytes; 18724 TPM_CC command_code = TPM_CC_Sign; 18725 bool is_command_parameter_encryption_possible = true; 18726 bool is_response_parameter_encryption_possible = false; 18727 std::string command_code_bytes; 18728 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18729 if (rc != TPM_RC_SUCCESS) { 18730 return rc; 18731 } 18732 std::string key_handle_bytes; 18733 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 18734 if (rc != TPM_RC_SUCCESS) { 18735 return rc; 18736 } 18737 std::string digest_bytes; 18738 rc = Serialize_TPM2B_DIGEST(digest, &digest_bytes); 18739 if (rc != TPM_RC_SUCCESS) { 18740 return rc; 18741 } 18742 std::string in_scheme_bytes; 18743 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 18744 if (rc != TPM_RC_SUCCESS) { 18745 return rc; 18746 } 18747 std::string validation_bytes; 18748 rc = Serialize_TPMT_TK_HASHCHECK(validation, &validation_bytes); 18749 if (rc != TPM_RC_SUCCESS) { 18750 return rc; 18751 } 18752 if (authorization_delegate) { 18753 // Encrypt just the parameter data, not the size. 18754 std::string tmp = digest_bytes.substr(2); 18755 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18756 return TRUNKS_RC_ENCRYPTION_FAILED; 18757 } 18758 digest_bytes.replace(2, std::string::npos, tmp); 18759 } 18760 std::unique_ptr<crypto::SecureHash> hash( 18761 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18762 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18763 hash->Update(key_handle_name.data(), key_handle_name.size()); 18764 handle_section_bytes += key_handle_bytes; 18765 command_size += key_handle_bytes.size(); 18766 hash->Update(digest_bytes.data(), digest_bytes.size()); 18767 parameter_section_bytes += digest_bytes; 18768 command_size += digest_bytes.size(); 18769 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 18770 parameter_section_bytes += in_scheme_bytes; 18771 command_size += in_scheme_bytes.size(); 18772 hash->Update(validation_bytes.data(), validation_bytes.size()); 18773 parameter_section_bytes += validation_bytes; 18774 command_size += validation_bytes.size(); 18775 std::string command_hash(32, 0); 18776 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18777 std::string authorization_section_bytes; 18778 std::string authorization_size_bytes; 18779 if (authorization_delegate) { 18780 if (!authorization_delegate->GetCommandAuthorization( 18781 command_hash, is_command_parameter_encryption_possible, 18782 is_response_parameter_encryption_possible, 18783 &authorization_section_bytes)) { 18784 return TRUNKS_RC_AUTHORIZATION_FAILED; 18785 } 18786 if (!authorization_section_bytes.empty()) { 18787 tag = TPM_ST_SESSIONS; 18788 std::string tmp; 18789 rc = Serialize_UINT32(authorization_section_bytes.size(), 18790 &authorization_size_bytes); 18791 if (rc != TPM_RC_SUCCESS) { 18792 return rc; 18793 } 18794 command_size += 18795 authorization_size_bytes.size() + authorization_section_bytes.size(); 18796 } 18797 } 18798 std::string tag_bytes; 18799 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 18800 if (rc != TPM_RC_SUCCESS) { 18801 return rc; 18802 } 18803 std::string command_size_bytes; 18804 rc = Serialize_UINT32(command_size, &command_size_bytes); 18805 if (rc != TPM_RC_SUCCESS) { 18806 return rc; 18807 } 18808 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 18809 handle_section_bytes + authorization_size_bytes + 18810 authorization_section_bytes + parameter_section_bytes; 18811 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18812 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18813 serialized_command->size()); 18814 return TPM_RC_SUCCESS; 18815 } 18816 18817 TPM_RC Tpm::ParseResponse_Sign(const std::string& response, 18818 TPMT_SIGNATURE* signature, 18819 AuthorizationDelegate* authorization_delegate) { 18820 VLOG(3) << __func__; 18821 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18822 TPM_RC rc = TPM_RC_SUCCESS; 18823 std::string buffer(response); 18824 TPM_ST tag; 18825 std::string tag_bytes; 18826 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 18827 if (rc != TPM_RC_SUCCESS) { 18828 return rc; 18829 } 18830 UINT32 response_size; 18831 std::string response_size_bytes; 18832 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 18833 if (rc != TPM_RC_SUCCESS) { 18834 return rc; 18835 } 18836 TPM_RC response_code; 18837 std::string response_code_bytes; 18838 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 18839 if (rc != TPM_RC_SUCCESS) { 18840 return rc; 18841 } 18842 if (response_size != response.size()) { 18843 return TPM_RC_SIZE; 18844 } 18845 if (response_code != TPM_RC_SUCCESS) { 18846 return response_code; 18847 } 18848 TPM_CC command_code = TPM_CC_Sign; 18849 std::string command_code_bytes; 18850 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18851 if (rc != TPM_RC_SUCCESS) { 18852 return rc; 18853 } 18854 std::string authorization_section_bytes; 18855 if (tag == TPM_ST_SESSIONS) { 18856 UINT32 parameter_section_size = buffer.size(); 18857 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18858 if (rc != TPM_RC_SUCCESS) { 18859 return rc; 18860 } 18861 if (parameter_section_size > buffer.size()) { 18862 return TPM_RC_INSUFFICIENT; 18863 } 18864 authorization_section_bytes = buffer.substr(parameter_section_size); 18865 // Keep the parameter section in |buffer|. 18866 buffer.erase(parameter_section_size); 18867 } 18868 std::unique_ptr<crypto::SecureHash> hash( 18869 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18870 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 18871 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 18872 hash->Update(buffer.data(), buffer.size()); 18873 std::string response_hash(32, 0); 18874 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18875 if (tag == TPM_ST_SESSIONS) { 18876 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18877 if (!authorization_delegate->CheckResponseAuthorization( 18878 response_hash, authorization_section_bytes)) { 18879 return TRUNKS_RC_AUTHORIZATION_FAILED; 18880 } 18881 } 18882 std::string signature_bytes; 18883 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 18884 if (rc != TPM_RC_SUCCESS) { 18885 return rc; 18886 } 18887 return TPM_RC_SUCCESS; 18888 } 18889 18890 void SignErrorCallback(const Tpm::SignResponse& callback, 18891 TPM_RC response_code) { 18892 VLOG(1) << __func__; 18893 callback.Run(response_code, TPMT_SIGNATURE()); 18894 } 18895 18896 void SignResponseParser(const Tpm::SignResponse& callback, 18897 AuthorizationDelegate* authorization_delegate, 18898 const std::string& response) { 18899 VLOG(1) << __func__; 18900 base::Callback<void(TPM_RC)> error_reporter = 18901 base::Bind(SignErrorCallback, callback); 18902 TPMT_SIGNATURE signature; 18903 TPM_RC rc = 18904 Tpm::ParseResponse_Sign(response, &signature, authorization_delegate); 18905 if (rc != TPM_RC_SUCCESS) { 18906 error_reporter.Run(rc); 18907 return; 18908 } 18909 callback.Run(rc, signature); 18910 } 18911 18912 void Tpm::Sign(const TPMI_DH_OBJECT& key_handle, 18913 const std::string& key_handle_name, 18914 const TPM2B_DIGEST& digest, 18915 const TPMT_SIG_SCHEME& in_scheme, 18916 const TPMT_TK_HASHCHECK& validation, 18917 AuthorizationDelegate* authorization_delegate, 18918 const SignResponse& callback) { 18919 VLOG(1) << __func__; 18920 base::Callback<void(TPM_RC)> error_reporter = 18921 base::Bind(SignErrorCallback, callback); 18922 base::Callback<void(const std::string&)> parser = 18923 base::Bind(SignResponseParser, callback, authorization_delegate); 18924 std::string command; 18925 TPM_RC rc = 18926 SerializeCommand_Sign(key_handle, key_handle_name, digest, in_scheme, 18927 validation, &command, authorization_delegate); 18928 if (rc != TPM_RC_SUCCESS) { 18929 error_reporter.Run(rc); 18930 return; 18931 } 18932 transceiver_->SendCommand(command, parser); 18933 } 18934 18935 TPM_RC Tpm::SignSync(const TPMI_DH_OBJECT& key_handle, 18936 const std::string& key_handle_name, 18937 const TPM2B_DIGEST& digest, 18938 const TPMT_SIG_SCHEME& in_scheme, 18939 const TPMT_TK_HASHCHECK& validation, 18940 TPMT_SIGNATURE* signature, 18941 AuthorizationDelegate* authorization_delegate) { 18942 VLOG(1) << __func__; 18943 std::string command; 18944 TPM_RC rc = 18945 SerializeCommand_Sign(key_handle, key_handle_name, digest, in_scheme, 18946 validation, &command, authorization_delegate); 18947 if (rc != TPM_RC_SUCCESS) { 18948 return rc; 18949 } 18950 std::string response = transceiver_->SendCommandAndWait(command); 18951 rc = ParseResponse_Sign(response, signature, authorization_delegate); 18952 return rc; 18953 } 18954 18955 TPM_RC Tpm::SerializeCommand_SetCommandCodeAuditStatus( 18956 const TPMI_RH_PROVISION& auth, 18957 const std::string& auth_name, 18958 const TPMI_ALG_HASH& audit_alg, 18959 const TPML_CC& set_list, 18960 const TPML_CC& clear_list, 18961 std::string* serialized_command, 18962 AuthorizationDelegate* authorization_delegate) { 18963 VLOG(3) << __func__; 18964 TPM_RC rc = TPM_RC_SUCCESS; 18965 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18966 UINT32 command_size = 10; // Header size. 18967 std::string handle_section_bytes; 18968 std::string parameter_section_bytes; 18969 TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus; 18970 bool is_command_parameter_encryption_possible = false; 18971 bool is_response_parameter_encryption_possible = false; 18972 std::string command_code_bytes; 18973 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 18974 if (rc != TPM_RC_SUCCESS) { 18975 return rc; 18976 } 18977 std::string auth_bytes; 18978 rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes); 18979 if (rc != TPM_RC_SUCCESS) { 18980 return rc; 18981 } 18982 std::string audit_alg_bytes; 18983 rc = Serialize_TPMI_ALG_HASH(audit_alg, &audit_alg_bytes); 18984 if (rc != TPM_RC_SUCCESS) { 18985 return rc; 18986 } 18987 std::string set_list_bytes; 18988 rc = Serialize_TPML_CC(set_list, &set_list_bytes); 18989 if (rc != TPM_RC_SUCCESS) { 18990 return rc; 18991 } 18992 std::string clear_list_bytes; 18993 rc = Serialize_TPML_CC(clear_list, &clear_list_bytes); 18994 if (rc != TPM_RC_SUCCESS) { 18995 return rc; 18996 } 18997 std::unique_ptr<crypto::SecureHash> hash( 18998 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 18999 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19000 hash->Update(auth_name.data(), auth_name.size()); 19001 handle_section_bytes += auth_bytes; 19002 command_size += auth_bytes.size(); 19003 hash->Update(audit_alg_bytes.data(), audit_alg_bytes.size()); 19004 parameter_section_bytes += audit_alg_bytes; 19005 command_size += audit_alg_bytes.size(); 19006 hash->Update(set_list_bytes.data(), set_list_bytes.size()); 19007 parameter_section_bytes += set_list_bytes; 19008 command_size += set_list_bytes.size(); 19009 hash->Update(clear_list_bytes.data(), clear_list_bytes.size()); 19010 parameter_section_bytes += clear_list_bytes; 19011 command_size += clear_list_bytes.size(); 19012 std::string command_hash(32, 0); 19013 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19014 std::string authorization_section_bytes; 19015 std::string authorization_size_bytes; 19016 if (authorization_delegate) { 19017 if (!authorization_delegate->GetCommandAuthorization( 19018 command_hash, is_command_parameter_encryption_possible, 19019 is_response_parameter_encryption_possible, 19020 &authorization_section_bytes)) { 19021 return TRUNKS_RC_AUTHORIZATION_FAILED; 19022 } 19023 if (!authorization_section_bytes.empty()) { 19024 tag = TPM_ST_SESSIONS; 19025 std::string tmp; 19026 rc = Serialize_UINT32(authorization_section_bytes.size(), 19027 &authorization_size_bytes); 19028 if (rc != TPM_RC_SUCCESS) { 19029 return rc; 19030 } 19031 command_size += 19032 authorization_size_bytes.size() + authorization_section_bytes.size(); 19033 } 19034 } 19035 std::string tag_bytes; 19036 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 19037 if (rc != TPM_RC_SUCCESS) { 19038 return rc; 19039 } 19040 std::string command_size_bytes; 19041 rc = Serialize_UINT32(command_size, &command_size_bytes); 19042 if (rc != TPM_RC_SUCCESS) { 19043 return rc; 19044 } 19045 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 19046 handle_section_bytes + authorization_size_bytes + 19047 authorization_section_bytes + parameter_section_bytes; 19048 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19049 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19050 serialized_command->size()); 19051 return TPM_RC_SUCCESS; 19052 } 19053 19054 TPM_RC Tpm::ParseResponse_SetCommandCodeAuditStatus( 19055 const std::string& response, 19056 AuthorizationDelegate* authorization_delegate) { 19057 VLOG(3) << __func__; 19058 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19059 TPM_RC rc = TPM_RC_SUCCESS; 19060 std::string buffer(response); 19061 TPM_ST tag; 19062 std::string tag_bytes; 19063 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 19064 if (rc != TPM_RC_SUCCESS) { 19065 return rc; 19066 } 19067 UINT32 response_size; 19068 std::string response_size_bytes; 19069 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 19070 if (rc != TPM_RC_SUCCESS) { 19071 return rc; 19072 } 19073 TPM_RC response_code; 19074 std::string response_code_bytes; 19075 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 19076 if (rc != TPM_RC_SUCCESS) { 19077 return rc; 19078 } 19079 if (response_size != response.size()) { 19080 return TPM_RC_SIZE; 19081 } 19082 if (response_code != TPM_RC_SUCCESS) { 19083 return response_code; 19084 } 19085 TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus; 19086 std::string command_code_bytes; 19087 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19088 if (rc != TPM_RC_SUCCESS) { 19089 return rc; 19090 } 19091 std::string authorization_section_bytes; 19092 if (tag == TPM_ST_SESSIONS) { 19093 UINT32 parameter_section_size = buffer.size(); 19094 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19095 if (rc != TPM_RC_SUCCESS) { 19096 return rc; 19097 } 19098 if (parameter_section_size > buffer.size()) { 19099 return TPM_RC_INSUFFICIENT; 19100 } 19101 authorization_section_bytes = buffer.substr(parameter_section_size); 19102 // Keep the parameter section in |buffer|. 19103 buffer.erase(parameter_section_size); 19104 } 19105 std::unique_ptr<crypto::SecureHash> hash( 19106 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19107 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 19108 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19109 hash->Update(buffer.data(), buffer.size()); 19110 std::string response_hash(32, 0); 19111 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19112 if (tag == TPM_ST_SESSIONS) { 19113 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19114 if (!authorization_delegate->CheckResponseAuthorization( 19115 response_hash, authorization_section_bytes)) { 19116 return TRUNKS_RC_AUTHORIZATION_FAILED; 19117 } 19118 } 19119 return TPM_RC_SUCCESS; 19120 } 19121 19122 void SetCommandCodeAuditStatusErrorCallback( 19123 const Tpm::SetCommandCodeAuditStatusResponse& callback, 19124 TPM_RC response_code) { 19125 VLOG(1) << __func__; 19126 callback.Run(response_code); 19127 } 19128 19129 void SetCommandCodeAuditStatusResponseParser( 19130 const Tpm::SetCommandCodeAuditStatusResponse& callback, 19131 AuthorizationDelegate* authorization_delegate, 19132 const std::string& response) { 19133 VLOG(1) << __func__; 19134 base::Callback<void(TPM_RC)> error_reporter = 19135 base::Bind(SetCommandCodeAuditStatusErrorCallback, callback); 19136 TPM_RC rc = Tpm::ParseResponse_SetCommandCodeAuditStatus( 19137 response, authorization_delegate); 19138 if (rc != TPM_RC_SUCCESS) { 19139 error_reporter.Run(rc); 19140 return; 19141 } 19142 callback.Run(rc); 19143 } 19144 19145 void Tpm::SetCommandCodeAuditStatus( 19146 const TPMI_RH_PROVISION& auth, 19147 const std::string& auth_name, 19148 const TPMI_ALG_HASH& audit_alg, 19149 const TPML_CC& set_list, 19150 const TPML_CC& clear_list, 19151 AuthorizationDelegate* authorization_delegate, 19152 const SetCommandCodeAuditStatusResponse& callback) { 19153 VLOG(1) << __func__; 19154 base::Callback<void(TPM_RC)> error_reporter = 19155 base::Bind(SetCommandCodeAuditStatusErrorCallback, callback); 19156 base::Callback<void(const std::string&)> parser = 19157 base::Bind(SetCommandCodeAuditStatusResponseParser, callback, 19158 authorization_delegate); 19159 std::string command; 19160 TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus( 19161 auth, auth_name, audit_alg, set_list, clear_list, &command, 19162 authorization_delegate); 19163 if (rc != TPM_RC_SUCCESS) { 19164 error_reporter.Run(rc); 19165 return; 19166 } 19167 transceiver_->SendCommand(command, parser); 19168 } 19169 19170 TPM_RC Tpm::SetCommandCodeAuditStatusSync( 19171 const TPMI_RH_PROVISION& auth, 19172 const std::string& auth_name, 19173 const TPMI_ALG_HASH& audit_alg, 19174 const TPML_CC& set_list, 19175 const TPML_CC& clear_list, 19176 AuthorizationDelegate* authorization_delegate) { 19177 VLOG(1) << __func__; 19178 std::string command; 19179 TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus( 19180 auth, auth_name, audit_alg, set_list, clear_list, &command, 19181 authorization_delegate); 19182 if (rc != TPM_RC_SUCCESS) { 19183 return rc; 19184 } 19185 std::string response = transceiver_->SendCommandAndWait(command); 19186 rc = 19187 ParseResponse_SetCommandCodeAuditStatus(response, authorization_delegate); 19188 return rc; 19189 } 19190 19191 TPM_RC Tpm::SerializeCommand_PCR_Extend( 19192 const TPMI_DH_PCR& pcr_handle, 19193 const std::string& pcr_handle_name, 19194 const TPML_DIGEST_VALUES& digests, 19195 std::string* serialized_command, 19196 AuthorizationDelegate* authorization_delegate) { 19197 VLOG(3) << __func__; 19198 TPM_RC rc = TPM_RC_SUCCESS; 19199 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19200 UINT32 command_size = 10; // Header size. 19201 std::string handle_section_bytes; 19202 std::string parameter_section_bytes; 19203 TPM_CC command_code = TPM_CC_PCR_Extend; 19204 bool is_command_parameter_encryption_possible = false; 19205 bool is_response_parameter_encryption_possible = false; 19206 std::string command_code_bytes; 19207 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19208 if (rc != TPM_RC_SUCCESS) { 19209 return rc; 19210 } 19211 std::string pcr_handle_bytes; 19212 rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes); 19213 if (rc != TPM_RC_SUCCESS) { 19214 return rc; 19215 } 19216 std::string digests_bytes; 19217 rc = Serialize_TPML_DIGEST_VALUES(digests, &digests_bytes); 19218 if (rc != TPM_RC_SUCCESS) { 19219 return rc; 19220 } 19221 std::unique_ptr<crypto::SecureHash> hash( 19222 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19223 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19224 hash->Update(pcr_handle_name.data(), pcr_handle_name.size()); 19225 handle_section_bytes += pcr_handle_bytes; 19226 command_size += pcr_handle_bytes.size(); 19227 hash->Update(digests_bytes.data(), digests_bytes.size()); 19228 parameter_section_bytes += digests_bytes; 19229 command_size += digests_bytes.size(); 19230 std::string command_hash(32, 0); 19231 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19232 std::string authorization_section_bytes; 19233 std::string authorization_size_bytes; 19234 if (authorization_delegate) { 19235 if (!authorization_delegate->GetCommandAuthorization( 19236 command_hash, is_command_parameter_encryption_possible, 19237 is_response_parameter_encryption_possible, 19238 &authorization_section_bytes)) { 19239 return TRUNKS_RC_AUTHORIZATION_FAILED; 19240 } 19241 if (!authorization_section_bytes.empty()) { 19242 tag = TPM_ST_SESSIONS; 19243 std::string tmp; 19244 rc = Serialize_UINT32(authorization_section_bytes.size(), 19245 &authorization_size_bytes); 19246 if (rc != TPM_RC_SUCCESS) { 19247 return rc; 19248 } 19249 command_size += 19250 authorization_size_bytes.size() + authorization_section_bytes.size(); 19251 } 19252 } 19253 std::string tag_bytes; 19254 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 19255 if (rc != TPM_RC_SUCCESS) { 19256 return rc; 19257 } 19258 std::string command_size_bytes; 19259 rc = Serialize_UINT32(command_size, &command_size_bytes); 19260 if (rc != TPM_RC_SUCCESS) { 19261 return rc; 19262 } 19263 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 19264 handle_section_bytes + authorization_size_bytes + 19265 authorization_section_bytes + parameter_section_bytes; 19266 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19267 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19268 serialized_command->size()); 19269 return TPM_RC_SUCCESS; 19270 } 19271 19272 TPM_RC Tpm::ParseResponse_PCR_Extend( 19273 const std::string& response, 19274 AuthorizationDelegate* authorization_delegate) { 19275 VLOG(3) << __func__; 19276 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19277 TPM_RC rc = TPM_RC_SUCCESS; 19278 std::string buffer(response); 19279 TPM_ST tag; 19280 std::string tag_bytes; 19281 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 19282 if (rc != TPM_RC_SUCCESS) { 19283 return rc; 19284 } 19285 UINT32 response_size; 19286 std::string response_size_bytes; 19287 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 19288 if (rc != TPM_RC_SUCCESS) { 19289 return rc; 19290 } 19291 TPM_RC response_code; 19292 std::string response_code_bytes; 19293 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 19294 if (rc != TPM_RC_SUCCESS) { 19295 return rc; 19296 } 19297 if (response_size != response.size()) { 19298 return TPM_RC_SIZE; 19299 } 19300 if (response_code != TPM_RC_SUCCESS) { 19301 return response_code; 19302 } 19303 TPM_CC command_code = TPM_CC_PCR_Extend; 19304 std::string command_code_bytes; 19305 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19306 if (rc != TPM_RC_SUCCESS) { 19307 return rc; 19308 } 19309 std::string authorization_section_bytes; 19310 if (tag == TPM_ST_SESSIONS) { 19311 UINT32 parameter_section_size = buffer.size(); 19312 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19313 if (rc != TPM_RC_SUCCESS) { 19314 return rc; 19315 } 19316 if (parameter_section_size > buffer.size()) { 19317 return TPM_RC_INSUFFICIENT; 19318 } 19319 authorization_section_bytes = buffer.substr(parameter_section_size); 19320 // Keep the parameter section in |buffer|. 19321 buffer.erase(parameter_section_size); 19322 } 19323 std::unique_ptr<crypto::SecureHash> hash( 19324 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19325 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 19326 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19327 hash->Update(buffer.data(), buffer.size()); 19328 std::string response_hash(32, 0); 19329 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19330 if (tag == TPM_ST_SESSIONS) { 19331 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19332 if (!authorization_delegate->CheckResponseAuthorization( 19333 response_hash, authorization_section_bytes)) { 19334 return TRUNKS_RC_AUTHORIZATION_FAILED; 19335 } 19336 } 19337 return TPM_RC_SUCCESS; 19338 } 19339 19340 void PCR_ExtendErrorCallback(const Tpm::PCR_ExtendResponse& callback, 19341 TPM_RC response_code) { 19342 VLOG(1) << __func__; 19343 callback.Run(response_code); 19344 } 19345 19346 void PCR_ExtendResponseParser(const Tpm::PCR_ExtendResponse& callback, 19347 AuthorizationDelegate* authorization_delegate, 19348 const std::string& response) { 19349 VLOG(1) << __func__; 19350 base::Callback<void(TPM_RC)> error_reporter = 19351 base::Bind(PCR_ExtendErrorCallback, callback); 19352 TPM_RC rc = Tpm::ParseResponse_PCR_Extend(response, authorization_delegate); 19353 if (rc != TPM_RC_SUCCESS) { 19354 error_reporter.Run(rc); 19355 return; 19356 } 19357 callback.Run(rc); 19358 } 19359 19360 void Tpm::PCR_Extend(const TPMI_DH_PCR& pcr_handle, 19361 const std::string& pcr_handle_name, 19362 const TPML_DIGEST_VALUES& digests, 19363 AuthorizationDelegate* authorization_delegate, 19364 const PCR_ExtendResponse& callback) { 19365 VLOG(1) << __func__; 19366 base::Callback<void(TPM_RC)> error_reporter = 19367 base::Bind(PCR_ExtendErrorCallback, callback); 19368 base::Callback<void(const std::string&)> parser = 19369 base::Bind(PCR_ExtendResponseParser, callback, authorization_delegate); 19370 std::string command; 19371 TPM_RC rc = SerializeCommand_PCR_Extend(pcr_handle, pcr_handle_name, digests, 19372 &command, authorization_delegate); 19373 if (rc != TPM_RC_SUCCESS) { 19374 error_reporter.Run(rc); 19375 return; 19376 } 19377 transceiver_->SendCommand(command, parser); 19378 } 19379 19380 TPM_RC Tpm::PCR_ExtendSync(const TPMI_DH_PCR& pcr_handle, 19381 const std::string& pcr_handle_name, 19382 const TPML_DIGEST_VALUES& digests, 19383 AuthorizationDelegate* authorization_delegate) { 19384 VLOG(1) << __func__; 19385 std::string command; 19386 TPM_RC rc = SerializeCommand_PCR_Extend(pcr_handle, pcr_handle_name, digests, 19387 &command, authorization_delegate); 19388 if (rc != TPM_RC_SUCCESS) { 19389 return rc; 19390 } 19391 std::string response = transceiver_->SendCommandAndWait(command); 19392 rc = ParseResponse_PCR_Extend(response, authorization_delegate); 19393 return rc; 19394 } 19395 19396 TPM_RC Tpm::SerializeCommand_PCR_Event( 19397 const TPMI_DH_PCR& pcr_handle, 19398 const std::string& pcr_handle_name, 19399 const TPM2B_EVENT& event_data, 19400 std::string* serialized_command, 19401 AuthorizationDelegate* authorization_delegate) { 19402 VLOG(3) << __func__; 19403 TPM_RC rc = TPM_RC_SUCCESS; 19404 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19405 UINT32 command_size = 10; // Header size. 19406 std::string handle_section_bytes; 19407 std::string parameter_section_bytes; 19408 TPM_CC command_code = TPM_CC_PCR_Event; 19409 bool is_command_parameter_encryption_possible = true; 19410 bool is_response_parameter_encryption_possible = false; 19411 std::string command_code_bytes; 19412 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19413 if (rc != TPM_RC_SUCCESS) { 19414 return rc; 19415 } 19416 std::string pcr_handle_bytes; 19417 rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes); 19418 if (rc != TPM_RC_SUCCESS) { 19419 return rc; 19420 } 19421 std::string event_data_bytes; 19422 rc = Serialize_TPM2B_EVENT(event_data, &event_data_bytes); 19423 if (rc != TPM_RC_SUCCESS) { 19424 return rc; 19425 } 19426 if (authorization_delegate) { 19427 // Encrypt just the parameter data, not the size. 19428 std::string tmp = event_data_bytes.substr(2); 19429 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 19430 return TRUNKS_RC_ENCRYPTION_FAILED; 19431 } 19432 event_data_bytes.replace(2, std::string::npos, tmp); 19433 } 19434 std::unique_ptr<crypto::SecureHash> hash( 19435 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19436 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19437 hash->Update(pcr_handle_name.data(), pcr_handle_name.size()); 19438 handle_section_bytes += pcr_handle_bytes; 19439 command_size += pcr_handle_bytes.size(); 19440 hash->Update(event_data_bytes.data(), event_data_bytes.size()); 19441 parameter_section_bytes += event_data_bytes; 19442 command_size += event_data_bytes.size(); 19443 std::string command_hash(32, 0); 19444 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19445 std::string authorization_section_bytes; 19446 std::string authorization_size_bytes; 19447 if (authorization_delegate) { 19448 if (!authorization_delegate->GetCommandAuthorization( 19449 command_hash, is_command_parameter_encryption_possible, 19450 is_response_parameter_encryption_possible, 19451 &authorization_section_bytes)) { 19452 return TRUNKS_RC_AUTHORIZATION_FAILED; 19453 } 19454 if (!authorization_section_bytes.empty()) { 19455 tag = TPM_ST_SESSIONS; 19456 std::string tmp; 19457 rc = Serialize_UINT32(authorization_section_bytes.size(), 19458 &authorization_size_bytes); 19459 if (rc != TPM_RC_SUCCESS) { 19460 return rc; 19461 } 19462 command_size += 19463 authorization_size_bytes.size() + authorization_section_bytes.size(); 19464 } 19465 } 19466 std::string tag_bytes; 19467 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 19468 if (rc != TPM_RC_SUCCESS) { 19469 return rc; 19470 } 19471 std::string command_size_bytes; 19472 rc = Serialize_UINT32(command_size, &command_size_bytes); 19473 if (rc != TPM_RC_SUCCESS) { 19474 return rc; 19475 } 19476 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 19477 handle_section_bytes + authorization_size_bytes + 19478 authorization_section_bytes + parameter_section_bytes; 19479 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19480 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19481 serialized_command->size()); 19482 return TPM_RC_SUCCESS; 19483 } 19484 19485 TPM_RC Tpm::ParseResponse_PCR_Event( 19486 const std::string& response, 19487 TPML_DIGEST_VALUES* digests, 19488 AuthorizationDelegate* authorization_delegate) { 19489 VLOG(3) << __func__; 19490 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19491 TPM_RC rc = TPM_RC_SUCCESS; 19492 std::string buffer(response); 19493 TPM_ST tag; 19494 std::string tag_bytes; 19495 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 19496 if (rc != TPM_RC_SUCCESS) { 19497 return rc; 19498 } 19499 UINT32 response_size; 19500 std::string response_size_bytes; 19501 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 19502 if (rc != TPM_RC_SUCCESS) { 19503 return rc; 19504 } 19505 TPM_RC response_code; 19506 std::string response_code_bytes; 19507 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 19508 if (rc != TPM_RC_SUCCESS) { 19509 return rc; 19510 } 19511 if (response_size != response.size()) { 19512 return TPM_RC_SIZE; 19513 } 19514 if (response_code != TPM_RC_SUCCESS) { 19515 return response_code; 19516 } 19517 TPM_CC command_code = TPM_CC_PCR_Event; 19518 std::string command_code_bytes; 19519 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19520 if (rc != TPM_RC_SUCCESS) { 19521 return rc; 19522 } 19523 std::string authorization_section_bytes; 19524 if (tag == TPM_ST_SESSIONS) { 19525 UINT32 parameter_section_size = buffer.size(); 19526 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19527 if (rc != TPM_RC_SUCCESS) { 19528 return rc; 19529 } 19530 if (parameter_section_size > buffer.size()) { 19531 return TPM_RC_INSUFFICIENT; 19532 } 19533 authorization_section_bytes = buffer.substr(parameter_section_size); 19534 // Keep the parameter section in |buffer|. 19535 buffer.erase(parameter_section_size); 19536 } 19537 std::unique_ptr<crypto::SecureHash> hash( 19538 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19539 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 19540 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19541 hash->Update(buffer.data(), buffer.size()); 19542 std::string response_hash(32, 0); 19543 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19544 if (tag == TPM_ST_SESSIONS) { 19545 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19546 if (!authorization_delegate->CheckResponseAuthorization( 19547 response_hash, authorization_section_bytes)) { 19548 return TRUNKS_RC_AUTHORIZATION_FAILED; 19549 } 19550 } 19551 std::string digests_bytes; 19552 rc = Parse_TPML_DIGEST_VALUES(&buffer, digests, &digests_bytes); 19553 if (rc != TPM_RC_SUCCESS) { 19554 return rc; 19555 } 19556 return TPM_RC_SUCCESS; 19557 } 19558 19559 void PCR_EventErrorCallback(const Tpm::PCR_EventResponse& callback, 19560 TPM_RC response_code) { 19561 VLOG(1) << __func__; 19562 callback.Run(response_code, TPML_DIGEST_VALUES()); 19563 } 19564 19565 void PCR_EventResponseParser(const Tpm::PCR_EventResponse& callback, 19566 AuthorizationDelegate* authorization_delegate, 19567 const std::string& response) { 19568 VLOG(1) << __func__; 19569 base::Callback<void(TPM_RC)> error_reporter = 19570 base::Bind(PCR_EventErrorCallback, callback); 19571 TPML_DIGEST_VALUES digests; 19572 TPM_RC rc = 19573 Tpm::ParseResponse_PCR_Event(response, &digests, authorization_delegate); 19574 if (rc != TPM_RC_SUCCESS) { 19575 error_reporter.Run(rc); 19576 return; 19577 } 19578 callback.Run(rc, digests); 19579 } 19580 19581 void Tpm::PCR_Event(const TPMI_DH_PCR& pcr_handle, 19582 const std::string& pcr_handle_name, 19583 const TPM2B_EVENT& event_data, 19584 AuthorizationDelegate* authorization_delegate, 19585 const PCR_EventResponse& callback) { 19586 VLOG(1) << __func__; 19587 base::Callback<void(TPM_RC)> error_reporter = 19588 base::Bind(PCR_EventErrorCallback, callback); 19589 base::Callback<void(const std::string&)> parser = 19590 base::Bind(PCR_EventResponseParser, callback, authorization_delegate); 19591 std::string command; 19592 TPM_RC rc = 19593 SerializeCommand_PCR_Event(pcr_handle, pcr_handle_name, event_data, 19594 &command, authorization_delegate); 19595 if (rc != TPM_RC_SUCCESS) { 19596 error_reporter.Run(rc); 19597 return; 19598 } 19599 transceiver_->SendCommand(command, parser); 19600 } 19601 19602 TPM_RC Tpm::PCR_EventSync(const TPMI_DH_PCR& pcr_handle, 19603 const std::string& pcr_handle_name, 19604 const TPM2B_EVENT& event_data, 19605 TPML_DIGEST_VALUES* digests, 19606 AuthorizationDelegate* authorization_delegate) { 19607 VLOG(1) << __func__; 19608 std::string command; 19609 TPM_RC rc = 19610 SerializeCommand_PCR_Event(pcr_handle, pcr_handle_name, event_data, 19611 &command, authorization_delegate); 19612 if (rc != TPM_RC_SUCCESS) { 19613 return rc; 19614 } 19615 std::string response = transceiver_->SendCommandAndWait(command); 19616 rc = ParseResponse_PCR_Event(response, digests, authorization_delegate); 19617 return rc; 19618 } 19619 19620 TPM_RC Tpm::SerializeCommand_PCR_Read( 19621 const TPML_PCR_SELECTION& pcr_selection_in, 19622 std::string* serialized_command, 19623 AuthorizationDelegate* authorization_delegate) { 19624 VLOG(3) << __func__; 19625 TPM_RC rc = TPM_RC_SUCCESS; 19626 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19627 UINT32 command_size = 10; // Header size. 19628 std::string handle_section_bytes; 19629 std::string parameter_section_bytes; 19630 TPM_CC command_code = TPM_CC_PCR_Read; 19631 bool is_command_parameter_encryption_possible = false; 19632 bool is_response_parameter_encryption_possible = false; 19633 std::string command_code_bytes; 19634 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19635 if (rc != TPM_RC_SUCCESS) { 19636 return rc; 19637 } 19638 std::string pcr_selection_in_bytes; 19639 rc = Serialize_TPML_PCR_SELECTION(pcr_selection_in, &pcr_selection_in_bytes); 19640 if (rc != TPM_RC_SUCCESS) { 19641 return rc; 19642 } 19643 std::unique_ptr<crypto::SecureHash> hash( 19644 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19645 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19646 hash->Update(pcr_selection_in_bytes.data(), pcr_selection_in_bytes.size()); 19647 parameter_section_bytes += pcr_selection_in_bytes; 19648 command_size += pcr_selection_in_bytes.size(); 19649 std::string command_hash(32, 0); 19650 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19651 std::string authorization_section_bytes; 19652 std::string authorization_size_bytes; 19653 if (authorization_delegate) { 19654 if (!authorization_delegate->GetCommandAuthorization( 19655 command_hash, is_command_parameter_encryption_possible, 19656 is_response_parameter_encryption_possible, 19657 &authorization_section_bytes)) { 19658 return TRUNKS_RC_AUTHORIZATION_FAILED; 19659 } 19660 if (!authorization_section_bytes.empty()) { 19661 tag = TPM_ST_SESSIONS; 19662 std::string tmp; 19663 rc = Serialize_UINT32(authorization_section_bytes.size(), 19664 &authorization_size_bytes); 19665 if (rc != TPM_RC_SUCCESS) { 19666 return rc; 19667 } 19668 command_size += 19669 authorization_size_bytes.size() + authorization_section_bytes.size(); 19670 } 19671 } 19672 std::string tag_bytes; 19673 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 19674 if (rc != TPM_RC_SUCCESS) { 19675 return rc; 19676 } 19677 std::string command_size_bytes; 19678 rc = Serialize_UINT32(command_size, &command_size_bytes); 19679 if (rc != TPM_RC_SUCCESS) { 19680 return rc; 19681 } 19682 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 19683 handle_section_bytes + authorization_size_bytes + 19684 authorization_section_bytes + parameter_section_bytes; 19685 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19686 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19687 serialized_command->size()); 19688 return TPM_RC_SUCCESS; 19689 } 19690 19691 TPM_RC Tpm::ParseResponse_PCR_Read( 19692 const std::string& response, 19693 UINT32* pcr_update_counter, 19694 TPML_PCR_SELECTION* pcr_selection_out, 19695 TPML_DIGEST* pcr_values, 19696 AuthorizationDelegate* authorization_delegate) { 19697 VLOG(3) << __func__; 19698 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19699 TPM_RC rc = TPM_RC_SUCCESS; 19700 std::string buffer(response); 19701 TPM_ST tag; 19702 std::string tag_bytes; 19703 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 19704 if (rc != TPM_RC_SUCCESS) { 19705 return rc; 19706 } 19707 UINT32 response_size; 19708 std::string response_size_bytes; 19709 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 19710 if (rc != TPM_RC_SUCCESS) { 19711 return rc; 19712 } 19713 TPM_RC response_code; 19714 std::string response_code_bytes; 19715 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 19716 if (rc != TPM_RC_SUCCESS) { 19717 return rc; 19718 } 19719 if (response_size != response.size()) { 19720 return TPM_RC_SIZE; 19721 } 19722 if (response_code != TPM_RC_SUCCESS) { 19723 return response_code; 19724 } 19725 TPM_CC command_code = TPM_CC_PCR_Read; 19726 std::string command_code_bytes; 19727 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19728 if (rc != TPM_RC_SUCCESS) { 19729 return rc; 19730 } 19731 std::string authorization_section_bytes; 19732 if (tag == TPM_ST_SESSIONS) { 19733 UINT32 parameter_section_size = buffer.size(); 19734 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19735 if (rc != TPM_RC_SUCCESS) { 19736 return rc; 19737 } 19738 if (parameter_section_size > buffer.size()) { 19739 return TPM_RC_INSUFFICIENT; 19740 } 19741 authorization_section_bytes = buffer.substr(parameter_section_size); 19742 // Keep the parameter section in |buffer|. 19743 buffer.erase(parameter_section_size); 19744 } 19745 std::unique_ptr<crypto::SecureHash> hash( 19746 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19747 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 19748 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19749 hash->Update(buffer.data(), buffer.size()); 19750 std::string response_hash(32, 0); 19751 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19752 if (tag == TPM_ST_SESSIONS) { 19753 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19754 if (!authorization_delegate->CheckResponseAuthorization( 19755 response_hash, authorization_section_bytes)) { 19756 return TRUNKS_RC_AUTHORIZATION_FAILED; 19757 } 19758 } 19759 std::string pcr_update_counter_bytes; 19760 rc = Parse_UINT32(&buffer, pcr_update_counter, &pcr_update_counter_bytes); 19761 if (rc != TPM_RC_SUCCESS) { 19762 return rc; 19763 } 19764 std::string pcr_selection_out_bytes; 19765 rc = Parse_TPML_PCR_SELECTION(&buffer, pcr_selection_out, 19766 &pcr_selection_out_bytes); 19767 if (rc != TPM_RC_SUCCESS) { 19768 return rc; 19769 } 19770 std::string pcr_values_bytes; 19771 rc = Parse_TPML_DIGEST(&buffer, pcr_values, &pcr_values_bytes); 19772 if (rc != TPM_RC_SUCCESS) { 19773 return rc; 19774 } 19775 return TPM_RC_SUCCESS; 19776 } 19777 19778 void PCR_ReadErrorCallback(const Tpm::PCR_ReadResponse& callback, 19779 TPM_RC response_code) { 19780 VLOG(1) << __func__; 19781 callback.Run(response_code, UINT32(), TPML_PCR_SELECTION(), TPML_DIGEST()); 19782 } 19783 19784 void PCR_ReadResponseParser(const Tpm::PCR_ReadResponse& callback, 19785 AuthorizationDelegate* authorization_delegate, 19786 const std::string& response) { 19787 VLOG(1) << __func__; 19788 base::Callback<void(TPM_RC)> error_reporter = 19789 base::Bind(PCR_ReadErrorCallback, callback); 19790 UINT32 pcr_update_counter; 19791 TPML_PCR_SELECTION pcr_selection_out; 19792 TPML_DIGEST pcr_values; 19793 TPM_RC rc = Tpm::ParseResponse_PCR_Read(response, &pcr_update_counter, 19794 &pcr_selection_out, &pcr_values, 19795 authorization_delegate); 19796 if (rc != TPM_RC_SUCCESS) { 19797 error_reporter.Run(rc); 19798 return; 19799 } 19800 callback.Run(rc, pcr_update_counter, pcr_selection_out, pcr_values); 19801 } 19802 19803 void Tpm::PCR_Read(const TPML_PCR_SELECTION& pcr_selection_in, 19804 AuthorizationDelegate* authorization_delegate, 19805 const PCR_ReadResponse& callback) { 19806 VLOG(1) << __func__; 19807 base::Callback<void(TPM_RC)> error_reporter = 19808 base::Bind(PCR_ReadErrorCallback, callback); 19809 base::Callback<void(const std::string&)> parser = 19810 base::Bind(PCR_ReadResponseParser, callback, authorization_delegate); 19811 std::string command; 19812 TPM_RC rc = SerializeCommand_PCR_Read(pcr_selection_in, &command, 19813 authorization_delegate); 19814 if (rc != TPM_RC_SUCCESS) { 19815 error_reporter.Run(rc); 19816 return; 19817 } 19818 transceiver_->SendCommand(command, parser); 19819 } 19820 19821 TPM_RC Tpm::PCR_ReadSync(const TPML_PCR_SELECTION& pcr_selection_in, 19822 UINT32* pcr_update_counter, 19823 TPML_PCR_SELECTION* pcr_selection_out, 19824 TPML_DIGEST* pcr_values, 19825 AuthorizationDelegate* authorization_delegate) { 19826 VLOG(1) << __func__; 19827 std::string command; 19828 TPM_RC rc = SerializeCommand_PCR_Read(pcr_selection_in, &command, 19829 authorization_delegate); 19830 if (rc != TPM_RC_SUCCESS) { 19831 return rc; 19832 } 19833 std::string response = transceiver_->SendCommandAndWait(command); 19834 rc = ParseResponse_PCR_Read(response, pcr_update_counter, pcr_selection_out, 19835 pcr_values, authorization_delegate); 19836 return rc; 19837 } 19838 19839 TPM_RC Tpm::SerializeCommand_PCR_Allocate( 19840 const TPMI_RH_PLATFORM& auth_handle, 19841 const std::string& auth_handle_name, 19842 const TPML_PCR_SELECTION& pcr_allocation, 19843 std::string* serialized_command, 19844 AuthorizationDelegate* authorization_delegate) { 19845 VLOG(3) << __func__; 19846 TPM_RC rc = TPM_RC_SUCCESS; 19847 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19848 UINT32 command_size = 10; // Header size. 19849 std::string handle_section_bytes; 19850 std::string parameter_section_bytes; 19851 TPM_CC command_code = TPM_CC_PCR_Allocate; 19852 bool is_command_parameter_encryption_possible = false; 19853 bool is_response_parameter_encryption_possible = false; 19854 std::string command_code_bytes; 19855 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19856 if (rc != TPM_RC_SUCCESS) { 19857 return rc; 19858 } 19859 std::string auth_handle_bytes; 19860 rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes); 19861 if (rc != TPM_RC_SUCCESS) { 19862 return rc; 19863 } 19864 std::string pcr_allocation_bytes; 19865 rc = Serialize_TPML_PCR_SELECTION(pcr_allocation, &pcr_allocation_bytes); 19866 if (rc != TPM_RC_SUCCESS) { 19867 return rc; 19868 } 19869 std::unique_ptr<crypto::SecureHash> hash( 19870 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19871 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19872 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 19873 handle_section_bytes += auth_handle_bytes; 19874 command_size += auth_handle_bytes.size(); 19875 hash->Update(pcr_allocation_bytes.data(), pcr_allocation_bytes.size()); 19876 parameter_section_bytes += pcr_allocation_bytes; 19877 command_size += pcr_allocation_bytes.size(); 19878 std::string command_hash(32, 0); 19879 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19880 std::string authorization_section_bytes; 19881 std::string authorization_size_bytes; 19882 if (authorization_delegate) { 19883 if (!authorization_delegate->GetCommandAuthorization( 19884 command_hash, is_command_parameter_encryption_possible, 19885 is_response_parameter_encryption_possible, 19886 &authorization_section_bytes)) { 19887 return TRUNKS_RC_AUTHORIZATION_FAILED; 19888 } 19889 if (!authorization_section_bytes.empty()) { 19890 tag = TPM_ST_SESSIONS; 19891 std::string tmp; 19892 rc = Serialize_UINT32(authorization_section_bytes.size(), 19893 &authorization_size_bytes); 19894 if (rc != TPM_RC_SUCCESS) { 19895 return rc; 19896 } 19897 command_size += 19898 authorization_size_bytes.size() + authorization_section_bytes.size(); 19899 } 19900 } 19901 std::string tag_bytes; 19902 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 19903 if (rc != TPM_RC_SUCCESS) { 19904 return rc; 19905 } 19906 std::string command_size_bytes; 19907 rc = Serialize_UINT32(command_size, &command_size_bytes); 19908 if (rc != TPM_RC_SUCCESS) { 19909 return rc; 19910 } 19911 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 19912 handle_section_bytes + authorization_size_bytes + 19913 authorization_section_bytes + parameter_section_bytes; 19914 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19915 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19916 serialized_command->size()); 19917 return TPM_RC_SUCCESS; 19918 } 19919 19920 TPM_RC Tpm::ParseResponse_PCR_Allocate( 19921 const std::string& response, 19922 TPMI_YES_NO* allocation_success, 19923 UINT32* max_pcr, 19924 UINT32* size_needed, 19925 UINT32* size_available, 19926 AuthorizationDelegate* authorization_delegate) { 19927 VLOG(3) << __func__; 19928 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19929 TPM_RC rc = TPM_RC_SUCCESS; 19930 std::string buffer(response); 19931 TPM_ST tag; 19932 std::string tag_bytes; 19933 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 19934 if (rc != TPM_RC_SUCCESS) { 19935 return rc; 19936 } 19937 UINT32 response_size; 19938 std::string response_size_bytes; 19939 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 19940 if (rc != TPM_RC_SUCCESS) { 19941 return rc; 19942 } 19943 TPM_RC response_code; 19944 std::string response_code_bytes; 19945 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 19946 if (rc != TPM_RC_SUCCESS) { 19947 return rc; 19948 } 19949 if (response_size != response.size()) { 19950 return TPM_RC_SIZE; 19951 } 19952 if (response_code != TPM_RC_SUCCESS) { 19953 return response_code; 19954 } 19955 TPM_CC command_code = TPM_CC_PCR_Allocate; 19956 std::string command_code_bytes; 19957 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 19958 if (rc != TPM_RC_SUCCESS) { 19959 return rc; 19960 } 19961 std::string authorization_section_bytes; 19962 if (tag == TPM_ST_SESSIONS) { 19963 UINT32 parameter_section_size = buffer.size(); 19964 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19965 if (rc != TPM_RC_SUCCESS) { 19966 return rc; 19967 } 19968 if (parameter_section_size > buffer.size()) { 19969 return TPM_RC_INSUFFICIENT; 19970 } 19971 authorization_section_bytes = buffer.substr(parameter_section_size); 19972 // Keep the parameter section in |buffer|. 19973 buffer.erase(parameter_section_size); 19974 } 19975 std::unique_ptr<crypto::SecureHash> hash( 19976 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 19977 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 19978 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 19979 hash->Update(buffer.data(), buffer.size()); 19980 std::string response_hash(32, 0); 19981 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19982 if (tag == TPM_ST_SESSIONS) { 19983 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19984 if (!authorization_delegate->CheckResponseAuthorization( 19985 response_hash, authorization_section_bytes)) { 19986 return TRUNKS_RC_AUTHORIZATION_FAILED; 19987 } 19988 } 19989 std::string allocation_success_bytes; 19990 rc = 19991 Parse_TPMI_YES_NO(&buffer, allocation_success, &allocation_success_bytes); 19992 if (rc != TPM_RC_SUCCESS) { 19993 return rc; 19994 } 19995 std::string max_pcr_bytes; 19996 rc = Parse_UINT32(&buffer, max_pcr, &max_pcr_bytes); 19997 if (rc != TPM_RC_SUCCESS) { 19998 return rc; 19999 } 20000 std::string size_needed_bytes; 20001 rc = Parse_UINT32(&buffer, size_needed, &size_needed_bytes); 20002 if (rc != TPM_RC_SUCCESS) { 20003 return rc; 20004 } 20005 std::string size_available_bytes; 20006 rc = Parse_UINT32(&buffer, size_available, &size_available_bytes); 20007 if (rc != TPM_RC_SUCCESS) { 20008 return rc; 20009 } 20010 return TPM_RC_SUCCESS; 20011 } 20012 20013 void PCR_AllocateErrorCallback(const Tpm::PCR_AllocateResponse& callback, 20014 TPM_RC response_code) { 20015 VLOG(1) << __func__; 20016 callback.Run(response_code, TPMI_YES_NO(), UINT32(), UINT32(), UINT32()); 20017 } 20018 20019 void PCR_AllocateResponseParser(const Tpm::PCR_AllocateResponse& callback, 20020 AuthorizationDelegate* authorization_delegate, 20021 const std::string& response) { 20022 VLOG(1) << __func__; 20023 base::Callback<void(TPM_RC)> error_reporter = 20024 base::Bind(PCR_AllocateErrorCallback, callback); 20025 TPMI_YES_NO allocation_success; 20026 UINT32 max_pcr; 20027 UINT32 size_needed; 20028 UINT32 size_available; 20029 TPM_RC rc = Tpm::ParseResponse_PCR_Allocate( 20030 response, &allocation_success, &max_pcr, &size_needed, &size_available, 20031 authorization_delegate); 20032 if (rc != TPM_RC_SUCCESS) { 20033 error_reporter.Run(rc); 20034 return; 20035 } 20036 callback.Run(rc, allocation_success, max_pcr, size_needed, size_available); 20037 } 20038 20039 void Tpm::PCR_Allocate(const TPMI_RH_PLATFORM& auth_handle, 20040 const std::string& auth_handle_name, 20041 const TPML_PCR_SELECTION& pcr_allocation, 20042 AuthorizationDelegate* authorization_delegate, 20043 const PCR_AllocateResponse& callback) { 20044 VLOG(1) << __func__; 20045 base::Callback<void(TPM_RC)> error_reporter = 20046 base::Bind(PCR_AllocateErrorCallback, callback); 20047 base::Callback<void(const std::string&)> parser = 20048 base::Bind(PCR_AllocateResponseParser, callback, authorization_delegate); 20049 std::string command; 20050 TPM_RC rc = SerializeCommand_PCR_Allocate(auth_handle, auth_handle_name, 20051 pcr_allocation, &command, 20052 authorization_delegate); 20053 if (rc != TPM_RC_SUCCESS) { 20054 error_reporter.Run(rc); 20055 return; 20056 } 20057 transceiver_->SendCommand(command, parser); 20058 } 20059 20060 TPM_RC Tpm::PCR_AllocateSync(const TPMI_RH_PLATFORM& auth_handle, 20061 const std::string& auth_handle_name, 20062 const TPML_PCR_SELECTION& pcr_allocation, 20063 TPMI_YES_NO* allocation_success, 20064 UINT32* max_pcr, 20065 UINT32* size_needed, 20066 UINT32* size_available, 20067 AuthorizationDelegate* authorization_delegate) { 20068 VLOG(1) << __func__; 20069 std::string command; 20070 TPM_RC rc = SerializeCommand_PCR_Allocate(auth_handle, auth_handle_name, 20071 pcr_allocation, &command, 20072 authorization_delegate); 20073 if (rc != TPM_RC_SUCCESS) { 20074 return rc; 20075 } 20076 std::string response = transceiver_->SendCommandAndWait(command); 20077 rc = ParseResponse_PCR_Allocate(response, allocation_success, max_pcr, 20078 size_needed, size_available, 20079 authorization_delegate); 20080 return rc; 20081 } 20082 20083 TPM_RC Tpm::SerializeCommand_PCR_SetAuthPolicy( 20084 const TPMI_RH_PLATFORM& auth_handle, 20085 const std::string& auth_handle_name, 20086 const TPMI_DH_PCR& pcr_num, 20087 const std::string& pcr_num_name, 20088 const TPM2B_DIGEST& auth_policy, 20089 const TPMI_ALG_HASH& policy_digest, 20090 std::string* serialized_command, 20091 AuthorizationDelegate* authorization_delegate) { 20092 VLOG(3) << __func__; 20093 TPM_RC rc = TPM_RC_SUCCESS; 20094 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20095 UINT32 command_size = 10; // Header size. 20096 std::string handle_section_bytes; 20097 std::string parameter_section_bytes; 20098 TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy; 20099 bool is_command_parameter_encryption_possible = true; 20100 bool is_response_parameter_encryption_possible = false; 20101 std::string command_code_bytes; 20102 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20103 if (rc != TPM_RC_SUCCESS) { 20104 return rc; 20105 } 20106 std::string auth_handle_bytes; 20107 rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes); 20108 if (rc != TPM_RC_SUCCESS) { 20109 return rc; 20110 } 20111 std::string auth_policy_bytes; 20112 rc = Serialize_TPM2B_DIGEST(auth_policy, &auth_policy_bytes); 20113 if (rc != TPM_RC_SUCCESS) { 20114 return rc; 20115 } 20116 std::string policy_digest_bytes; 20117 rc = Serialize_TPMI_ALG_HASH(policy_digest, &policy_digest_bytes); 20118 if (rc != TPM_RC_SUCCESS) { 20119 return rc; 20120 } 20121 std::string pcr_num_bytes; 20122 rc = Serialize_TPMI_DH_PCR(pcr_num, &pcr_num_bytes); 20123 if (rc != TPM_RC_SUCCESS) { 20124 return rc; 20125 } 20126 if (authorization_delegate) { 20127 // Encrypt just the parameter data, not the size. 20128 std::string tmp = auth_policy_bytes.substr(2); 20129 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20130 return TRUNKS_RC_ENCRYPTION_FAILED; 20131 } 20132 auth_policy_bytes.replace(2, std::string::npos, tmp); 20133 } 20134 std::unique_ptr<crypto::SecureHash> hash( 20135 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20136 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20137 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 20138 handle_section_bytes += auth_handle_bytes; 20139 command_size += auth_handle_bytes.size(); 20140 hash->Update(pcr_num_name.data(), pcr_num_name.size()); 20141 handle_section_bytes += pcr_num_bytes; 20142 command_size += pcr_num_bytes.size(); 20143 hash->Update(auth_policy_bytes.data(), auth_policy_bytes.size()); 20144 parameter_section_bytes += auth_policy_bytes; 20145 command_size += auth_policy_bytes.size(); 20146 hash->Update(policy_digest_bytes.data(), policy_digest_bytes.size()); 20147 parameter_section_bytes += policy_digest_bytes; 20148 command_size += policy_digest_bytes.size(); 20149 std::string command_hash(32, 0); 20150 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20151 std::string authorization_section_bytes; 20152 std::string authorization_size_bytes; 20153 if (authorization_delegate) { 20154 if (!authorization_delegate->GetCommandAuthorization( 20155 command_hash, is_command_parameter_encryption_possible, 20156 is_response_parameter_encryption_possible, 20157 &authorization_section_bytes)) { 20158 return TRUNKS_RC_AUTHORIZATION_FAILED; 20159 } 20160 if (!authorization_section_bytes.empty()) { 20161 tag = TPM_ST_SESSIONS; 20162 std::string tmp; 20163 rc = Serialize_UINT32(authorization_section_bytes.size(), 20164 &authorization_size_bytes); 20165 if (rc != TPM_RC_SUCCESS) { 20166 return rc; 20167 } 20168 command_size += 20169 authorization_size_bytes.size() + authorization_section_bytes.size(); 20170 } 20171 } 20172 std::string tag_bytes; 20173 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 20174 if (rc != TPM_RC_SUCCESS) { 20175 return rc; 20176 } 20177 std::string command_size_bytes; 20178 rc = Serialize_UINT32(command_size, &command_size_bytes); 20179 if (rc != TPM_RC_SUCCESS) { 20180 return rc; 20181 } 20182 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 20183 handle_section_bytes + authorization_size_bytes + 20184 authorization_section_bytes + parameter_section_bytes; 20185 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20186 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20187 serialized_command->size()); 20188 return TPM_RC_SUCCESS; 20189 } 20190 20191 TPM_RC Tpm::ParseResponse_PCR_SetAuthPolicy( 20192 const std::string& response, 20193 AuthorizationDelegate* authorization_delegate) { 20194 VLOG(3) << __func__; 20195 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20196 TPM_RC rc = TPM_RC_SUCCESS; 20197 std::string buffer(response); 20198 TPM_ST tag; 20199 std::string tag_bytes; 20200 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 20201 if (rc != TPM_RC_SUCCESS) { 20202 return rc; 20203 } 20204 UINT32 response_size; 20205 std::string response_size_bytes; 20206 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 20207 if (rc != TPM_RC_SUCCESS) { 20208 return rc; 20209 } 20210 TPM_RC response_code; 20211 std::string response_code_bytes; 20212 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 20213 if (rc != TPM_RC_SUCCESS) { 20214 return rc; 20215 } 20216 if (response_size != response.size()) { 20217 return TPM_RC_SIZE; 20218 } 20219 if (response_code != TPM_RC_SUCCESS) { 20220 return response_code; 20221 } 20222 TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy; 20223 std::string command_code_bytes; 20224 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20225 if (rc != TPM_RC_SUCCESS) { 20226 return rc; 20227 } 20228 std::string authorization_section_bytes; 20229 if (tag == TPM_ST_SESSIONS) { 20230 UINT32 parameter_section_size = buffer.size(); 20231 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20232 if (rc != TPM_RC_SUCCESS) { 20233 return rc; 20234 } 20235 if (parameter_section_size > buffer.size()) { 20236 return TPM_RC_INSUFFICIENT; 20237 } 20238 authorization_section_bytes = buffer.substr(parameter_section_size); 20239 // Keep the parameter section in |buffer|. 20240 buffer.erase(parameter_section_size); 20241 } 20242 std::unique_ptr<crypto::SecureHash> hash( 20243 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20244 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 20245 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20246 hash->Update(buffer.data(), buffer.size()); 20247 std::string response_hash(32, 0); 20248 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20249 if (tag == TPM_ST_SESSIONS) { 20250 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20251 if (!authorization_delegate->CheckResponseAuthorization( 20252 response_hash, authorization_section_bytes)) { 20253 return TRUNKS_RC_AUTHORIZATION_FAILED; 20254 } 20255 } 20256 return TPM_RC_SUCCESS; 20257 } 20258 20259 void PCR_SetAuthPolicyErrorCallback( 20260 const Tpm::PCR_SetAuthPolicyResponse& callback, 20261 TPM_RC response_code) { 20262 VLOG(1) << __func__; 20263 callback.Run(response_code); 20264 } 20265 20266 void PCR_SetAuthPolicyResponseParser( 20267 const Tpm::PCR_SetAuthPolicyResponse& callback, 20268 AuthorizationDelegate* authorization_delegate, 20269 const std::string& response) { 20270 VLOG(1) << __func__; 20271 base::Callback<void(TPM_RC)> error_reporter = 20272 base::Bind(PCR_SetAuthPolicyErrorCallback, callback); 20273 TPM_RC rc = 20274 Tpm::ParseResponse_PCR_SetAuthPolicy(response, authorization_delegate); 20275 if (rc != TPM_RC_SUCCESS) { 20276 error_reporter.Run(rc); 20277 return; 20278 } 20279 callback.Run(rc); 20280 } 20281 20282 void Tpm::PCR_SetAuthPolicy(const TPMI_RH_PLATFORM& auth_handle, 20283 const std::string& auth_handle_name, 20284 const TPMI_DH_PCR& pcr_num, 20285 const std::string& pcr_num_name, 20286 const TPM2B_DIGEST& auth_policy, 20287 const TPMI_ALG_HASH& policy_digest, 20288 AuthorizationDelegate* authorization_delegate, 20289 const PCR_SetAuthPolicyResponse& callback) { 20290 VLOG(1) << __func__; 20291 base::Callback<void(TPM_RC)> error_reporter = 20292 base::Bind(PCR_SetAuthPolicyErrorCallback, callback); 20293 base::Callback<void(const std::string&)> parser = base::Bind( 20294 PCR_SetAuthPolicyResponseParser, callback, authorization_delegate); 20295 std::string command; 20296 TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy( 20297 auth_handle, auth_handle_name, pcr_num, pcr_num_name, auth_policy, 20298 policy_digest, &command, authorization_delegate); 20299 if (rc != TPM_RC_SUCCESS) { 20300 error_reporter.Run(rc); 20301 return; 20302 } 20303 transceiver_->SendCommand(command, parser); 20304 } 20305 20306 TPM_RC Tpm::PCR_SetAuthPolicySync( 20307 const TPMI_RH_PLATFORM& auth_handle, 20308 const std::string& auth_handle_name, 20309 const TPMI_DH_PCR& pcr_num, 20310 const std::string& pcr_num_name, 20311 const TPM2B_DIGEST& auth_policy, 20312 const TPMI_ALG_HASH& policy_digest, 20313 AuthorizationDelegate* authorization_delegate) { 20314 VLOG(1) << __func__; 20315 std::string command; 20316 TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy( 20317 auth_handle, auth_handle_name, pcr_num, pcr_num_name, auth_policy, 20318 policy_digest, &command, authorization_delegate); 20319 if (rc != TPM_RC_SUCCESS) { 20320 return rc; 20321 } 20322 std::string response = transceiver_->SendCommandAndWait(command); 20323 rc = ParseResponse_PCR_SetAuthPolicy(response, authorization_delegate); 20324 return rc; 20325 } 20326 20327 TPM_RC Tpm::SerializeCommand_PCR_SetAuthValue( 20328 const TPMI_DH_PCR& pcr_handle, 20329 const std::string& pcr_handle_name, 20330 const TPM2B_DIGEST& auth, 20331 std::string* serialized_command, 20332 AuthorizationDelegate* authorization_delegate) { 20333 VLOG(3) << __func__; 20334 TPM_RC rc = TPM_RC_SUCCESS; 20335 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20336 UINT32 command_size = 10; // Header size. 20337 std::string handle_section_bytes; 20338 std::string parameter_section_bytes; 20339 TPM_CC command_code = TPM_CC_PCR_SetAuthValue; 20340 bool is_command_parameter_encryption_possible = true; 20341 bool is_response_parameter_encryption_possible = false; 20342 std::string command_code_bytes; 20343 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20344 if (rc != TPM_RC_SUCCESS) { 20345 return rc; 20346 } 20347 std::string pcr_handle_bytes; 20348 rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes); 20349 if (rc != TPM_RC_SUCCESS) { 20350 return rc; 20351 } 20352 std::string auth_bytes; 20353 rc = Serialize_TPM2B_DIGEST(auth, &auth_bytes); 20354 if (rc != TPM_RC_SUCCESS) { 20355 return rc; 20356 } 20357 if (authorization_delegate) { 20358 // Encrypt just the parameter data, not the size. 20359 std::string tmp = auth_bytes.substr(2); 20360 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20361 return TRUNKS_RC_ENCRYPTION_FAILED; 20362 } 20363 auth_bytes.replace(2, std::string::npos, tmp); 20364 } 20365 std::unique_ptr<crypto::SecureHash> hash( 20366 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20367 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20368 hash->Update(pcr_handle_name.data(), pcr_handle_name.size()); 20369 handle_section_bytes += pcr_handle_bytes; 20370 command_size += pcr_handle_bytes.size(); 20371 hash->Update(auth_bytes.data(), auth_bytes.size()); 20372 parameter_section_bytes += auth_bytes; 20373 command_size += auth_bytes.size(); 20374 std::string command_hash(32, 0); 20375 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20376 std::string authorization_section_bytes; 20377 std::string authorization_size_bytes; 20378 if (authorization_delegate) { 20379 if (!authorization_delegate->GetCommandAuthorization( 20380 command_hash, is_command_parameter_encryption_possible, 20381 is_response_parameter_encryption_possible, 20382 &authorization_section_bytes)) { 20383 return TRUNKS_RC_AUTHORIZATION_FAILED; 20384 } 20385 if (!authorization_section_bytes.empty()) { 20386 tag = TPM_ST_SESSIONS; 20387 std::string tmp; 20388 rc = Serialize_UINT32(authorization_section_bytes.size(), 20389 &authorization_size_bytes); 20390 if (rc != TPM_RC_SUCCESS) { 20391 return rc; 20392 } 20393 command_size += 20394 authorization_size_bytes.size() + authorization_section_bytes.size(); 20395 } 20396 } 20397 std::string tag_bytes; 20398 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 20399 if (rc != TPM_RC_SUCCESS) { 20400 return rc; 20401 } 20402 std::string command_size_bytes; 20403 rc = Serialize_UINT32(command_size, &command_size_bytes); 20404 if (rc != TPM_RC_SUCCESS) { 20405 return rc; 20406 } 20407 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 20408 handle_section_bytes + authorization_size_bytes + 20409 authorization_section_bytes + parameter_section_bytes; 20410 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20411 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20412 serialized_command->size()); 20413 return TPM_RC_SUCCESS; 20414 } 20415 20416 TPM_RC Tpm::ParseResponse_PCR_SetAuthValue( 20417 const std::string& response, 20418 AuthorizationDelegate* authorization_delegate) { 20419 VLOG(3) << __func__; 20420 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20421 TPM_RC rc = TPM_RC_SUCCESS; 20422 std::string buffer(response); 20423 TPM_ST tag; 20424 std::string tag_bytes; 20425 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 20426 if (rc != TPM_RC_SUCCESS) { 20427 return rc; 20428 } 20429 UINT32 response_size; 20430 std::string response_size_bytes; 20431 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 20432 if (rc != TPM_RC_SUCCESS) { 20433 return rc; 20434 } 20435 TPM_RC response_code; 20436 std::string response_code_bytes; 20437 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 20438 if (rc != TPM_RC_SUCCESS) { 20439 return rc; 20440 } 20441 if (response_size != response.size()) { 20442 return TPM_RC_SIZE; 20443 } 20444 if (response_code != TPM_RC_SUCCESS) { 20445 return response_code; 20446 } 20447 TPM_CC command_code = TPM_CC_PCR_SetAuthValue; 20448 std::string command_code_bytes; 20449 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20450 if (rc != TPM_RC_SUCCESS) { 20451 return rc; 20452 } 20453 std::string authorization_section_bytes; 20454 if (tag == TPM_ST_SESSIONS) { 20455 UINT32 parameter_section_size = buffer.size(); 20456 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20457 if (rc != TPM_RC_SUCCESS) { 20458 return rc; 20459 } 20460 if (parameter_section_size > buffer.size()) { 20461 return TPM_RC_INSUFFICIENT; 20462 } 20463 authorization_section_bytes = buffer.substr(parameter_section_size); 20464 // Keep the parameter section in |buffer|. 20465 buffer.erase(parameter_section_size); 20466 } 20467 std::unique_ptr<crypto::SecureHash> hash( 20468 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20469 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 20470 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20471 hash->Update(buffer.data(), buffer.size()); 20472 std::string response_hash(32, 0); 20473 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20474 if (tag == TPM_ST_SESSIONS) { 20475 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20476 if (!authorization_delegate->CheckResponseAuthorization( 20477 response_hash, authorization_section_bytes)) { 20478 return TRUNKS_RC_AUTHORIZATION_FAILED; 20479 } 20480 } 20481 return TPM_RC_SUCCESS; 20482 } 20483 20484 void PCR_SetAuthValueErrorCallback( 20485 const Tpm::PCR_SetAuthValueResponse& callback, 20486 TPM_RC response_code) { 20487 VLOG(1) << __func__; 20488 callback.Run(response_code); 20489 } 20490 20491 void PCR_SetAuthValueResponseParser( 20492 const Tpm::PCR_SetAuthValueResponse& callback, 20493 AuthorizationDelegate* authorization_delegate, 20494 const std::string& response) { 20495 VLOG(1) << __func__; 20496 base::Callback<void(TPM_RC)> error_reporter = 20497 base::Bind(PCR_SetAuthValueErrorCallback, callback); 20498 TPM_RC rc = 20499 Tpm::ParseResponse_PCR_SetAuthValue(response, authorization_delegate); 20500 if (rc != TPM_RC_SUCCESS) { 20501 error_reporter.Run(rc); 20502 return; 20503 } 20504 callback.Run(rc); 20505 } 20506 20507 void Tpm::PCR_SetAuthValue(const TPMI_DH_PCR& pcr_handle, 20508 const std::string& pcr_handle_name, 20509 const TPM2B_DIGEST& auth, 20510 AuthorizationDelegate* authorization_delegate, 20511 const PCR_SetAuthValueResponse& callback) { 20512 VLOG(1) << __func__; 20513 base::Callback<void(TPM_RC)> error_reporter = 20514 base::Bind(PCR_SetAuthValueErrorCallback, callback); 20515 base::Callback<void(const std::string&)> parser = base::Bind( 20516 PCR_SetAuthValueResponseParser, callback, authorization_delegate); 20517 std::string command; 20518 TPM_RC rc = SerializeCommand_PCR_SetAuthValue( 20519 pcr_handle, pcr_handle_name, auth, &command, authorization_delegate); 20520 if (rc != TPM_RC_SUCCESS) { 20521 error_reporter.Run(rc); 20522 return; 20523 } 20524 transceiver_->SendCommand(command, parser); 20525 } 20526 20527 TPM_RC Tpm::PCR_SetAuthValueSync( 20528 const TPMI_DH_PCR& pcr_handle, 20529 const std::string& pcr_handle_name, 20530 const TPM2B_DIGEST& auth, 20531 AuthorizationDelegate* authorization_delegate) { 20532 VLOG(1) << __func__; 20533 std::string command; 20534 TPM_RC rc = SerializeCommand_PCR_SetAuthValue( 20535 pcr_handle, pcr_handle_name, auth, &command, authorization_delegate); 20536 if (rc != TPM_RC_SUCCESS) { 20537 return rc; 20538 } 20539 std::string response = transceiver_->SendCommandAndWait(command); 20540 rc = ParseResponse_PCR_SetAuthValue(response, authorization_delegate); 20541 return rc; 20542 } 20543 20544 TPM_RC Tpm::SerializeCommand_PCR_Reset( 20545 const TPMI_DH_PCR& pcr_handle, 20546 const std::string& pcr_handle_name, 20547 std::string* serialized_command, 20548 AuthorizationDelegate* authorization_delegate) { 20549 VLOG(3) << __func__; 20550 TPM_RC rc = TPM_RC_SUCCESS; 20551 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20552 UINT32 command_size = 10; // Header size. 20553 std::string handle_section_bytes; 20554 std::string parameter_section_bytes; 20555 TPM_CC command_code = TPM_CC_PCR_Reset; 20556 bool is_command_parameter_encryption_possible = false; 20557 bool is_response_parameter_encryption_possible = false; 20558 std::string command_code_bytes; 20559 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20560 if (rc != TPM_RC_SUCCESS) { 20561 return rc; 20562 } 20563 std::string pcr_handle_bytes; 20564 rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes); 20565 if (rc != TPM_RC_SUCCESS) { 20566 return rc; 20567 } 20568 std::unique_ptr<crypto::SecureHash> hash( 20569 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20570 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20571 hash->Update(pcr_handle_name.data(), pcr_handle_name.size()); 20572 handle_section_bytes += pcr_handle_bytes; 20573 command_size += pcr_handle_bytes.size(); 20574 std::string command_hash(32, 0); 20575 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20576 std::string authorization_section_bytes; 20577 std::string authorization_size_bytes; 20578 if (authorization_delegate) { 20579 if (!authorization_delegate->GetCommandAuthorization( 20580 command_hash, is_command_parameter_encryption_possible, 20581 is_response_parameter_encryption_possible, 20582 &authorization_section_bytes)) { 20583 return TRUNKS_RC_AUTHORIZATION_FAILED; 20584 } 20585 if (!authorization_section_bytes.empty()) { 20586 tag = TPM_ST_SESSIONS; 20587 std::string tmp; 20588 rc = Serialize_UINT32(authorization_section_bytes.size(), 20589 &authorization_size_bytes); 20590 if (rc != TPM_RC_SUCCESS) { 20591 return rc; 20592 } 20593 command_size += 20594 authorization_size_bytes.size() + authorization_section_bytes.size(); 20595 } 20596 } 20597 std::string tag_bytes; 20598 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 20599 if (rc != TPM_RC_SUCCESS) { 20600 return rc; 20601 } 20602 std::string command_size_bytes; 20603 rc = Serialize_UINT32(command_size, &command_size_bytes); 20604 if (rc != TPM_RC_SUCCESS) { 20605 return rc; 20606 } 20607 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 20608 handle_section_bytes + authorization_size_bytes + 20609 authorization_section_bytes + parameter_section_bytes; 20610 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20611 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20612 serialized_command->size()); 20613 return TPM_RC_SUCCESS; 20614 } 20615 20616 TPM_RC Tpm::ParseResponse_PCR_Reset( 20617 const std::string& response, 20618 AuthorizationDelegate* authorization_delegate) { 20619 VLOG(3) << __func__; 20620 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20621 TPM_RC rc = TPM_RC_SUCCESS; 20622 std::string buffer(response); 20623 TPM_ST tag; 20624 std::string tag_bytes; 20625 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 20626 if (rc != TPM_RC_SUCCESS) { 20627 return rc; 20628 } 20629 UINT32 response_size; 20630 std::string response_size_bytes; 20631 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 20632 if (rc != TPM_RC_SUCCESS) { 20633 return rc; 20634 } 20635 TPM_RC response_code; 20636 std::string response_code_bytes; 20637 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 20638 if (rc != TPM_RC_SUCCESS) { 20639 return rc; 20640 } 20641 if (response_size != response.size()) { 20642 return TPM_RC_SIZE; 20643 } 20644 if (response_code != TPM_RC_SUCCESS) { 20645 return response_code; 20646 } 20647 TPM_CC command_code = TPM_CC_PCR_Reset; 20648 std::string command_code_bytes; 20649 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20650 if (rc != TPM_RC_SUCCESS) { 20651 return rc; 20652 } 20653 std::string authorization_section_bytes; 20654 if (tag == TPM_ST_SESSIONS) { 20655 UINT32 parameter_section_size = buffer.size(); 20656 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20657 if (rc != TPM_RC_SUCCESS) { 20658 return rc; 20659 } 20660 if (parameter_section_size > buffer.size()) { 20661 return TPM_RC_INSUFFICIENT; 20662 } 20663 authorization_section_bytes = buffer.substr(parameter_section_size); 20664 // Keep the parameter section in |buffer|. 20665 buffer.erase(parameter_section_size); 20666 } 20667 std::unique_ptr<crypto::SecureHash> hash( 20668 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20669 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 20670 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20671 hash->Update(buffer.data(), buffer.size()); 20672 std::string response_hash(32, 0); 20673 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20674 if (tag == TPM_ST_SESSIONS) { 20675 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20676 if (!authorization_delegate->CheckResponseAuthorization( 20677 response_hash, authorization_section_bytes)) { 20678 return TRUNKS_RC_AUTHORIZATION_FAILED; 20679 } 20680 } 20681 return TPM_RC_SUCCESS; 20682 } 20683 20684 void PCR_ResetErrorCallback(const Tpm::PCR_ResetResponse& callback, 20685 TPM_RC response_code) { 20686 VLOG(1) << __func__; 20687 callback.Run(response_code); 20688 } 20689 20690 void PCR_ResetResponseParser(const Tpm::PCR_ResetResponse& callback, 20691 AuthorizationDelegate* authorization_delegate, 20692 const std::string& response) { 20693 VLOG(1) << __func__; 20694 base::Callback<void(TPM_RC)> error_reporter = 20695 base::Bind(PCR_ResetErrorCallback, callback); 20696 TPM_RC rc = Tpm::ParseResponse_PCR_Reset(response, authorization_delegate); 20697 if (rc != TPM_RC_SUCCESS) { 20698 error_reporter.Run(rc); 20699 return; 20700 } 20701 callback.Run(rc); 20702 } 20703 20704 void Tpm::PCR_Reset(const TPMI_DH_PCR& pcr_handle, 20705 const std::string& pcr_handle_name, 20706 AuthorizationDelegate* authorization_delegate, 20707 const PCR_ResetResponse& callback) { 20708 VLOG(1) << __func__; 20709 base::Callback<void(TPM_RC)> error_reporter = 20710 base::Bind(PCR_ResetErrorCallback, callback); 20711 base::Callback<void(const std::string&)> parser = 20712 base::Bind(PCR_ResetResponseParser, callback, authorization_delegate); 20713 std::string command; 20714 TPM_RC rc = SerializeCommand_PCR_Reset(pcr_handle, pcr_handle_name, &command, 20715 authorization_delegate); 20716 if (rc != TPM_RC_SUCCESS) { 20717 error_reporter.Run(rc); 20718 return; 20719 } 20720 transceiver_->SendCommand(command, parser); 20721 } 20722 20723 TPM_RC Tpm::PCR_ResetSync(const TPMI_DH_PCR& pcr_handle, 20724 const std::string& pcr_handle_name, 20725 AuthorizationDelegate* authorization_delegate) { 20726 VLOG(1) << __func__; 20727 std::string command; 20728 TPM_RC rc = SerializeCommand_PCR_Reset(pcr_handle, pcr_handle_name, &command, 20729 authorization_delegate); 20730 if (rc != TPM_RC_SUCCESS) { 20731 return rc; 20732 } 20733 std::string response = transceiver_->SendCommandAndWait(command); 20734 rc = ParseResponse_PCR_Reset(response, authorization_delegate); 20735 return rc; 20736 } 20737 20738 TPM_RC Tpm::SerializeCommand_PolicySigned( 20739 const TPMI_DH_OBJECT& auth_object, 20740 const std::string& auth_object_name, 20741 const TPMI_SH_POLICY& policy_session, 20742 const std::string& policy_session_name, 20743 const TPM2B_NONCE& nonce_tpm, 20744 const TPM2B_DIGEST& cp_hash_a, 20745 const TPM2B_NONCE& policy_ref, 20746 const INT32& expiration, 20747 const TPMT_SIGNATURE& auth, 20748 std::string* serialized_command, 20749 AuthorizationDelegate* authorization_delegate) { 20750 VLOG(3) << __func__; 20751 TPM_RC rc = TPM_RC_SUCCESS; 20752 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20753 UINT32 command_size = 10; // Header size. 20754 std::string handle_section_bytes; 20755 std::string parameter_section_bytes; 20756 TPM_CC command_code = TPM_CC_PolicySigned; 20757 bool is_command_parameter_encryption_possible = true; 20758 bool is_response_parameter_encryption_possible = true; 20759 std::string command_code_bytes; 20760 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20761 if (rc != TPM_RC_SUCCESS) { 20762 return rc; 20763 } 20764 std::string auth_object_bytes; 20765 rc = Serialize_TPMI_DH_OBJECT(auth_object, &auth_object_bytes); 20766 if (rc != TPM_RC_SUCCESS) { 20767 return rc; 20768 } 20769 std::string policy_session_bytes; 20770 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 20771 if (rc != TPM_RC_SUCCESS) { 20772 return rc; 20773 } 20774 std::string nonce_tpm_bytes; 20775 rc = Serialize_TPM2B_NONCE(nonce_tpm, &nonce_tpm_bytes); 20776 if (rc != TPM_RC_SUCCESS) { 20777 return rc; 20778 } 20779 std::string cp_hash_a_bytes; 20780 rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes); 20781 if (rc != TPM_RC_SUCCESS) { 20782 return rc; 20783 } 20784 std::string policy_ref_bytes; 20785 rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes); 20786 if (rc != TPM_RC_SUCCESS) { 20787 return rc; 20788 } 20789 std::string expiration_bytes; 20790 rc = Serialize_INT32(expiration, &expiration_bytes); 20791 if (rc != TPM_RC_SUCCESS) { 20792 return rc; 20793 } 20794 std::string auth_bytes; 20795 rc = Serialize_TPMT_SIGNATURE(auth, &auth_bytes); 20796 if (rc != TPM_RC_SUCCESS) { 20797 return rc; 20798 } 20799 if (authorization_delegate) { 20800 // Encrypt just the parameter data, not the size. 20801 std::string tmp = nonce_tpm_bytes.substr(2); 20802 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20803 return TRUNKS_RC_ENCRYPTION_FAILED; 20804 } 20805 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 20806 } 20807 std::unique_ptr<crypto::SecureHash> hash( 20808 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20809 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20810 hash->Update(auth_object_name.data(), auth_object_name.size()); 20811 handle_section_bytes += auth_object_bytes; 20812 command_size += auth_object_bytes.size(); 20813 hash->Update(policy_session_name.data(), policy_session_name.size()); 20814 handle_section_bytes += policy_session_bytes; 20815 command_size += policy_session_bytes.size(); 20816 hash->Update(nonce_tpm_bytes.data(), nonce_tpm_bytes.size()); 20817 parameter_section_bytes += nonce_tpm_bytes; 20818 command_size += nonce_tpm_bytes.size(); 20819 hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size()); 20820 parameter_section_bytes += cp_hash_a_bytes; 20821 command_size += cp_hash_a_bytes.size(); 20822 hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size()); 20823 parameter_section_bytes += policy_ref_bytes; 20824 command_size += policy_ref_bytes.size(); 20825 hash->Update(expiration_bytes.data(), expiration_bytes.size()); 20826 parameter_section_bytes += expiration_bytes; 20827 command_size += expiration_bytes.size(); 20828 hash->Update(auth_bytes.data(), auth_bytes.size()); 20829 parameter_section_bytes += auth_bytes; 20830 command_size += auth_bytes.size(); 20831 std::string command_hash(32, 0); 20832 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20833 std::string authorization_section_bytes; 20834 std::string authorization_size_bytes; 20835 if (authorization_delegate) { 20836 if (!authorization_delegate->GetCommandAuthorization( 20837 command_hash, is_command_parameter_encryption_possible, 20838 is_response_parameter_encryption_possible, 20839 &authorization_section_bytes)) { 20840 return TRUNKS_RC_AUTHORIZATION_FAILED; 20841 } 20842 if (!authorization_section_bytes.empty()) { 20843 tag = TPM_ST_SESSIONS; 20844 std::string tmp; 20845 rc = Serialize_UINT32(authorization_section_bytes.size(), 20846 &authorization_size_bytes); 20847 if (rc != TPM_RC_SUCCESS) { 20848 return rc; 20849 } 20850 command_size += 20851 authorization_size_bytes.size() + authorization_section_bytes.size(); 20852 } 20853 } 20854 std::string tag_bytes; 20855 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 20856 if (rc != TPM_RC_SUCCESS) { 20857 return rc; 20858 } 20859 std::string command_size_bytes; 20860 rc = Serialize_UINT32(command_size, &command_size_bytes); 20861 if (rc != TPM_RC_SUCCESS) { 20862 return rc; 20863 } 20864 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 20865 handle_section_bytes + authorization_size_bytes + 20866 authorization_section_bytes + parameter_section_bytes; 20867 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20868 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20869 serialized_command->size()); 20870 return TPM_RC_SUCCESS; 20871 } 20872 20873 TPM_RC Tpm::ParseResponse_PolicySigned( 20874 const std::string& response, 20875 TPM2B_TIMEOUT* timeout, 20876 TPMT_TK_AUTH* policy_ticket, 20877 AuthorizationDelegate* authorization_delegate) { 20878 VLOG(3) << __func__; 20879 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20880 TPM_RC rc = TPM_RC_SUCCESS; 20881 std::string buffer(response); 20882 TPM_ST tag; 20883 std::string tag_bytes; 20884 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 20885 if (rc != TPM_RC_SUCCESS) { 20886 return rc; 20887 } 20888 UINT32 response_size; 20889 std::string response_size_bytes; 20890 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 20891 if (rc != TPM_RC_SUCCESS) { 20892 return rc; 20893 } 20894 TPM_RC response_code; 20895 std::string response_code_bytes; 20896 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 20897 if (rc != TPM_RC_SUCCESS) { 20898 return rc; 20899 } 20900 if (response_size != response.size()) { 20901 return TPM_RC_SIZE; 20902 } 20903 if (response_code != TPM_RC_SUCCESS) { 20904 return response_code; 20905 } 20906 TPM_CC command_code = TPM_CC_PolicySigned; 20907 std::string command_code_bytes; 20908 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 20909 if (rc != TPM_RC_SUCCESS) { 20910 return rc; 20911 } 20912 std::string authorization_section_bytes; 20913 if (tag == TPM_ST_SESSIONS) { 20914 UINT32 parameter_section_size = buffer.size(); 20915 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20916 if (rc != TPM_RC_SUCCESS) { 20917 return rc; 20918 } 20919 if (parameter_section_size > buffer.size()) { 20920 return TPM_RC_INSUFFICIENT; 20921 } 20922 authorization_section_bytes = buffer.substr(parameter_section_size); 20923 // Keep the parameter section in |buffer|. 20924 buffer.erase(parameter_section_size); 20925 } 20926 std::unique_ptr<crypto::SecureHash> hash( 20927 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 20928 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 20929 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 20930 hash->Update(buffer.data(), buffer.size()); 20931 std::string response_hash(32, 0); 20932 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20933 if (tag == TPM_ST_SESSIONS) { 20934 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20935 if (!authorization_delegate->CheckResponseAuthorization( 20936 response_hash, authorization_section_bytes)) { 20937 return TRUNKS_RC_AUTHORIZATION_FAILED; 20938 } 20939 } 20940 std::string timeout_bytes; 20941 rc = Parse_TPM2B_TIMEOUT(&buffer, timeout, &timeout_bytes); 20942 if (rc != TPM_RC_SUCCESS) { 20943 return rc; 20944 } 20945 std::string policy_ticket_bytes; 20946 rc = Parse_TPMT_TK_AUTH(&buffer, policy_ticket, &policy_ticket_bytes); 20947 if (rc != TPM_RC_SUCCESS) { 20948 return rc; 20949 } 20950 if (tag == TPM_ST_SESSIONS) { 20951 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20952 // Decrypt just the parameter data, not the size. 20953 std::string tmp = timeout_bytes.substr(2); 20954 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 20955 return TRUNKS_RC_ENCRYPTION_FAILED; 20956 } 20957 timeout_bytes.replace(2, std::string::npos, tmp); 20958 rc = Parse_TPM2B_TIMEOUT(&timeout_bytes, timeout, nullptr); 20959 if (rc != TPM_RC_SUCCESS) { 20960 return rc; 20961 } 20962 } 20963 return TPM_RC_SUCCESS; 20964 } 20965 20966 void PolicySignedErrorCallback(const Tpm::PolicySignedResponse& callback, 20967 TPM_RC response_code) { 20968 VLOG(1) << __func__; 20969 callback.Run(response_code, TPM2B_TIMEOUT(), TPMT_TK_AUTH()); 20970 } 20971 20972 void PolicySignedResponseParser(const Tpm::PolicySignedResponse& callback, 20973 AuthorizationDelegate* authorization_delegate, 20974 const std::string& response) { 20975 VLOG(1) << __func__; 20976 base::Callback<void(TPM_RC)> error_reporter = 20977 base::Bind(PolicySignedErrorCallback, callback); 20978 TPM2B_TIMEOUT timeout; 20979 TPMT_TK_AUTH policy_ticket; 20980 TPM_RC rc = Tpm::ParseResponse_PolicySigned( 20981 response, &timeout, &policy_ticket, authorization_delegate); 20982 if (rc != TPM_RC_SUCCESS) { 20983 error_reporter.Run(rc); 20984 return; 20985 } 20986 callback.Run(rc, timeout, policy_ticket); 20987 } 20988 20989 void Tpm::PolicySigned(const TPMI_DH_OBJECT& auth_object, 20990 const std::string& auth_object_name, 20991 const TPMI_SH_POLICY& policy_session, 20992 const std::string& policy_session_name, 20993 const TPM2B_NONCE& nonce_tpm, 20994 const TPM2B_DIGEST& cp_hash_a, 20995 const TPM2B_NONCE& policy_ref, 20996 const INT32& expiration, 20997 const TPMT_SIGNATURE& auth, 20998 AuthorizationDelegate* authorization_delegate, 20999 const PolicySignedResponse& callback) { 21000 VLOG(1) << __func__; 21001 base::Callback<void(TPM_RC)> error_reporter = 21002 base::Bind(PolicySignedErrorCallback, callback); 21003 base::Callback<void(const std::string&)> parser = 21004 base::Bind(PolicySignedResponseParser, callback, authorization_delegate); 21005 std::string command; 21006 TPM_RC rc = SerializeCommand_PolicySigned( 21007 auth_object, auth_object_name, policy_session, policy_session_name, 21008 nonce_tpm, cp_hash_a, policy_ref, expiration, auth, &command, 21009 authorization_delegate); 21010 if (rc != TPM_RC_SUCCESS) { 21011 error_reporter.Run(rc); 21012 return; 21013 } 21014 transceiver_->SendCommand(command, parser); 21015 } 21016 21017 TPM_RC Tpm::PolicySignedSync(const TPMI_DH_OBJECT& auth_object, 21018 const std::string& auth_object_name, 21019 const TPMI_SH_POLICY& policy_session, 21020 const std::string& policy_session_name, 21021 const TPM2B_NONCE& nonce_tpm, 21022 const TPM2B_DIGEST& cp_hash_a, 21023 const TPM2B_NONCE& policy_ref, 21024 const INT32& expiration, 21025 const TPMT_SIGNATURE& auth, 21026 TPM2B_TIMEOUT* timeout, 21027 TPMT_TK_AUTH* policy_ticket, 21028 AuthorizationDelegate* authorization_delegate) { 21029 VLOG(1) << __func__; 21030 std::string command; 21031 TPM_RC rc = SerializeCommand_PolicySigned( 21032 auth_object, auth_object_name, policy_session, policy_session_name, 21033 nonce_tpm, cp_hash_a, policy_ref, expiration, auth, &command, 21034 authorization_delegate); 21035 if (rc != TPM_RC_SUCCESS) { 21036 return rc; 21037 } 21038 std::string response = transceiver_->SendCommandAndWait(command); 21039 rc = ParseResponse_PolicySigned(response, timeout, policy_ticket, 21040 authorization_delegate); 21041 return rc; 21042 } 21043 21044 TPM_RC Tpm::SerializeCommand_PolicySecret( 21045 const TPMI_DH_ENTITY& auth_handle, 21046 const std::string& auth_handle_name, 21047 const TPMI_SH_POLICY& policy_session, 21048 const std::string& policy_session_name, 21049 const TPM2B_NONCE& nonce_tpm, 21050 const TPM2B_DIGEST& cp_hash_a, 21051 const TPM2B_NONCE& policy_ref, 21052 const INT32& expiration, 21053 std::string* serialized_command, 21054 AuthorizationDelegate* authorization_delegate) { 21055 VLOG(3) << __func__; 21056 TPM_RC rc = TPM_RC_SUCCESS; 21057 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21058 UINT32 command_size = 10; // Header size. 21059 std::string handle_section_bytes; 21060 std::string parameter_section_bytes; 21061 TPM_CC command_code = TPM_CC_PolicySecret; 21062 bool is_command_parameter_encryption_possible = true; 21063 bool is_response_parameter_encryption_possible = true; 21064 std::string command_code_bytes; 21065 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21066 if (rc != TPM_RC_SUCCESS) { 21067 return rc; 21068 } 21069 std::string auth_handle_bytes; 21070 rc = Serialize_TPMI_DH_ENTITY(auth_handle, &auth_handle_bytes); 21071 if (rc != TPM_RC_SUCCESS) { 21072 return rc; 21073 } 21074 std::string policy_session_bytes; 21075 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 21076 if (rc != TPM_RC_SUCCESS) { 21077 return rc; 21078 } 21079 std::string nonce_tpm_bytes; 21080 rc = Serialize_TPM2B_NONCE(nonce_tpm, &nonce_tpm_bytes); 21081 if (rc != TPM_RC_SUCCESS) { 21082 return rc; 21083 } 21084 std::string cp_hash_a_bytes; 21085 rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes); 21086 if (rc != TPM_RC_SUCCESS) { 21087 return rc; 21088 } 21089 std::string policy_ref_bytes; 21090 rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes); 21091 if (rc != TPM_RC_SUCCESS) { 21092 return rc; 21093 } 21094 std::string expiration_bytes; 21095 rc = Serialize_INT32(expiration, &expiration_bytes); 21096 if (rc != TPM_RC_SUCCESS) { 21097 return rc; 21098 } 21099 if (authorization_delegate) { 21100 // Encrypt just the parameter data, not the size. 21101 std::string tmp = nonce_tpm_bytes.substr(2); 21102 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 21103 return TRUNKS_RC_ENCRYPTION_FAILED; 21104 } 21105 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 21106 } 21107 std::unique_ptr<crypto::SecureHash> hash( 21108 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21109 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21110 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 21111 handle_section_bytes += auth_handle_bytes; 21112 command_size += auth_handle_bytes.size(); 21113 hash->Update(policy_session_name.data(), policy_session_name.size()); 21114 handle_section_bytes += policy_session_bytes; 21115 command_size += policy_session_bytes.size(); 21116 hash->Update(nonce_tpm_bytes.data(), nonce_tpm_bytes.size()); 21117 parameter_section_bytes += nonce_tpm_bytes; 21118 command_size += nonce_tpm_bytes.size(); 21119 hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size()); 21120 parameter_section_bytes += cp_hash_a_bytes; 21121 command_size += cp_hash_a_bytes.size(); 21122 hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size()); 21123 parameter_section_bytes += policy_ref_bytes; 21124 command_size += policy_ref_bytes.size(); 21125 hash->Update(expiration_bytes.data(), expiration_bytes.size()); 21126 parameter_section_bytes += expiration_bytes; 21127 command_size += expiration_bytes.size(); 21128 std::string command_hash(32, 0); 21129 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21130 std::string authorization_section_bytes; 21131 std::string authorization_size_bytes; 21132 if (authorization_delegate) { 21133 if (!authorization_delegate->GetCommandAuthorization( 21134 command_hash, is_command_parameter_encryption_possible, 21135 is_response_parameter_encryption_possible, 21136 &authorization_section_bytes)) { 21137 return TRUNKS_RC_AUTHORIZATION_FAILED; 21138 } 21139 if (!authorization_section_bytes.empty()) { 21140 tag = TPM_ST_SESSIONS; 21141 std::string tmp; 21142 rc = Serialize_UINT32(authorization_section_bytes.size(), 21143 &authorization_size_bytes); 21144 if (rc != TPM_RC_SUCCESS) { 21145 return rc; 21146 } 21147 command_size += 21148 authorization_size_bytes.size() + authorization_section_bytes.size(); 21149 } 21150 } 21151 std::string tag_bytes; 21152 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 21153 if (rc != TPM_RC_SUCCESS) { 21154 return rc; 21155 } 21156 std::string command_size_bytes; 21157 rc = Serialize_UINT32(command_size, &command_size_bytes); 21158 if (rc != TPM_RC_SUCCESS) { 21159 return rc; 21160 } 21161 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 21162 handle_section_bytes + authorization_size_bytes + 21163 authorization_section_bytes + parameter_section_bytes; 21164 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21165 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21166 serialized_command->size()); 21167 return TPM_RC_SUCCESS; 21168 } 21169 21170 TPM_RC Tpm::ParseResponse_PolicySecret( 21171 const std::string& response, 21172 TPM2B_TIMEOUT* timeout, 21173 TPMT_TK_AUTH* policy_ticket, 21174 AuthorizationDelegate* authorization_delegate) { 21175 VLOG(3) << __func__; 21176 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21177 TPM_RC rc = TPM_RC_SUCCESS; 21178 std::string buffer(response); 21179 TPM_ST tag; 21180 std::string tag_bytes; 21181 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 21182 if (rc != TPM_RC_SUCCESS) { 21183 return rc; 21184 } 21185 UINT32 response_size; 21186 std::string response_size_bytes; 21187 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 21188 if (rc != TPM_RC_SUCCESS) { 21189 return rc; 21190 } 21191 TPM_RC response_code; 21192 std::string response_code_bytes; 21193 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 21194 if (rc != TPM_RC_SUCCESS) { 21195 return rc; 21196 } 21197 if (response_size != response.size()) { 21198 return TPM_RC_SIZE; 21199 } 21200 if (response_code != TPM_RC_SUCCESS) { 21201 return response_code; 21202 } 21203 TPM_CC command_code = TPM_CC_PolicySecret; 21204 std::string command_code_bytes; 21205 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21206 if (rc != TPM_RC_SUCCESS) { 21207 return rc; 21208 } 21209 std::string authorization_section_bytes; 21210 if (tag == TPM_ST_SESSIONS) { 21211 UINT32 parameter_section_size = buffer.size(); 21212 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21213 if (rc != TPM_RC_SUCCESS) { 21214 return rc; 21215 } 21216 if (parameter_section_size > buffer.size()) { 21217 return TPM_RC_INSUFFICIENT; 21218 } 21219 authorization_section_bytes = buffer.substr(parameter_section_size); 21220 // Keep the parameter section in |buffer|. 21221 buffer.erase(parameter_section_size); 21222 } 21223 std::unique_ptr<crypto::SecureHash> hash( 21224 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21225 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 21226 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21227 hash->Update(buffer.data(), buffer.size()); 21228 std::string response_hash(32, 0); 21229 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21230 if (tag == TPM_ST_SESSIONS) { 21231 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21232 if (!authorization_delegate->CheckResponseAuthorization( 21233 response_hash, authorization_section_bytes)) { 21234 return TRUNKS_RC_AUTHORIZATION_FAILED; 21235 } 21236 } 21237 std::string timeout_bytes; 21238 rc = Parse_TPM2B_TIMEOUT(&buffer, timeout, &timeout_bytes); 21239 if (rc != TPM_RC_SUCCESS) { 21240 return rc; 21241 } 21242 std::string policy_ticket_bytes; 21243 rc = Parse_TPMT_TK_AUTH(&buffer, policy_ticket, &policy_ticket_bytes); 21244 if (rc != TPM_RC_SUCCESS) { 21245 return rc; 21246 } 21247 if (tag == TPM_ST_SESSIONS) { 21248 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21249 // Decrypt just the parameter data, not the size. 21250 std::string tmp = timeout_bytes.substr(2); 21251 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 21252 return TRUNKS_RC_ENCRYPTION_FAILED; 21253 } 21254 timeout_bytes.replace(2, std::string::npos, tmp); 21255 rc = Parse_TPM2B_TIMEOUT(&timeout_bytes, timeout, nullptr); 21256 if (rc != TPM_RC_SUCCESS) { 21257 return rc; 21258 } 21259 } 21260 return TPM_RC_SUCCESS; 21261 } 21262 21263 void PolicySecretErrorCallback(const Tpm::PolicySecretResponse& callback, 21264 TPM_RC response_code) { 21265 VLOG(1) << __func__; 21266 callback.Run(response_code, TPM2B_TIMEOUT(), TPMT_TK_AUTH()); 21267 } 21268 21269 void PolicySecretResponseParser(const Tpm::PolicySecretResponse& callback, 21270 AuthorizationDelegate* authorization_delegate, 21271 const std::string& response) { 21272 VLOG(1) << __func__; 21273 base::Callback<void(TPM_RC)> error_reporter = 21274 base::Bind(PolicySecretErrorCallback, callback); 21275 TPM2B_TIMEOUT timeout; 21276 TPMT_TK_AUTH policy_ticket; 21277 TPM_RC rc = Tpm::ParseResponse_PolicySecret( 21278 response, &timeout, &policy_ticket, authorization_delegate); 21279 if (rc != TPM_RC_SUCCESS) { 21280 error_reporter.Run(rc); 21281 return; 21282 } 21283 callback.Run(rc, timeout, policy_ticket); 21284 } 21285 21286 void Tpm::PolicySecret(const TPMI_DH_ENTITY& auth_handle, 21287 const std::string& auth_handle_name, 21288 const TPMI_SH_POLICY& policy_session, 21289 const std::string& policy_session_name, 21290 const TPM2B_NONCE& nonce_tpm, 21291 const TPM2B_DIGEST& cp_hash_a, 21292 const TPM2B_NONCE& policy_ref, 21293 const INT32& expiration, 21294 AuthorizationDelegate* authorization_delegate, 21295 const PolicySecretResponse& callback) { 21296 VLOG(1) << __func__; 21297 base::Callback<void(TPM_RC)> error_reporter = 21298 base::Bind(PolicySecretErrorCallback, callback); 21299 base::Callback<void(const std::string&)> parser = 21300 base::Bind(PolicySecretResponseParser, callback, authorization_delegate); 21301 std::string command; 21302 TPM_RC rc = SerializeCommand_PolicySecret( 21303 auth_handle, auth_handle_name, policy_session, policy_session_name, 21304 nonce_tpm, cp_hash_a, policy_ref, expiration, &command, 21305 authorization_delegate); 21306 if (rc != TPM_RC_SUCCESS) { 21307 error_reporter.Run(rc); 21308 return; 21309 } 21310 transceiver_->SendCommand(command, parser); 21311 } 21312 21313 TPM_RC Tpm::PolicySecretSync(const TPMI_DH_ENTITY& auth_handle, 21314 const std::string& auth_handle_name, 21315 const TPMI_SH_POLICY& policy_session, 21316 const std::string& policy_session_name, 21317 const TPM2B_NONCE& nonce_tpm, 21318 const TPM2B_DIGEST& cp_hash_a, 21319 const TPM2B_NONCE& policy_ref, 21320 const INT32& expiration, 21321 TPM2B_TIMEOUT* timeout, 21322 TPMT_TK_AUTH* policy_ticket, 21323 AuthorizationDelegate* authorization_delegate) { 21324 VLOG(1) << __func__; 21325 std::string command; 21326 TPM_RC rc = SerializeCommand_PolicySecret( 21327 auth_handle, auth_handle_name, policy_session, policy_session_name, 21328 nonce_tpm, cp_hash_a, policy_ref, expiration, &command, 21329 authorization_delegate); 21330 if (rc != TPM_RC_SUCCESS) { 21331 return rc; 21332 } 21333 std::string response = transceiver_->SendCommandAndWait(command); 21334 rc = ParseResponse_PolicySecret(response, timeout, policy_ticket, 21335 authorization_delegate); 21336 return rc; 21337 } 21338 21339 TPM_RC Tpm::SerializeCommand_PolicyTicket( 21340 const TPMI_SH_POLICY& policy_session, 21341 const std::string& policy_session_name, 21342 const TPM2B_TIMEOUT& timeout, 21343 const TPM2B_DIGEST& cp_hash_a, 21344 const TPM2B_NONCE& policy_ref, 21345 const TPM2B_NAME& auth_name, 21346 const TPMT_TK_AUTH& ticket, 21347 std::string* serialized_command, 21348 AuthorizationDelegate* authorization_delegate) { 21349 VLOG(3) << __func__; 21350 TPM_RC rc = TPM_RC_SUCCESS; 21351 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21352 UINT32 command_size = 10; // Header size. 21353 std::string handle_section_bytes; 21354 std::string parameter_section_bytes; 21355 TPM_CC command_code = TPM_CC_PolicyTicket; 21356 bool is_command_parameter_encryption_possible = true; 21357 bool is_response_parameter_encryption_possible = false; 21358 std::string command_code_bytes; 21359 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21360 if (rc != TPM_RC_SUCCESS) { 21361 return rc; 21362 } 21363 std::string policy_session_bytes; 21364 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 21365 if (rc != TPM_RC_SUCCESS) { 21366 return rc; 21367 } 21368 std::string timeout_bytes; 21369 rc = Serialize_TPM2B_TIMEOUT(timeout, &timeout_bytes); 21370 if (rc != TPM_RC_SUCCESS) { 21371 return rc; 21372 } 21373 std::string cp_hash_a_bytes; 21374 rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes); 21375 if (rc != TPM_RC_SUCCESS) { 21376 return rc; 21377 } 21378 std::string policy_ref_bytes; 21379 rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes); 21380 if (rc != TPM_RC_SUCCESS) { 21381 return rc; 21382 } 21383 std::string auth_name_bytes; 21384 rc = Serialize_TPM2B_NAME(auth_name, &auth_name_bytes); 21385 if (rc != TPM_RC_SUCCESS) { 21386 return rc; 21387 } 21388 std::string ticket_bytes; 21389 rc = Serialize_TPMT_TK_AUTH(ticket, &ticket_bytes); 21390 if (rc != TPM_RC_SUCCESS) { 21391 return rc; 21392 } 21393 if (authorization_delegate) { 21394 // Encrypt just the parameter data, not the size. 21395 std::string tmp = timeout_bytes.substr(2); 21396 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 21397 return TRUNKS_RC_ENCRYPTION_FAILED; 21398 } 21399 timeout_bytes.replace(2, std::string::npos, tmp); 21400 } 21401 std::unique_ptr<crypto::SecureHash> hash( 21402 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21403 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21404 hash->Update(policy_session_name.data(), policy_session_name.size()); 21405 handle_section_bytes += policy_session_bytes; 21406 command_size += policy_session_bytes.size(); 21407 hash->Update(timeout_bytes.data(), timeout_bytes.size()); 21408 parameter_section_bytes += timeout_bytes; 21409 command_size += timeout_bytes.size(); 21410 hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size()); 21411 parameter_section_bytes += cp_hash_a_bytes; 21412 command_size += cp_hash_a_bytes.size(); 21413 hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size()); 21414 parameter_section_bytes += policy_ref_bytes; 21415 command_size += policy_ref_bytes.size(); 21416 hash->Update(auth_name_bytes.data(), auth_name_bytes.size()); 21417 parameter_section_bytes += auth_name_bytes; 21418 command_size += auth_name_bytes.size(); 21419 hash->Update(ticket_bytes.data(), ticket_bytes.size()); 21420 parameter_section_bytes += ticket_bytes; 21421 command_size += ticket_bytes.size(); 21422 std::string command_hash(32, 0); 21423 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21424 std::string authorization_section_bytes; 21425 std::string authorization_size_bytes; 21426 if (authorization_delegate) { 21427 if (!authorization_delegate->GetCommandAuthorization( 21428 command_hash, is_command_parameter_encryption_possible, 21429 is_response_parameter_encryption_possible, 21430 &authorization_section_bytes)) { 21431 return TRUNKS_RC_AUTHORIZATION_FAILED; 21432 } 21433 if (!authorization_section_bytes.empty()) { 21434 tag = TPM_ST_SESSIONS; 21435 std::string tmp; 21436 rc = Serialize_UINT32(authorization_section_bytes.size(), 21437 &authorization_size_bytes); 21438 if (rc != TPM_RC_SUCCESS) { 21439 return rc; 21440 } 21441 command_size += 21442 authorization_size_bytes.size() + authorization_section_bytes.size(); 21443 } 21444 } 21445 std::string tag_bytes; 21446 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 21447 if (rc != TPM_RC_SUCCESS) { 21448 return rc; 21449 } 21450 std::string command_size_bytes; 21451 rc = Serialize_UINT32(command_size, &command_size_bytes); 21452 if (rc != TPM_RC_SUCCESS) { 21453 return rc; 21454 } 21455 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 21456 handle_section_bytes + authorization_size_bytes + 21457 authorization_section_bytes + parameter_section_bytes; 21458 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21459 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21460 serialized_command->size()); 21461 return TPM_RC_SUCCESS; 21462 } 21463 21464 TPM_RC Tpm::ParseResponse_PolicyTicket( 21465 const std::string& response, 21466 AuthorizationDelegate* authorization_delegate) { 21467 VLOG(3) << __func__; 21468 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21469 TPM_RC rc = TPM_RC_SUCCESS; 21470 std::string buffer(response); 21471 TPM_ST tag; 21472 std::string tag_bytes; 21473 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 21474 if (rc != TPM_RC_SUCCESS) { 21475 return rc; 21476 } 21477 UINT32 response_size; 21478 std::string response_size_bytes; 21479 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 21480 if (rc != TPM_RC_SUCCESS) { 21481 return rc; 21482 } 21483 TPM_RC response_code; 21484 std::string response_code_bytes; 21485 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 21486 if (rc != TPM_RC_SUCCESS) { 21487 return rc; 21488 } 21489 if (response_size != response.size()) { 21490 return TPM_RC_SIZE; 21491 } 21492 if (response_code != TPM_RC_SUCCESS) { 21493 return response_code; 21494 } 21495 TPM_CC command_code = TPM_CC_PolicyTicket; 21496 std::string command_code_bytes; 21497 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21498 if (rc != TPM_RC_SUCCESS) { 21499 return rc; 21500 } 21501 std::string authorization_section_bytes; 21502 if (tag == TPM_ST_SESSIONS) { 21503 UINT32 parameter_section_size = buffer.size(); 21504 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21505 if (rc != TPM_RC_SUCCESS) { 21506 return rc; 21507 } 21508 if (parameter_section_size > buffer.size()) { 21509 return TPM_RC_INSUFFICIENT; 21510 } 21511 authorization_section_bytes = buffer.substr(parameter_section_size); 21512 // Keep the parameter section in |buffer|. 21513 buffer.erase(parameter_section_size); 21514 } 21515 std::unique_ptr<crypto::SecureHash> hash( 21516 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21517 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 21518 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21519 hash->Update(buffer.data(), buffer.size()); 21520 std::string response_hash(32, 0); 21521 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21522 if (tag == TPM_ST_SESSIONS) { 21523 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21524 if (!authorization_delegate->CheckResponseAuthorization( 21525 response_hash, authorization_section_bytes)) { 21526 return TRUNKS_RC_AUTHORIZATION_FAILED; 21527 } 21528 } 21529 return TPM_RC_SUCCESS; 21530 } 21531 21532 void PolicyTicketErrorCallback(const Tpm::PolicyTicketResponse& callback, 21533 TPM_RC response_code) { 21534 VLOG(1) << __func__; 21535 callback.Run(response_code); 21536 } 21537 21538 void PolicyTicketResponseParser(const Tpm::PolicyTicketResponse& callback, 21539 AuthorizationDelegate* authorization_delegate, 21540 const std::string& response) { 21541 VLOG(1) << __func__; 21542 base::Callback<void(TPM_RC)> error_reporter = 21543 base::Bind(PolicyTicketErrorCallback, callback); 21544 TPM_RC rc = Tpm::ParseResponse_PolicyTicket(response, authorization_delegate); 21545 if (rc != TPM_RC_SUCCESS) { 21546 error_reporter.Run(rc); 21547 return; 21548 } 21549 callback.Run(rc); 21550 } 21551 21552 void Tpm::PolicyTicket(const TPMI_SH_POLICY& policy_session, 21553 const std::string& policy_session_name, 21554 const TPM2B_TIMEOUT& timeout, 21555 const TPM2B_DIGEST& cp_hash_a, 21556 const TPM2B_NONCE& policy_ref, 21557 const TPM2B_NAME& auth_name, 21558 const TPMT_TK_AUTH& ticket, 21559 AuthorizationDelegate* authorization_delegate, 21560 const PolicyTicketResponse& callback) { 21561 VLOG(1) << __func__; 21562 base::Callback<void(TPM_RC)> error_reporter = 21563 base::Bind(PolicyTicketErrorCallback, callback); 21564 base::Callback<void(const std::string&)> parser = 21565 base::Bind(PolicyTicketResponseParser, callback, authorization_delegate); 21566 std::string command; 21567 TPM_RC rc = SerializeCommand_PolicyTicket( 21568 policy_session, policy_session_name, timeout, cp_hash_a, policy_ref, 21569 auth_name, ticket, &command, authorization_delegate); 21570 if (rc != TPM_RC_SUCCESS) { 21571 error_reporter.Run(rc); 21572 return; 21573 } 21574 transceiver_->SendCommand(command, parser); 21575 } 21576 21577 TPM_RC Tpm::PolicyTicketSync(const TPMI_SH_POLICY& policy_session, 21578 const std::string& policy_session_name, 21579 const TPM2B_TIMEOUT& timeout, 21580 const TPM2B_DIGEST& cp_hash_a, 21581 const TPM2B_NONCE& policy_ref, 21582 const TPM2B_NAME& auth_name, 21583 const TPMT_TK_AUTH& ticket, 21584 AuthorizationDelegate* authorization_delegate) { 21585 VLOG(1) << __func__; 21586 std::string command; 21587 TPM_RC rc = SerializeCommand_PolicyTicket( 21588 policy_session, policy_session_name, timeout, cp_hash_a, policy_ref, 21589 auth_name, ticket, &command, authorization_delegate); 21590 if (rc != TPM_RC_SUCCESS) { 21591 return rc; 21592 } 21593 std::string response = transceiver_->SendCommandAndWait(command); 21594 rc = ParseResponse_PolicyTicket(response, authorization_delegate); 21595 return rc; 21596 } 21597 21598 TPM_RC Tpm::SerializeCommand_PolicyOR( 21599 const TPMI_SH_POLICY& policy_session, 21600 const std::string& policy_session_name, 21601 const TPML_DIGEST& p_hash_list, 21602 std::string* serialized_command, 21603 AuthorizationDelegate* authorization_delegate) { 21604 VLOG(3) << __func__; 21605 TPM_RC rc = TPM_RC_SUCCESS; 21606 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21607 UINT32 command_size = 10; // Header size. 21608 std::string handle_section_bytes; 21609 std::string parameter_section_bytes; 21610 TPM_CC command_code = TPM_CC_PolicyOR; 21611 bool is_command_parameter_encryption_possible = false; 21612 bool is_response_parameter_encryption_possible = false; 21613 std::string command_code_bytes; 21614 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21615 if (rc != TPM_RC_SUCCESS) { 21616 return rc; 21617 } 21618 std::string policy_session_bytes; 21619 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 21620 if (rc != TPM_RC_SUCCESS) { 21621 return rc; 21622 } 21623 std::string p_hash_list_bytes; 21624 rc = Serialize_TPML_DIGEST(p_hash_list, &p_hash_list_bytes); 21625 if (rc != TPM_RC_SUCCESS) { 21626 return rc; 21627 } 21628 std::unique_ptr<crypto::SecureHash> hash( 21629 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21630 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21631 hash->Update(policy_session_name.data(), policy_session_name.size()); 21632 handle_section_bytes += policy_session_bytes; 21633 command_size += policy_session_bytes.size(); 21634 hash->Update(p_hash_list_bytes.data(), p_hash_list_bytes.size()); 21635 parameter_section_bytes += p_hash_list_bytes; 21636 command_size += p_hash_list_bytes.size(); 21637 std::string command_hash(32, 0); 21638 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21639 std::string authorization_section_bytes; 21640 std::string authorization_size_bytes; 21641 if (authorization_delegate) { 21642 if (!authorization_delegate->GetCommandAuthorization( 21643 command_hash, is_command_parameter_encryption_possible, 21644 is_response_parameter_encryption_possible, 21645 &authorization_section_bytes)) { 21646 return TRUNKS_RC_AUTHORIZATION_FAILED; 21647 } 21648 if (!authorization_section_bytes.empty()) { 21649 tag = TPM_ST_SESSIONS; 21650 std::string tmp; 21651 rc = Serialize_UINT32(authorization_section_bytes.size(), 21652 &authorization_size_bytes); 21653 if (rc != TPM_RC_SUCCESS) { 21654 return rc; 21655 } 21656 command_size += 21657 authorization_size_bytes.size() + authorization_section_bytes.size(); 21658 } 21659 } 21660 std::string tag_bytes; 21661 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 21662 if (rc != TPM_RC_SUCCESS) { 21663 return rc; 21664 } 21665 std::string command_size_bytes; 21666 rc = Serialize_UINT32(command_size, &command_size_bytes); 21667 if (rc != TPM_RC_SUCCESS) { 21668 return rc; 21669 } 21670 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 21671 handle_section_bytes + authorization_size_bytes + 21672 authorization_section_bytes + parameter_section_bytes; 21673 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21674 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21675 serialized_command->size()); 21676 return TPM_RC_SUCCESS; 21677 } 21678 21679 TPM_RC Tpm::ParseResponse_PolicyOR( 21680 const std::string& response, 21681 AuthorizationDelegate* authorization_delegate) { 21682 VLOG(3) << __func__; 21683 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21684 TPM_RC rc = TPM_RC_SUCCESS; 21685 std::string buffer(response); 21686 TPM_ST tag; 21687 std::string tag_bytes; 21688 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 21689 if (rc != TPM_RC_SUCCESS) { 21690 return rc; 21691 } 21692 UINT32 response_size; 21693 std::string response_size_bytes; 21694 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 21695 if (rc != TPM_RC_SUCCESS) { 21696 return rc; 21697 } 21698 TPM_RC response_code; 21699 std::string response_code_bytes; 21700 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 21701 if (rc != TPM_RC_SUCCESS) { 21702 return rc; 21703 } 21704 if (response_size != response.size()) { 21705 return TPM_RC_SIZE; 21706 } 21707 if (response_code != TPM_RC_SUCCESS) { 21708 return response_code; 21709 } 21710 TPM_CC command_code = TPM_CC_PolicyOR; 21711 std::string command_code_bytes; 21712 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21713 if (rc != TPM_RC_SUCCESS) { 21714 return rc; 21715 } 21716 std::string authorization_section_bytes; 21717 if (tag == TPM_ST_SESSIONS) { 21718 UINT32 parameter_section_size = buffer.size(); 21719 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21720 if (rc != TPM_RC_SUCCESS) { 21721 return rc; 21722 } 21723 if (parameter_section_size > buffer.size()) { 21724 return TPM_RC_INSUFFICIENT; 21725 } 21726 authorization_section_bytes = buffer.substr(parameter_section_size); 21727 // Keep the parameter section in |buffer|. 21728 buffer.erase(parameter_section_size); 21729 } 21730 std::unique_ptr<crypto::SecureHash> hash( 21731 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21732 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 21733 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21734 hash->Update(buffer.data(), buffer.size()); 21735 std::string response_hash(32, 0); 21736 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21737 if (tag == TPM_ST_SESSIONS) { 21738 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21739 if (!authorization_delegate->CheckResponseAuthorization( 21740 response_hash, authorization_section_bytes)) { 21741 return TRUNKS_RC_AUTHORIZATION_FAILED; 21742 } 21743 } 21744 return TPM_RC_SUCCESS; 21745 } 21746 21747 void PolicyORErrorCallback(const Tpm::PolicyORResponse& callback, 21748 TPM_RC response_code) { 21749 VLOG(1) << __func__; 21750 callback.Run(response_code); 21751 } 21752 21753 void PolicyORResponseParser(const Tpm::PolicyORResponse& callback, 21754 AuthorizationDelegate* authorization_delegate, 21755 const std::string& response) { 21756 VLOG(1) << __func__; 21757 base::Callback<void(TPM_RC)> error_reporter = 21758 base::Bind(PolicyORErrorCallback, callback); 21759 TPM_RC rc = Tpm::ParseResponse_PolicyOR(response, authorization_delegate); 21760 if (rc != TPM_RC_SUCCESS) { 21761 error_reporter.Run(rc); 21762 return; 21763 } 21764 callback.Run(rc); 21765 } 21766 21767 void Tpm::PolicyOR(const TPMI_SH_POLICY& policy_session, 21768 const std::string& policy_session_name, 21769 const TPML_DIGEST& p_hash_list, 21770 AuthorizationDelegate* authorization_delegate, 21771 const PolicyORResponse& callback) { 21772 VLOG(1) << __func__; 21773 base::Callback<void(TPM_RC)> error_reporter = 21774 base::Bind(PolicyORErrorCallback, callback); 21775 base::Callback<void(const std::string&)> parser = 21776 base::Bind(PolicyORResponseParser, callback, authorization_delegate); 21777 std::string command; 21778 TPM_RC rc = 21779 SerializeCommand_PolicyOR(policy_session, policy_session_name, 21780 p_hash_list, &command, authorization_delegate); 21781 if (rc != TPM_RC_SUCCESS) { 21782 error_reporter.Run(rc); 21783 return; 21784 } 21785 transceiver_->SendCommand(command, parser); 21786 } 21787 21788 TPM_RC Tpm::PolicyORSync(const TPMI_SH_POLICY& policy_session, 21789 const std::string& policy_session_name, 21790 const TPML_DIGEST& p_hash_list, 21791 AuthorizationDelegate* authorization_delegate) { 21792 VLOG(1) << __func__; 21793 std::string command; 21794 TPM_RC rc = 21795 SerializeCommand_PolicyOR(policy_session, policy_session_name, 21796 p_hash_list, &command, authorization_delegate); 21797 if (rc != TPM_RC_SUCCESS) { 21798 return rc; 21799 } 21800 std::string response = transceiver_->SendCommandAndWait(command); 21801 rc = ParseResponse_PolicyOR(response, authorization_delegate); 21802 return rc; 21803 } 21804 21805 TPM_RC Tpm::SerializeCommand_PolicyPCR( 21806 const TPMI_SH_POLICY& policy_session, 21807 const std::string& policy_session_name, 21808 const TPM2B_DIGEST& pcr_digest, 21809 const TPML_PCR_SELECTION& pcrs, 21810 std::string* serialized_command, 21811 AuthorizationDelegate* authorization_delegate) { 21812 VLOG(3) << __func__; 21813 TPM_RC rc = TPM_RC_SUCCESS; 21814 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21815 UINT32 command_size = 10; // Header size. 21816 std::string handle_section_bytes; 21817 std::string parameter_section_bytes; 21818 TPM_CC command_code = TPM_CC_PolicyPCR; 21819 bool is_command_parameter_encryption_possible = true; 21820 bool is_response_parameter_encryption_possible = false; 21821 std::string command_code_bytes; 21822 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21823 if (rc != TPM_RC_SUCCESS) { 21824 return rc; 21825 } 21826 std::string policy_session_bytes; 21827 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 21828 if (rc != TPM_RC_SUCCESS) { 21829 return rc; 21830 } 21831 std::string pcr_digest_bytes; 21832 rc = Serialize_TPM2B_DIGEST(pcr_digest, &pcr_digest_bytes); 21833 if (rc != TPM_RC_SUCCESS) { 21834 return rc; 21835 } 21836 std::string pcrs_bytes; 21837 rc = Serialize_TPML_PCR_SELECTION(pcrs, &pcrs_bytes); 21838 if (rc != TPM_RC_SUCCESS) { 21839 return rc; 21840 } 21841 if (authorization_delegate) { 21842 // Encrypt just the parameter data, not the size. 21843 std::string tmp = pcr_digest_bytes.substr(2); 21844 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 21845 return TRUNKS_RC_ENCRYPTION_FAILED; 21846 } 21847 pcr_digest_bytes.replace(2, std::string::npos, tmp); 21848 } 21849 std::unique_ptr<crypto::SecureHash> hash( 21850 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21851 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21852 hash->Update(policy_session_name.data(), policy_session_name.size()); 21853 handle_section_bytes += policy_session_bytes; 21854 command_size += policy_session_bytes.size(); 21855 hash->Update(pcr_digest_bytes.data(), pcr_digest_bytes.size()); 21856 parameter_section_bytes += pcr_digest_bytes; 21857 command_size += pcr_digest_bytes.size(); 21858 hash->Update(pcrs_bytes.data(), pcrs_bytes.size()); 21859 parameter_section_bytes += pcrs_bytes; 21860 command_size += pcrs_bytes.size(); 21861 std::string command_hash(32, 0); 21862 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21863 std::string authorization_section_bytes; 21864 std::string authorization_size_bytes; 21865 if (authorization_delegate) { 21866 if (!authorization_delegate->GetCommandAuthorization( 21867 command_hash, is_command_parameter_encryption_possible, 21868 is_response_parameter_encryption_possible, 21869 &authorization_section_bytes)) { 21870 return TRUNKS_RC_AUTHORIZATION_FAILED; 21871 } 21872 if (!authorization_section_bytes.empty()) { 21873 tag = TPM_ST_SESSIONS; 21874 std::string tmp; 21875 rc = Serialize_UINT32(authorization_section_bytes.size(), 21876 &authorization_size_bytes); 21877 if (rc != TPM_RC_SUCCESS) { 21878 return rc; 21879 } 21880 command_size += 21881 authorization_size_bytes.size() + authorization_section_bytes.size(); 21882 } 21883 } 21884 std::string tag_bytes; 21885 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 21886 if (rc != TPM_RC_SUCCESS) { 21887 return rc; 21888 } 21889 std::string command_size_bytes; 21890 rc = Serialize_UINT32(command_size, &command_size_bytes); 21891 if (rc != TPM_RC_SUCCESS) { 21892 return rc; 21893 } 21894 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 21895 handle_section_bytes + authorization_size_bytes + 21896 authorization_section_bytes + parameter_section_bytes; 21897 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21898 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21899 serialized_command->size()); 21900 return TPM_RC_SUCCESS; 21901 } 21902 21903 TPM_RC Tpm::ParseResponse_PolicyPCR( 21904 const std::string& response, 21905 AuthorizationDelegate* authorization_delegate) { 21906 VLOG(3) << __func__; 21907 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21908 TPM_RC rc = TPM_RC_SUCCESS; 21909 std::string buffer(response); 21910 TPM_ST tag; 21911 std::string tag_bytes; 21912 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 21913 if (rc != TPM_RC_SUCCESS) { 21914 return rc; 21915 } 21916 UINT32 response_size; 21917 std::string response_size_bytes; 21918 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 21919 if (rc != TPM_RC_SUCCESS) { 21920 return rc; 21921 } 21922 TPM_RC response_code; 21923 std::string response_code_bytes; 21924 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 21925 if (rc != TPM_RC_SUCCESS) { 21926 return rc; 21927 } 21928 if (response_size != response.size()) { 21929 return TPM_RC_SIZE; 21930 } 21931 if (response_code != TPM_RC_SUCCESS) { 21932 return response_code; 21933 } 21934 TPM_CC command_code = TPM_CC_PolicyPCR; 21935 std::string command_code_bytes; 21936 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 21937 if (rc != TPM_RC_SUCCESS) { 21938 return rc; 21939 } 21940 std::string authorization_section_bytes; 21941 if (tag == TPM_ST_SESSIONS) { 21942 UINT32 parameter_section_size = buffer.size(); 21943 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21944 if (rc != TPM_RC_SUCCESS) { 21945 return rc; 21946 } 21947 if (parameter_section_size > buffer.size()) { 21948 return TPM_RC_INSUFFICIENT; 21949 } 21950 authorization_section_bytes = buffer.substr(parameter_section_size); 21951 // Keep the parameter section in |buffer|. 21952 buffer.erase(parameter_section_size); 21953 } 21954 std::unique_ptr<crypto::SecureHash> hash( 21955 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 21956 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 21957 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 21958 hash->Update(buffer.data(), buffer.size()); 21959 std::string response_hash(32, 0); 21960 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21961 if (tag == TPM_ST_SESSIONS) { 21962 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21963 if (!authorization_delegate->CheckResponseAuthorization( 21964 response_hash, authorization_section_bytes)) { 21965 return TRUNKS_RC_AUTHORIZATION_FAILED; 21966 } 21967 } 21968 return TPM_RC_SUCCESS; 21969 } 21970 21971 void PolicyPCRErrorCallback(const Tpm::PolicyPCRResponse& callback, 21972 TPM_RC response_code) { 21973 VLOG(1) << __func__; 21974 callback.Run(response_code); 21975 } 21976 21977 void PolicyPCRResponseParser(const Tpm::PolicyPCRResponse& callback, 21978 AuthorizationDelegate* authorization_delegate, 21979 const std::string& response) { 21980 VLOG(1) << __func__; 21981 base::Callback<void(TPM_RC)> error_reporter = 21982 base::Bind(PolicyPCRErrorCallback, callback); 21983 TPM_RC rc = Tpm::ParseResponse_PolicyPCR(response, authorization_delegate); 21984 if (rc != TPM_RC_SUCCESS) { 21985 error_reporter.Run(rc); 21986 return; 21987 } 21988 callback.Run(rc); 21989 } 21990 21991 void Tpm::PolicyPCR(const TPMI_SH_POLICY& policy_session, 21992 const std::string& policy_session_name, 21993 const TPM2B_DIGEST& pcr_digest, 21994 const TPML_PCR_SELECTION& pcrs, 21995 AuthorizationDelegate* authorization_delegate, 21996 const PolicyPCRResponse& callback) { 21997 VLOG(1) << __func__; 21998 base::Callback<void(TPM_RC)> error_reporter = 21999 base::Bind(PolicyPCRErrorCallback, callback); 22000 base::Callback<void(const std::string&)> parser = 22001 base::Bind(PolicyPCRResponseParser, callback, authorization_delegate); 22002 std::string command; 22003 TPM_RC rc = SerializeCommand_PolicyPCR(policy_session, policy_session_name, 22004 pcr_digest, pcrs, &command, 22005 authorization_delegate); 22006 if (rc != TPM_RC_SUCCESS) { 22007 error_reporter.Run(rc); 22008 return; 22009 } 22010 transceiver_->SendCommand(command, parser); 22011 } 22012 22013 TPM_RC Tpm::PolicyPCRSync(const TPMI_SH_POLICY& policy_session, 22014 const std::string& policy_session_name, 22015 const TPM2B_DIGEST& pcr_digest, 22016 const TPML_PCR_SELECTION& pcrs, 22017 AuthorizationDelegate* authorization_delegate) { 22018 VLOG(1) << __func__; 22019 std::string command; 22020 TPM_RC rc = SerializeCommand_PolicyPCR(policy_session, policy_session_name, 22021 pcr_digest, pcrs, &command, 22022 authorization_delegate); 22023 if (rc != TPM_RC_SUCCESS) { 22024 return rc; 22025 } 22026 std::string response = transceiver_->SendCommandAndWait(command); 22027 rc = ParseResponse_PolicyPCR(response, authorization_delegate); 22028 return rc; 22029 } 22030 22031 TPM_RC Tpm::SerializeCommand_PolicyLocality( 22032 const TPMI_SH_POLICY& policy_session, 22033 const std::string& policy_session_name, 22034 const TPMA_LOCALITY& locality, 22035 std::string* serialized_command, 22036 AuthorizationDelegate* authorization_delegate) { 22037 VLOG(3) << __func__; 22038 TPM_RC rc = TPM_RC_SUCCESS; 22039 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22040 UINT32 command_size = 10; // Header size. 22041 std::string handle_section_bytes; 22042 std::string parameter_section_bytes; 22043 TPM_CC command_code = TPM_CC_PolicyLocality; 22044 bool is_command_parameter_encryption_possible = false; 22045 bool is_response_parameter_encryption_possible = false; 22046 std::string command_code_bytes; 22047 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22048 if (rc != TPM_RC_SUCCESS) { 22049 return rc; 22050 } 22051 std::string policy_session_bytes; 22052 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 22053 if (rc != TPM_RC_SUCCESS) { 22054 return rc; 22055 } 22056 std::string locality_bytes; 22057 rc = Serialize_TPMA_LOCALITY(locality, &locality_bytes); 22058 if (rc != TPM_RC_SUCCESS) { 22059 return rc; 22060 } 22061 std::unique_ptr<crypto::SecureHash> hash( 22062 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22063 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22064 hash->Update(policy_session_name.data(), policy_session_name.size()); 22065 handle_section_bytes += policy_session_bytes; 22066 command_size += policy_session_bytes.size(); 22067 hash->Update(locality_bytes.data(), locality_bytes.size()); 22068 parameter_section_bytes += locality_bytes; 22069 command_size += locality_bytes.size(); 22070 std::string command_hash(32, 0); 22071 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22072 std::string authorization_section_bytes; 22073 std::string authorization_size_bytes; 22074 if (authorization_delegate) { 22075 if (!authorization_delegate->GetCommandAuthorization( 22076 command_hash, is_command_parameter_encryption_possible, 22077 is_response_parameter_encryption_possible, 22078 &authorization_section_bytes)) { 22079 return TRUNKS_RC_AUTHORIZATION_FAILED; 22080 } 22081 if (!authorization_section_bytes.empty()) { 22082 tag = TPM_ST_SESSIONS; 22083 std::string tmp; 22084 rc = Serialize_UINT32(authorization_section_bytes.size(), 22085 &authorization_size_bytes); 22086 if (rc != TPM_RC_SUCCESS) { 22087 return rc; 22088 } 22089 command_size += 22090 authorization_size_bytes.size() + authorization_section_bytes.size(); 22091 } 22092 } 22093 std::string tag_bytes; 22094 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 22095 if (rc != TPM_RC_SUCCESS) { 22096 return rc; 22097 } 22098 std::string command_size_bytes; 22099 rc = Serialize_UINT32(command_size, &command_size_bytes); 22100 if (rc != TPM_RC_SUCCESS) { 22101 return rc; 22102 } 22103 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 22104 handle_section_bytes + authorization_size_bytes + 22105 authorization_section_bytes + parameter_section_bytes; 22106 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22107 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22108 serialized_command->size()); 22109 return TPM_RC_SUCCESS; 22110 } 22111 22112 TPM_RC Tpm::ParseResponse_PolicyLocality( 22113 const std::string& response, 22114 AuthorizationDelegate* authorization_delegate) { 22115 VLOG(3) << __func__; 22116 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22117 TPM_RC rc = TPM_RC_SUCCESS; 22118 std::string buffer(response); 22119 TPM_ST tag; 22120 std::string tag_bytes; 22121 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 22122 if (rc != TPM_RC_SUCCESS) { 22123 return rc; 22124 } 22125 UINT32 response_size; 22126 std::string response_size_bytes; 22127 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 22128 if (rc != TPM_RC_SUCCESS) { 22129 return rc; 22130 } 22131 TPM_RC response_code; 22132 std::string response_code_bytes; 22133 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 22134 if (rc != TPM_RC_SUCCESS) { 22135 return rc; 22136 } 22137 if (response_size != response.size()) { 22138 return TPM_RC_SIZE; 22139 } 22140 if (response_code != TPM_RC_SUCCESS) { 22141 return response_code; 22142 } 22143 TPM_CC command_code = TPM_CC_PolicyLocality; 22144 std::string command_code_bytes; 22145 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22146 if (rc != TPM_RC_SUCCESS) { 22147 return rc; 22148 } 22149 std::string authorization_section_bytes; 22150 if (tag == TPM_ST_SESSIONS) { 22151 UINT32 parameter_section_size = buffer.size(); 22152 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22153 if (rc != TPM_RC_SUCCESS) { 22154 return rc; 22155 } 22156 if (parameter_section_size > buffer.size()) { 22157 return TPM_RC_INSUFFICIENT; 22158 } 22159 authorization_section_bytes = buffer.substr(parameter_section_size); 22160 // Keep the parameter section in |buffer|. 22161 buffer.erase(parameter_section_size); 22162 } 22163 std::unique_ptr<crypto::SecureHash> hash( 22164 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22165 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 22166 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22167 hash->Update(buffer.data(), buffer.size()); 22168 std::string response_hash(32, 0); 22169 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22170 if (tag == TPM_ST_SESSIONS) { 22171 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22172 if (!authorization_delegate->CheckResponseAuthorization( 22173 response_hash, authorization_section_bytes)) { 22174 return TRUNKS_RC_AUTHORIZATION_FAILED; 22175 } 22176 } 22177 return TPM_RC_SUCCESS; 22178 } 22179 22180 void PolicyLocalityErrorCallback(const Tpm::PolicyLocalityResponse& callback, 22181 TPM_RC response_code) { 22182 VLOG(1) << __func__; 22183 callback.Run(response_code); 22184 } 22185 22186 void PolicyLocalityResponseParser(const Tpm::PolicyLocalityResponse& callback, 22187 AuthorizationDelegate* authorization_delegate, 22188 const std::string& response) { 22189 VLOG(1) << __func__; 22190 base::Callback<void(TPM_RC)> error_reporter = 22191 base::Bind(PolicyLocalityErrorCallback, callback); 22192 TPM_RC rc = 22193 Tpm::ParseResponse_PolicyLocality(response, authorization_delegate); 22194 if (rc != TPM_RC_SUCCESS) { 22195 error_reporter.Run(rc); 22196 return; 22197 } 22198 callback.Run(rc); 22199 } 22200 22201 void Tpm::PolicyLocality(const TPMI_SH_POLICY& policy_session, 22202 const std::string& policy_session_name, 22203 const TPMA_LOCALITY& locality, 22204 AuthorizationDelegate* authorization_delegate, 22205 const PolicyLocalityResponse& callback) { 22206 VLOG(1) << __func__; 22207 base::Callback<void(TPM_RC)> error_reporter = 22208 base::Bind(PolicyLocalityErrorCallback, callback); 22209 base::Callback<void(const std::string&)> parser = base::Bind( 22210 PolicyLocalityResponseParser, callback, authorization_delegate); 22211 std::string command; 22212 TPM_RC rc = SerializeCommand_PolicyLocality(policy_session, 22213 policy_session_name, locality, 22214 &command, authorization_delegate); 22215 if (rc != TPM_RC_SUCCESS) { 22216 error_reporter.Run(rc); 22217 return; 22218 } 22219 transceiver_->SendCommand(command, parser); 22220 } 22221 22222 TPM_RC Tpm::PolicyLocalitySync(const TPMI_SH_POLICY& policy_session, 22223 const std::string& policy_session_name, 22224 const TPMA_LOCALITY& locality, 22225 AuthorizationDelegate* authorization_delegate) { 22226 VLOG(1) << __func__; 22227 std::string command; 22228 TPM_RC rc = SerializeCommand_PolicyLocality(policy_session, 22229 policy_session_name, locality, 22230 &command, authorization_delegate); 22231 if (rc != TPM_RC_SUCCESS) { 22232 return rc; 22233 } 22234 std::string response = transceiver_->SendCommandAndWait(command); 22235 rc = ParseResponse_PolicyLocality(response, authorization_delegate); 22236 return rc; 22237 } 22238 22239 TPM_RC Tpm::SerializeCommand_PolicyNV( 22240 const TPMI_RH_NV_AUTH& auth_handle, 22241 const std::string& auth_handle_name, 22242 const TPMI_RH_NV_INDEX& nv_index, 22243 const std::string& nv_index_name, 22244 const TPMI_SH_POLICY& policy_session, 22245 const std::string& policy_session_name, 22246 const TPM2B_OPERAND& operand_b, 22247 const UINT16& offset, 22248 const TPM_EO& operation, 22249 std::string* serialized_command, 22250 AuthorizationDelegate* authorization_delegate) { 22251 VLOG(3) << __func__; 22252 TPM_RC rc = TPM_RC_SUCCESS; 22253 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22254 UINT32 command_size = 10; // Header size. 22255 std::string handle_section_bytes; 22256 std::string parameter_section_bytes; 22257 TPM_CC command_code = TPM_CC_PolicyNV; 22258 bool is_command_parameter_encryption_possible = true; 22259 bool is_response_parameter_encryption_possible = false; 22260 std::string command_code_bytes; 22261 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22262 if (rc != TPM_RC_SUCCESS) { 22263 return rc; 22264 } 22265 std::string auth_handle_bytes; 22266 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 22267 if (rc != TPM_RC_SUCCESS) { 22268 return rc; 22269 } 22270 std::string nv_index_bytes; 22271 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 22272 if (rc != TPM_RC_SUCCESS) { 22273 return rc; 22274 } 22275 std::string policy_session_bytes; 22276 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 22277 if (rc != TPM_RC_SUCCESS) { 22278 return rc; 22279 } 22280 std::string operand_b_bytes; 22281 rc = Serialize_TPM2B_OPERAND(operand_b, &operand_b_bytes); 22282 if (rc != TPM_RC_SUCCESS) { 22283 return rc; 22284 } 22285 std::string offset_bytes; 22286 rc = Serialize_UINT16(offset, &offset_bytes); 22287 if (rc != TPM_RC_SUCCESS) { 22288 return rc; 22289 } 22290 std::string operation_bytes; 22291 rc = Serialize_TPM_EO(operation, &operation_bytes); 22292 if (rc != TPM_RC_SUCCESS) { 22293 return rc; 22294 } 22295 if (authorization_delegate) { 22296 // Encrypt just the parameter data, not the size. 22297 std::string tmp = operand_b_bytes.substr(2); 22298 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 22299 return TRUNKS_RC_ENCRYPTION_FAILED; 22300 } 22301 operand_b_bytes.replace(2, std::string::npos, tmp); 22302 } 22303 std::unique_ptr<crypto::SecureHash> hash( 22304 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22305 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22306 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 22307 handle_section_bytes += auth_handle_bytes; 22308 command_size += auth_handle_bytes.size(); 22309 hash->Update(nv_index_name.data(), nv_index_name.size()); 22310 handle_section_bytes += nv_index_bytes; 22311 command_size += nv_index_bytes.size(); 22312 hash->Update(policy_session_name.data(), policy_session_name.size()); 22313 handle_section_bytes += policy_session_bytes; 22314 command_size += policy_session_bytes.size(); 22315 hash->Update(operand_b_bytes.data(), operand_b_bytes.size()); 22316 parameter_section_bytes += operand_b_bytes; 22317 command_size += operand_b_bytes.size(); 22318 hash->Update(offset_bytes.data(), offset_bytes.size()); 22319 parameter_section_bytes += offset_bytes; 22320 command_size += offset_bytes.size(); 22321 hash->Update(operation_bytes.data(), operation_bytes.size()); 22322 parameter_section_bytes += operation_bytes; 22323 command_size += operation_bytes.size(); 22324 std::string command_hash(32, 0); 22325 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22326 std::string authorization_section_bytes; 22327 std::string authorization_size_bytes; 22328 if (authorization_delegate) { 22329 if (!authorization_delegate->GetCommandAuthorization( 22330 command_hash, is_command_parameter_encryption_possible, 22331 is_response_parameter_encryption_possible, 22332 &authorization_section_bytes)) { 22333 return TRUNKS_RC_AUTHORIZATION_FAILED; 22334 } 22335 if (!authorization_section_bytes.empty()) { 22336 tag = TPM_ST_SESSIONS; 22337 std::string tmp; 22338 rc = Serialize_UINT32(authorization_section_bytes.size(), 22339 &authorization_size_bytes); 22340 if (rc != TPM_RC_SUCCESS) { 22341 return rc; 22342 } 22343 command_size += 22344 authorization_size_bytes.size() + authorization_section_bytes.size(); 22345 } 22346 } 22347 std::string tag_bytes; 22348 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 22349 if (rc != TPM_RC_SUCCESS) { 22350 return rc; 22351 } 22352 std::string command_size_bytes; 22353 rc = Serialize_UINT32(command_size, &command_size_bytes); 22354 if (rc != TPM_RC_SUCCESS) { 22355 return rc; 22356 } 22357 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 22358 handle_section_bytes + authorization_size_bytes + 22359 authorization_section_bytes + parameter_section_bytes; 22360 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22361 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22362 serialized_command->size()); 22363 return TPM_RC_SUCCESS; 22364 } 22365 22366 TPM_RC Tpm::ParseResponse_PolicyNV( 22367 const std::string& response, 22368 AuthorizationDelegate* authorization_delegate) { 22369 VLOG(3) << __func__; 22370 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22371 TPM_RC rc = TPM_RC_SUCCESS; 22372 std::string buffer(response); 22373 TPM_ST tag; 22374 std::string tag_bytes; 22375 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 22376 if (rc != TPM_RC_SUCCESS) { 22377 return rc; 22378 } 22379 UINT32 response_size; 22380 std::string response_size_bytes; 22381 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 22382 if (rc != TPM_RC_SUCCESS) { 22383 return rc; 22384 } 22385 TPM_RC response_code; 22386 std::string response_code_bytes; 22387 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 22388 if (rc != TPM_RC_SUCCESS) { 22389 return rc; 22390 } 22391 if (response_size != response.size()) { 22392 return TPM_RC_SIZE; 22393 } 22394 if (response_code != TPM_RC_SUCCESS) { 22395 return response_code; 22396 } 22397 TPM_CC command_code = TPM_CC_PolicyNV; 22398 std::string command_code_bytes; 22399 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22400 if (rc != TPM_RC_SUCCESS) { 22401 return rc; 22402 } 22403 std::string authorization_section_bytes; 22404 if (tag == TPM_ST_SESSIONS) { 22405 UINT32 parameter_section_size = buffer.size(); 22406 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22407 if (rc != TPM_RC_SUCCESS) { 22408 return rc; 22409 } 22410 if (parameter_section_size > buffer.size()) { 22411 return TPM_RC_INSUFFICIENT; 22412 } 22413 authorization_section_bytes = buffer.substr(parameter_section_size); 22414 // Keep the parameter section in |buffer|. 22415 buffer.erase(parameter_section_size); 22416 } 22417 std::unique_ptr<crypto::SecureHash> hash( 22418 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22419 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 22420 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22421 hash->Update(buffer.data(), buffer.size()); 22422 std::string response_hash(32, 0); 22423 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22424 if (tag == TPM_ST_SESSIONS) { 22425 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22426 if (!authorization_delegate->CheckResponseAuthorization( 22427 response_hash, authorization_section_bytes)) { 22428 return TRUNKS_RC_AUTHORIZATION_FAILED; 22429 } 22430 } 22431 return TPM_RC_SUCCESS; 22432 } 22433 22434 void PolicyNVErrorCallback(const Tpm::PolicyNVResponse& callback, 22435 TPM_RC response_code) { 22436 VLOG(1) << __func__; 22437 callback.Run(response_code); 22438 } 22439 22440 void PolicyNVResponseParser(const Tpm::PolicyNVResponse& callback, 22441 AuthorizationDelegate* authorization_delegate, 22442 const std::string& response) { 22443 VLOG(1) << __func__; 22444 base::Callback<void(TPM_RC)> error_reporter = 22445 base::Bind(PolicyNVErrorCallback, callback); 22446 TPM_RC rc = Tpm::ParseResponse_PolicyNV(response, authorization_delegate); 22447 if (rc != TPM_RC_SUCCESS) { 22448 error_reporter.Run(rc); 22449 return; 22450 } 22451 callback.Run(rc); 22452 } 22453 22454 void Tpm::PolicyNV(const TPMI_RH_NV_AUTH& auth_handle, 22455 const std::string& auth_handle_name, 22456 const TPMI_RH_NV_INDEX& nv_index, 22457 const std::string& nv_index_name, 22458 const TPMI_SH_POLICY& policy_session, 22459 const std::string& policy_session_name, 22460 const TPM2B_OPERAND& operand_b, 22461 const UINT16& offset, 22462 const TPM_EO& operation, 22463 AuthorizationDelegate* authorization_delegate, 22464 const PolicyNVResponse& callback) { 22465 VLOG(1) << __func__; 22466 base::Callback<void(TPM_RC)> error_reporter = 22467 base::Bind(PolicyNVErrorCallback, callback); 22468 base::Callback<void(const std::string&)> parser = 22469 base::Bind(PolicyNVResponseParser, callback, authorization_delegate); 22470 std::string command; 22471 TPM_RC rc = SerializeCommand_PolicyNV( 22472 auth_handle, auth_handle_name, nv_index, nv_index_name, policy_session, 22473 policy_session_name, operand_b, offset, operation, &command, 22474 authorization_delegate); 22475 if (rc != TPM_RC_SUCCESS) { 22476 error_reporter.Run(rc); 22477 return; 22478 } 22479 transceiver_->SendCommand(command, parser); 22480 } 22481 22482 TPM_RC Tpm::PolicyNVSync(const TPMI_RH_NV_AUTH& auth_handle, 22483 const std::string& auth_handle_name, 22484 const TPMI_RH_NV_INDEX& nv_index, 22485 const std::string& nv_index_name, 22486 const TPMI_SH_POLICY& policy_session, 22487 const std::string& policy_session_name, 22488 const TPM2B_OPERAND& operand_b, 22489 const UINT16& offset, 22490 const TPM_EO& operation, 22491 AuthorizationDelegate* authorization_delegate) { 22492 VLOG(1) << __func__; 22493 std::string command; 22494 TPM_RC rc = SerializeCommand_PolicyNV( 22495 auth_handle, auth_handle_name, nv_index, nv_index_name, policy_session, 22496 policy_session_name, operand_b, offset, operation, &command, 22497 authorization_delegate); 22498 if (rc != TPM_RC_SUCCESS) { 22499 return rc; 22500 } 22501 std::string response = transceiver_->SendCommandAndWait(command); 22502 rc = ParseResponse_PolicyNV(response, authorization_delegate); 22503 return rc; 22504 } 22505 22506 TPM_RC Tpm::SerializeCommand_PolicyCounterTimer( 22507 const TPMI_SH_POLICY& policy_session, 22508 const std::string& policy_session_name, 22509 const TPM2B_OPERAND& operand_b, 22510 const UINT16& offset, 22511 const TPM_EO& operation, 22512 std::string* serialized_command, 22513 AuthorizationDelegate* authorization_delegate) { 22514 VLOG(3) << __func__; 22515 TPM_RC rc = TPM_RC_SUCCESS; 22516 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22517 UINT32 command_size = 10; // Header size. 22518 std::string handle_section_bytes; 22519 std::string parameter_section_bytes; 22520 TPM_CC command_code = TPM_CC_PolicyCounterTimer; 22521 bool is_command_parameter_encryption_possible = true; 22522 bool is_response_parameter_encryption_possible = false; 22523 std::string command_code_bytes; 22524 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22525 if (rc != TPM_RC_SUCCESS) { 22526 return rc; 22527 } 22528 std::string policy_session_bytes; 22529 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 22530 if (rc != TPM_RC_SUCCESS) { 22531 return rc; 22532 } 22533 std::string operand_b_bytes; 22534 rc = Serialize_TPM2B_OPERAND(operand_b, &operand_b_bytes); 22535 if (rc != TPM_RC_SUCCESS) { 22536 return rc; 22537 } 22538 std::string offset_bytes; 22539 rc = Serialize_UINT16(offset, &offset_bytes); 22540 if (rc != TPM_RC_SUCCESS) { 22541 return rc; 22542 } 22543 std::string operation_bytes; 22544 rc = Serialize_TPM_EO(operation, &operation_bytes); 22545 if (rc != TPM_RC_SUCCESS) { 22546 return rc; 22547 } 22548 if (authorization_delegate) { 22549 // Encrypt just the parameter data, not the size. 22550 std::string tmp = operand_b_bytes.substr(2); 22551 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 22552 return TRUNKS_RC_ENCRYPTION_FAILED; 22553 } 22554 operand_b_bytes.replace(2, std::string::npos, tmp); 22555 } 22556 std::unique_ptr<crypto::SecureHash> hash( 22557 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22558 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22559 hash->Update(policy_session_name.data(), policy_session_name.size()); 22560 handle_section_bytes += policy_session_bytes; 22561 command_size += policy_session_bytes.size(); 22562 hash->Update(operand_b_bytes.data(), operand_b_bytes.size()); 22563 parameter_section_bytes += operand_b_bytes; 22564 command_size += operand_b_bytes.size(); 22565 hash->Update(offset_bytes.data(), offset_bytes.size()); 22566 parameter_section_bytes += offset_bytes; 22567 command_size += offset_bytes.size(); 22568 hash->Update(operation_bytes.data(), operation_bytes.size()); 22569 parameter_section_bytes += operation_bytes; 22570 command_size += operation_bytes.size(); 22571 std::string command_hash(32, 0); 22572 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22573 std::string authorization_section_bytes; 22574 std::string authorization_size_bytes; 22575 if (authorization_delegate) { 22576 if (!authorization_delegate->GetCommandAuthorization( 22577 command_hash, is_command_parameter_encryption_possible, 22578 is_response_parameter_encryption_possible, 22579 &authorization_section_bytes)) { 22580 return TRUNKS_RC_AUTHORIZATION_FAILED; 22581 } 22582 if (!authorization_section_bytes.empty()) { 22583 tag = TPM_ST_SESSIONS; 22584 std::string tmp; 22585 rc = Serialize_UINT32(authorization_section_bytes.size(), 22586 &authorization_size_bytes); 22587 if (rc != TPM_RC_SUCCESS) { 22588 return rc; 22589 } 22590 command_size += 22591 authorization_size_bytes.size() + authorization_section_bytes.size(); 22592 } 22593 } 22594 std::string tag_bytes; 22595 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 22596 if (rc != TPM_RC_SUCCESS) { 22597 return rc; 22598 } 22599 std::string command_size_bytes; 22600 rc = Serialize_UINT32(command_size, &command_size_bytes); 22601 if (rc != TPM_RC_SUCCESS) { 22602 return rc; 22603 } 22604 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 22605 handle_section_bytes + authorization_size_bytes + 22606 authorization_section_bytes + parameter_section_bytes; 22607 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22608 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22609 serialized_command->size()); 22610 return TPM_RC_SUCCESS; 22611 } 22612 22613 TPM_RC Tpm::ParseResponse_PolicyCounterTimer( 22614 const std::string& response, 22615 AuthorizationDelegate* authorization_delegate) { 22616 VLOG(3) << __func__; 22617 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22618 TPM_RC rc = TPM_RC_SUCCESS; 22619 std::string buffer(response); 22620 TPM_ST tag; 22621 std::string tag_bytes; 22622 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 22623 if (rc != TPM_RC_SUCCESS) { 22624 return rc; 22625 } 22626 UINT32 response_size; 22627 std::string response_size_bytes; 22628 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 22629 if (rc != TPM_RC_SUCCESS) { 22630 return rc; 22631 } 22632 TPM_RC response_code; 22633 std::string response_code_bytes; 22634 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 22635 if (rc != TPM_RC_SUCCESS) { 22636 return rc; 22637 } 22638 if (response_size != response.size()) { 22639 return TPM_RC_SIZE; 22640 } 22641 if (response_code != TPM_RC_SUCCESS) { 22642 return response_code; 22643 } 22644 TPM_CC command_code = TPM_CC_PolicyCounterTimer; 22645 std::string command_code_bytes; 22646 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22647 if (rc != TPM_RC_SUCCESS) { 22648 return rc; 22649 } 22650 std::string authorization_section_bytes; 22651 if (tag == TPM_ST_SESSIONS) { 22652 UINT32 parameter_section_size = buffer.size(); 22653 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22654 if (rc != TPM_RC_SUCCESS) { 22655 return rc; 22656 } 22657 if (parameter_section_size > buffer.size()) { 22658 return TPM_RC_INSUFFICIENT; 22659 } 22660 authorization_section_bytes = buffer.substr(parameter_section_size); 22661 // Keep the parameter section in |buffer|. 22662 buffer.erase(parameter_section_size); 22663 } 22664 std::unique_ptr<crypto::SecureHash> hash( 22665 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22666 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 22667 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22668 hash->Update(buffer.data(), buffer.size()); 22669 std::string response_hash(32, 0); 22670 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22671 if (tag == TPM_ST_SESSIONS) { 22672 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22673 if (!authorization_delegate->CheckResponseAuthorization( 22674 response_hash, authorization_section_bytes)) { 22675 return TRUNKS_RC_AUTHORIZATION_FAILED; 22676 } 22677 } 22678 return TPM_RC_SUCCESS; 22679 } 22680 22681 void PolicyCounterTimerErrorCallback( 22682 const Tpm::PolicyCounterTimerResponse& callback, 22683 TPM_RC response_code) { 22684 VLOG(1) << __func__; 22685 callback.Run(response_code); 22686 } 22687 22688 void PolicyCounterTimerResponseParser( 22689 const Tpm::PolicyCounterTimerResponse& callback, 22690 AuthorizationDelegate* authorization_delegate, 22691 const std::string& response) { 22692 VLOG(1) << __func__; 22693 base::Callback<void(TPM_RC)> error_reporter = 22694 base::Bind(PolicyCounterTimerErrorCallback, callback); 22695 TPM_RC rc = 22696 Tpm::ParseResponse_PolicyCounterTimer(response, authorization_delegate); 22697 if (rc != TPM_RC_SUCCESS) { 22698 error_reporter.Run(rc); 22699 return; 22700 } 22701 callback.Run(rc); 22702 } 22703 22704 void Tpm::PolicyCounterTimer(const TPMI_SH_POLICY& policy_session, 22705 const std::string& policy_session_name, 22706 const TPM2B_OPERAND& operand_b, 22707 const UINT16& offset, 22708 const TPM_EO& operation, 22709 AuthorizationDelegate* authorization_delegate, 22710 const PolicyCounterTimerResponse& callback) { 22711 VLOG(1) << __func__; 22712 base::Callback<void(TPM_RC)> error_reporter = 22713 base::Bind(PolicyCounterTimerErrorCallback, callback); 22714 base::Callback<void(const std::string&)> parser = base::Bind( 22715 PolicyCounterTimerResponseParser, callback, authorization_delegate); 22716 std::string command; 22717 TPM_RC rc = SerializeCommand_PolicyCounterTimer( 22718 policy_session, policy_session_name, operand_b, offset, operation, 22719 &command, authorization_delegate); 22720 if (rc != TPM_RC_SUCCESS) { 22721 error_reporter.Run(rc); 22722 return; 22723 } 22724 transceiver_->SendCommand(command, parser); 22725 } 22726 22727 TPM_RC Tpm::PolicyCounterTimerSync( 22728 const TPMI_SH_POLICY& policy_session, 22729 const std::string& policy_session_name, 22730 const TPM2B_OPERAND& operand_b, 22731 const UINT16& offset, 22732 const TPM_EO& operation, 22733 AuthorizationDelegate* authorization_delegate) { 22734 VLOG(1) << __func__; 22735 std::string command; 22736 TPM_RC rc = SerializeCommand_PolicyCounterTimer( 22737 policy_session, policy_session_name, operand_b, offset, operation, 22738 &command, authorization_delegate); 22739 if (rc != TPM_RC_SUCCESS) { 22740 return rc; 22741 } 22742 std::string response = transceiver_->SendCommandAndWait(command); 22743 rc = ParseResponse_PolicyCounterTimer(response, authorization_delegate); 22744 return rc; 22745 } 22746 22747 TPM_RC Tpm::SerializeCommand_PolicyCommandCode( 22748 const TPMI_SH_POLICY& policy_session, 22749 const std::string& policy_session_name, 22750 const TPM_CC& code, 22751 std::string* serialized_command, 22752 AuthorizationDelegate* authorization_delegate) { 22753 VLOG(3) << __func__; 22754 TPM_RC rc = TPM_RC_SUCCESS; 22755 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22756 UINT32 command_size = 10; // Header size. 22757 std::string handle_section_bytes; 22758 std::string parameter_section_bytes; 22759 TPM_CC command_code = TPM_CC_PolicyCommandCode; 22760 bool is_command_parameter_encryption_possible = false; 22761 bool is_response_parameter_encryption_possible = false; 22762 std::string command_code_bytes; 22763 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22764 if (rc != TPM_RC_SUCCESS) { 22765 return rc; 22766 } 22767 std::string policy_session_bytes; 22768 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 22769 if (rc != TPM_RC_SUCCESS) { 22770 return rc; 22771 } 22772 std::string code_bytes; 22773 rc = Serialize_TPM_CC(code, &code_bytes); 22774 if (rc != TPM_RC_SUCCESS) { 22775 return rc; 22776 } 22777 std::unique_ptr<crypto::SecureHash> hash( 22778 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22779 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22780 hash->Update(policy_session_name.data(), policy_session_name.size()); 22781 handle_section_bytes += policy_session_bytes; 22782 command_size += policy_session_bytes.size(); 22783 hash->Update(code_bytes.data(), code_bytes.size()); 22784 parameter_section_bytes += code_bytes; 22785 command_size += code_bytes.size(); 22786 std::string command_hash(32, 0); 22787 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22788 std::string authorization_section_bytes; 22789 std::string authorization_size_bytes; 22790 if (authorization_delegate) { 22791 if (!authorization_delegate->GetCommandAuthorization( 22792 command_hash, is_command_parameter_encryption_possible, 22793 is_response_parameter_encryption_possible, 22794 &authorization_section_bytes)) { 22795 return TRUNKS_RC_AUTHORIZATION_FAILED; 22796 } 22797 if (!authorization_section_bytes.empty()) { 22798 tag = TPM_ST_SESSIONS; 22799 std::string tmp; 22800 rc = Serialize_UINT32(authorization_section_bytes.size(), 22801 &authorization_size_bytes); 22802 if (rc != TPM_RC_SUCCESS) { 22803 return rc; 22804 } 22805 command_size += 22806 authorization_size_bytes.size() + authorization_section_bytes.size(); 22807 } 22808 } 22809 std::string tag_bytes; 22810 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 22811 if (rc != TPM_RC_SUCCESS) { 22812 return rc; 22813 } 22814 std::string command_size_bytes; 22815 rc = Serialize_UINT32(command_size, &command_size_bytes); 22816 if (rc != TPM_RC_SUCCESS) { 22817 return rc; 22818 } 22819 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 22820 handle_section_bytes + authorization_size_bytes + 22821 authorization_section_bytes + parameter_section_bytes; 22822 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22823 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22824 serialized_command->size()); 22825 return TPM_RC_SUCCESS; 22826 } 22827 22828 TPM_RC Tpm::ParseResponse_PolicyCommandCode( 22829 const std::string& response, 22830 AuthorizationDelegate* authorization_delegate) { 22831 VLOG(3) << __func__; 22832 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22833 TPM_RC rc = TPM_RC_SUCCESS; 22834 std::string buffer(response); 22835 TPM_ST tag; 22836 std::string tag_bytes; 22837 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 22838 if (rc != TPM_RC_SUCCESS) { 22839 return rc; 22840 } 22841 UINT32 response_size; 22842 std::string response_size_bytes; 22843 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 22844 if (rc != TPM_RC_SUCCESS) { 22845 return rc; 22846 } 22847 TPM_RC response_code; 22848 std::string response_code_bytes; 22849 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 22850 if (rc != TPM_RC_SUCCESS) { 22851 return rc; 22852 } 22853 if (response_size != response.size()) { 22854 return TPM_RC_SIZE; 22855 } 22856 if (response_code != TPM_RC_SUCCESS) { 22857 return response_code; 22858 } 22859 TPM_CC command_code = TPM_CC_PolicyCommandCode; 22860 std::string command_code_bytes; 22861 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22862 if (rc != TPM_RC_SUCCESS) { 22863 return rc; 22864 } 22865 std::string authorization_section_bytes; 22866 if (tag == TPM_ST_SESSIONS) { 22867 UINT32 parameter_section_size = buffer.size(); 22868 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22869 if (rc != TPM_RC_SUCCESS) { 22870 return rc; 22871 } 22872 if (parameter_section_size > buffer.size()) { 22873 return TPM_RC_INSUFFICIENT; 22874 } 22875 authorization_section_bytes = buffer.substr(parameter_section_size); 22876 // Keep the parameter section in |buffer|. 22877 buffer.erase(parameter_section_size); 22878 } 22879 std::unique_ptr<crypto::SecureHash> hash( 22880 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22881 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 22882 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22883 hash->Update(buffer.data(), buffer.size()); 22884 std::string response_hash(32, 0); 22885 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22886 if (tag == TPM_ST_SESSIONS) { 22887 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22888 if (!authorization_delegate->CheckResponseAuthorization( 22889 response_hash, authorization_section_bytes)) { 22890 return TRUNKS_RC_AUTHORIZATION_FAILED; 22891 } 22892 } 22893 return TPM_RC_SUCCESS; 22894 } 22895 22896 void PolicyCommandCodeErrorCallback( 22897 const Tpm::PolicyCommandCodeResponse& callback, 22898 TPM_RC response_code) { 22899 VLOG(1) << __func__; 22900 callback.Run(response_code); 22901 } 22902 22903 void PolicyCommandCodeResponseParser( 22904 const Tpm::PolicyCommandCodeResponse& callback, 22905 AuthorizationDelegate* authorization_delegate, 22906 const std::string& response) { 22907 VLOG(1) << __func__; 22908 base::Callback<void(TPM_RC)> error_reporter = 22909 base::Bind(PolicyCommandCodeErrorCallback, callback); 22910 TPM_RC rc = 22911 Tpm::ParseResponse_PolicyCommandCode(response, authorization_delegate); 22912 if (rc != TPM_RC_SUCCESS) { 22913 error_reporter.Run(rc); 22914 return; 22915 } 22916 callback.Run(rc); 22917 } 22918 22919 void Tpm::PolicyCommandCode(const TPMI_SH_POLICY& policy_session, 22920 const std::string& policy_session_name, 22921 const TPM_CC& code, 22922 AuthorizationDelegate* authorization_delegate, 22923 const PolicyCommandCodeResponse& callback) { 22924 VLOG(1) << __func__; 22925 base::Callback<void(TPM_RC)> error_reporter = 22926 base::Bind(PolicyCommandCodeErrorCallback, callback); 22927 base::Callback<void(const std::string&)> parser = base::Bind( 22928 PolicyCommandCodeResponseParser, callback, authorization_delegate); 22929 std::string command; 22930 TPM_RC rc = SerializeCommand_PolicyCommandCode( 22931 policy_session, policy_session_name, code, &command, 22932 authorization_delegate); 22933 if (rc != TPM_RC_SUCCESS) { 22934 error_reporter.Run(rc); 22935 return; 22936 } 22937 transceiver_->SendCommand(command, parser); 22938 } 22939 22940 TPM_RC Tpm::PolicyCommandCodeSync( 22941 const TPMI_SH_POLICY& policy_session, 22942 const std::string& policy_session_name, 22943 const TPM_CC& code, 22944 AuthorizationDelegate* authorization_delegate) { 22945 VLOG(1) << __func__; 22946 std::string command; 22947 TPM_RC rc = SerializeCommand_PolicyCommandCode( 22948 policy_session, policy_session_name, code, &command, 22949 authorization_delegate); 22950 if (rc != TPM_RC_SUCCESS) { 22951 return rc; 22952 } 22953 std::string response = transceiver_->SendCommandAndWait(command); 22954 rc = ParseResponse_PolicyCommandCode(response, authorization_delegate); 22955 return rc; 22956 } 22957 22958 TPM_RC Tpm::SerializeCommand_PolicyPhysicalPresence( 22959 const TPMI_SH_POLICY& policy_session, 22960 const std::string& policy_session_name, 22961 std::string* serialized_command, 22962 AuthorizationDelegate* authorization_delegate) { 22963 VLOG(3) << __func__; 22964 TPM_RC rc = TPM_RC_SUCCESS; 22965 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22966 UINT32 command_size = 10; // Header size. 22967 std::string handle_section_bytes; 22968 std::string parameter_section_bytes; 22969 TPM_CC command_code = TPM_CC_PolicyPhysicalPresence; 22970 bool is_command_parameter_encryption_possible = false; 22971 bool is_response_parameter_encryption_possible = false; 22972 std::string command_code_bytes; 22973 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 22974 if (rc != TPM_RC_SUCCESS) { 22975 return rc; 22976 } 22977 std::string policy_session_bytes; 22978 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 22979 if (rc != TPM_RC_SUCCESS) { 22980 return rc; 22981 } 22982 std::unique_ptr<crypto::SecureHash> hash( 22983 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 22984 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 22985 hash->Update(policy_session_name.data(), policy_session_name.size()); 22986 handle_section_bytes += policy_session_bytes; 22987 command_size += policy_session_bytes.size(); 22988 std::string command_hash(32, 0); 22989 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22990 std::string authorization_section_bytes; 22991 std::string authorization_size_bytes; 22992 if (authorization_delegate) { 22993 if (!authorization_delegate->GetCommandAuthorization( 22994 command_hash, is_command_parameter_encryption_possible, 22995 is_response_parameter_encryption_possible, 22996 &authorization_section_bytes)) { 22997 return TRUNKS_RC_AUTHORIZATION_FAILED; 22998 } 22999 if (!authorization_section_bytes.empty()) { 23000 tag = TPM_ST_SESSIONS; 23001 std::string tmp; 23002 rc = Serialize_UINT32(authorization_section_bytes.size(), 23003 &authorization_size_bytes); 23004 if (rc != TPM_RC_SUCCESS) { 23005 return rc; 23006 } 23007 command_size += 23008 authorization_size_bytes.size() + authorization_section_bytes.size(); 23009 } 23010 } 23011 std::string tag_bytes; 23012 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 23013 if (rc != TPM_RC_SUCCESS) { 23014 return rc; 23015 } 23016 std::string command_size_bytes; 23017 rc = Serialize_UINT32(command_size, &command_size_bytes); 23018 if (rc != TPM_RC_SUCCESS) { 23019 return rc; 23020 } 23021 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 23022 handle_section_bytes + authorization_size_bytes + 23023 authorization_section_bytes + parameter_section_bytes; 23024 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23025 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23026 serialized_command->size()); 23027 return TPM_RC_SUCCESS; 23028 } 23029 23030 TPM_RC Tpm::ParseResponse_PolicyPhysicalPresence( 23031 const std::string& response, 23032 AuthorizationDelegate* authorization_delegate) { 23033 VLOG(3) << __func__; 23034 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23035 TPM_RC rc = TPM_RC_SUCCESS; 23036 std::string buffer(response); 23037 TPM_ST tag; 23038 std::string tag_bytes; 23039 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 23040 if (rc != TPM_RC_SUCCESS) { 23041 return rc; 23042 } 23043 UINT32 response_size; 23044 std::string response_size_bytes; 23045 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 23046 if (rc != TPM_RC_SUCCESS) { 23047 return rc; 23048 } 23049 TPM_RC response_code; 23050 std::string response_code_bytes; 23051 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 23052 if (rc != TPM_RC_SUCCESS) { 23053 return rc; 23054 } 23055 if (response_size != response.size()) { 23056 return TPM_RC_SIZE; 23057 } 23058 if (response_code != TPM_RC_SUCCESS) { 23059 return response_code; 23060 } 23061 TPM_CC command_code = TPM_CC_PolicyPhysicalPresence; 23062 std::string command_code_bytes; 23063 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23064 if (rc != TPM_RC_SUCCESS) { 23065 return rc; 23066 } 23067 std::string authorization_section_bytes; 23068 if (tag == TPM_ST_SESSIONS) { 23069 UINT32 parameter_section_size = buffer.size(); 23070 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23071 if (rc != TPM_RC_SUCCESS) { 23072 return rc; 23073 } 23074 if (parameter_section_size > buffer.size()) { 23075 return TPM_RC_INSUFFICIENT; 23076 } 23077 authorization_section_bytes = buffer.substr(parameter_section_size); 23078 // Keep the parameter section in |buffer|. 23079 buffer.erase(parameter_section_size); 23080 } 23081 std::unique_ptr<crypto::SecureHash> hash( 23082 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23083 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 23084 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23085 hash->Update(buffer.data(), buffer.size()); 23086 std::string response_hash(32, 0); 23087 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23088 if (tag == TPM_ST_SESSIONS) { 23089 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23090 if (!authorization_delegate->CheckResponseAuthorization( 23091 response_hash, authorization_section_bytes)) { 23092 return TRUNKS_RC_AUTHORIZATION_FAILED; 23093 } 23094 } 23095 return TPM_RC_SUCCESS; 23096 } 23097 23098 void PolicyPhysicalPresenceErrorCallback( 23099 const Tpm::PolicyPhysicalPresenceResponse& callback, 23100 TPM_RC response_code) { 23101 VLOG(1) << __func__; 23102 callback.Run(response_code); 23103 } 23104 23105 void PolicyPhysicalPresenceResponseParser( 23106 const Tpm::PolicyPhysicalPresenceResponse& callback, 23107 AuthorizationDelegate* authorization_delegate, 23108 const std::string& response) { 23109 VLOG(1) << __func__; 23110 base::Callback<void(TPM_RC)> error_reporter = 23111 base::Bind(PolicyPhysicalPresenceErrorCallback, callback); 23112 TPM_RC rc = Tpm::ParseResponse_PolicyPhysicalPresence(response, 23113 authorization_delegate); 23114 if (rc != TPM_RC_SUCCESS) { 23115 error_reporter.Run(rc); 23116 return; 23117 } 23118 callback.Run(rc); 23119 } 23120 23121 void Tpm::PolicyPhysicalPresence( 23122 const TPMI_SH_POLICY& policy_session, 23123 const std::string& policy_session_name, 23124 AuthorizationDelegate* authorization_delegate, 23125 const PolicyPhysicalPresenceResponse& callback) { 23126 VLOG(1) << __func__; 23127 base::Callback<void(TPM_RC)> error_reporter = 23128 base::Bind(PolicyPhysicalPresenceErrorCallback, callback); 23129 base::Callback<void(const std::string&)> parser = base::Bind( 23130 PolicyPhysicalPresenceResponseParser, callback, authorization_delegate); 23131 std::string command; 23132 TPM_RC rc = SerializeCommand_PolicyPhysicalPresence( 23133 policy_session, policy_session_name, &command, authorization_delegate); 23134 if (rc != TPM_RC_SUCCESS) { 23135 error_reporter.Run(rc); 23136 return; 23137 } 23138 transceiver_->SendCommand(command, parser); 23139 } 23140 23141 TPM_RC Tpm::PolicyPhysicalPresenceSync( 23142 const TPMI_SH_POLICY& policy_session, 23143 const std::string& policy_session_name, 23144 AuthorizationDelegate* authorization_delegate) { 23145 VLOG(1) << __func__; 23146 std::string command; 23147 TPM_RC rc = SerializeCommand_PolicyPhysicalPresence( 23148 policy_session, policy_session_name, &command, authorization_delegate); 23149 if (rc != TPM_RC_SUCCESS) { 23150 return rc; 23151 } 23152 std::string response = transceiver_->SendCommandAndWait(command); 23153 rc = ParseResponse_PolicyPhysicalPresence(response, authorization_delegate); 23154 return rc; 23155 } 23156 23157 TPM_RC Tpm::SerializeCommand_PolicyCpHash( 23158 const TPMI_SH_POLICY& policy_session, 23159 const std::string& policy_session_name, 23160 const TPM2B_DIGEST& cp_hash_a, 23161 std::string* serialized_command, 23162 AuthorizationDelegate* authorization_delegate) { 23163 VLOG(3) << __func__; 23164 TPM_RC rc = TPM_RC_SUCCESS; 23165 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23166 UINT32 command_size = 10; // Header size. 23167 std::string handle_section_bytes; 23168 std::string parameter_section_bytes; 23169 TPM_CC command_code = TPM_CC_PolicyCpHash; 23170 bool is_command_parameter_encryption_possible = true; 23171 bool is_response_parameter_encryption_possible = false; 23172 std::string command_code_bytes; 23173 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23174 if (rc != TPM_RC_SUCCESS) { 23175 return rc; 23176 } 23177 std::string policy_session_bytes; 23178 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 23179 if (rc != TPM_RC_SUCCESS) { 23180 return rc; 23181 } 23182 std::string cp_hash_a_bytes; 23183 rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes); 23184 if (rc != TPM_RC_SUCCESS) { 23185 return rc; 23186 } 23187 if (authorization_delegate) { 23188 // Encrypt just the parameter data, not the size. 23189 std::string tmp = cp_hash_a_bytes.substr(2); 23190 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 23191 return TRUNKS_RC_ENCRYPTION_FAILED; 23192 } 23193 cp_hash_a_bytes.replace(2, std::string::npos, tmp); 23194 } 23195 std::unique_ptr<crypto::SecureHash> hash( 23196 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23197 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23198 hash->Update(policy_session_name.data(), policy_session_name.size()); 23199 handle_section_bytes += policy_session_bytes; 23200 command_size += policy_session_bytes.size(); 23201 hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size()); 23202 parameter_section_bytes += cp_hash_a_bytes; 23203 command_size += cp_hash_a_bytes.size(); 23204 std::string command_hash(32, 0); 23205 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23206 std::string authorization_section_bytes; 23207 std::string authorization_size_bytes; 23208 if (authorization_delegate) { 23209 if (!authorization_delegate->GetCommandAuthorization( 23210 command_hash, is_command_parameter_encryption_possible, 23211 is_response_parameter_encryption_possible, 23212 &authorization_section_bytes)) { 23213 return TRUNKS_RC_AUTHORIZATION_FAILED; 23214 } 23215 if (!authorization_section_bytes.empty()) { 23216 tag = TPM_ST_SESSIONS; 23217 std::string tmp; 23218 rc = Serialize_UINT32(authorization_section_bytes.size(), 23219 &authorization_size_bytes); 23220 if (rc != TPM_RC_SUCCESS) { 23221 return rc; 23222 } 23223 command_size += 23224 authorization_size_bytes.size() + authorization_section_bytes.size(); 23225 } 23226 } 23227 std::string tag_bytes; 23228 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 23229 if (rc != TPM_RC_SUCCESS) { 23230 return rc; 23231 } 23232 std::string command_size_bytes; 23233 rc = Serialize_UINT32(command_size, &command_size_bytes); 23234 if (rc != TPM_RC_SUCCESS) { 23235 return rc; 23236 } 23237 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 23238 handle_section_bytes + authorization_size_bytes + 23239 authorization_section_bytes + parameter_section_bytes; 23240 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23241 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23242 serialized_command->size()); 23243 return TPM_RC_SUCCESS; 23244 } 23245 23246 TPM_RC Tpm::ParseResponse_PolicyCpHash( 23247 const std::string& response, 23248 AuthorizationDelegate* authorization_delegate) { 23249 VLOG(3) << __func__; 23250 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23251 TPM_RC rc = TPM_RC_SUCCESS; 23252 std::string buffer(response); 23253 TPM_ST tag; 23254 std::string tag_bytes; 23255 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 23256 if (rc != TPM_RC_SUCCESS) { 23257 return rc; 23258 } 23259 UINT32 response_size; 23260 std::string response_size_bytes; 23261 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 23262 if (rc != TPM_RC_SUCCESS) { 23263 return rc; 23264 } 23265 TPM_RC response_code; 23266 std::string response_code_bytes; 23267 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 23268 if (rc != TPM_RC_SUCCESS) { 23269 return rc; 23270 } 23271 if (response_size != response.size()) { 23272 return TPM_RC_SIZE; 23273 } 23274 if (response_code != TPM_RC_SUCCESS) { 23275 return response_code; 23276 } 23277 TPM_CC command_code = TPM_CC_PolicyCpHash; 23278 std::string command_code_bytes; 23279 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23280 if (rc != TPM_RC_SUCCESS) { 23281 return rc; 23282 } 23283 std::string authorization_section_bytes; 23284 if (tag == TPM_ST_SESSIONS) { 23285 UINT32 parameter_section_size = buffer.size(); 23286 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23287 if (rc != TPM_RC_SUCCESS) { 23288 return rc; 23289 } 23290 if (parameter_section_size > buffer.size()) { 23291 return TPM_RC_INSUFFICIENT; 23292 } 23293 authorization_section_bytes = buffer.substr(parameter_section_size); 23294 // Keep the parameter section in |buffer|. 23295 buffer.erase(parameter_section_size); 23296 } 23297 std::unique_ptr<crypto::SecureHash> hash( 23298 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23299 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 23300 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23301 hash->Update(buffer.data(), buffer.size()); 23302 std::string response_hash(32, 0); 23303 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23304 if (tag == TPM_ST_SESSIONS) { 23305 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23306 if (!authorization_delegate->CheckResponseAuthorization( 23307 response_hash, authorization_section_bytes)) { 23308 return TRUNKS_RC_AUTHORIZATION_FAILED; 23309 } 23310 } 23311 return TPM_RC_SUCCESS; 23312 } 23313 23314 void PolicyCpHashErrorCallback(const Tpm::PolicyCpHashResponse& callback, 23315 TPM_RC response_code) { 23316 VLOG(1) << __func__; 23317 callback.Run(response_code); 23318 } 23319 23320 void PolicyCpHashResponseParser(const Tpm::PolicyCpHashResponse& callback, 23321 AuthorizationDelegate* authorization_delegate, 23322 const std::string& response) { 23323 VLOG(1) << __func__; 23324 base::Callback<void(TPM_RC)> error_reporter = 23325 base::Bind(PolicyCpHashErrorCallback, callback); 23326 TPM_RC rc = Tpm::ParseResponse_PolicyCpHash(response, authorization_delegate); 23327 if (rc != TPM_RC_SUCCESS) { 23328 error_reporter.Run(rc); 23329 return; 23330 } 23331 callback.Run(rc); 23332 } 23333 23334 void Tpm::PolicyCpHash(const TPMI_SH_POLICY& policy_session, 23335 const std::string& policy_session_name, 23336 const TPM2B_DIGEST& cp_hash_a, 23337 AuthorizationDelegate* authorization_delegate, 23338 const PolicyCpHashResponse& callback) { 23339 VLOG(1) << __func__; 23340 base::Callback<void(TPM_RC)> error_reporter = 23341 base::Bind(PolicyCpHashErrorCallback, callback); 23342 base::Callback<void(const std::string&)> parser = 23343 base::Bind(PolicyCpHashResponseParser, callback, authorization_delegate); 23344 std::string command; 23345 TPM_RC rc = SerializeCommand_PolicyCpHash(policy_session, policy_session_name, 23346 cp_hash_a, &command, 23347 authorization_delegate); 23348 if (rc != TPM_RC_SUCCESS) { 23349 error_reporter.Run(rc); 23350 return; 23351 } 23352 transceiver_->SendCommand(command, parser); 23353 } 23354 23355 TPM_RC Tpm::PolicyCpHashSync(const TPMI_SH_POLICY& policy_session, 23356 const std::string& policy_session_name, 23357 const TPM2B_DIGEST& cp_hash_a, 23358 AuthorizationDelegate* authorization_delegate) { 23359 VLOG(1) << __func__; 23360 std::string command; 23361 TPM_RC rc = SerializeCommand_PolicyCpHash(policy_session, policy_session_name, 23362 cp_hash_a, &command, 23363 authorization_delegate); 23364 if (rc != TPM_RC_SUCCESS) { 23365 return rc; 23366 } 23367 std::string response = transceiver_->SendCommandAndWait(command); 23368 rc = ParseResponse_PolicyCpHash(response, authorization_delegate); 23369 return rc; 23370 } 23371 23372 TPM_RC Tpm::SerializeCommand_PolicyNameHash( 23373 const TPMI_SH_POLICY& policy_session, 23374 const std::string& policy_session_name, 23375 const TPM2B_DIGEST& name_hash, 23376 std::string* serialized_command, 23377 AuthorizationDelegate* authorization_delegate) { 23378 VLOG(3) << __func__; 23379 TPM_RC rc = TPM_RC_SUCCESS; 23380 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23381 UINT32 command_size = 10; // Header size. 23382 std::string handle_section_bytes; 23383 std::string parameter_section_bytes; 23384 TPM_CC command_code = TPM_CC_PolicyNameHash; 23385 bool is_command_parameter_encryption_possible = true; 23386 bool is_response_parameter_encryption_possible = false; 23387 std::string command_code_bytes; 23388 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23389 if (rc != TPM_RC_SUCCESS) { 23390 return rc; 23391 } 23392 std::string policy_session_bytes; 23393 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 23394 if (rc != TPM_RC_SUCCESS) { 23395 return rc; 23396 } 23397 std::string name_hash_bytes; 23398 rc = Serialize_TPM2B_DIGEST(name_hash, &name_hash_bytes); 23399 if (rc != TPM_RC_SUCCESS) { 23400 return rc; 23401 } 23402 if (authorization_delegate) { 23403 // Encrypt just the parameter data, not the size. 23404 std::string tmp = name_hash_bytes.substr(2); 23405 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 23406 return TRUNKS_RC_ENCRYPTION_FAILED; 23407 } 23408 name_hash_bytes.replace(2, std::string::npos, tmp); 23409 } 23410 std::unique_ptr<crypto::SecureHash> hash( 23411 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23412 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23413 hash->Update(policy_session_name.data(), policy_session_name.size()); 23414 handle_section_bytes += policy_session_bytes; 23415 command_size += policy_session_bytes.size(); 23416 hash->Update(name_hash_bytes.data(), name_hash_bytes.size()); 23417 parameter_section_bytes += name_hash_bytes; 23418 command_size += name_hash_bytes.size(); 23419 std::string command_hash(32, 0); 23420 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23421 std::string authorization_section_bytes; 23422 std::string authorization_size_bytes; 23423 if (authorization_delegate) { 23424 if (!authorization_delegate->GetCommandAuthorization( 23425 command_hash, is_command_parameter_encryption_possible, 23426 is_response_parameter_encryption_possible, 23427 &authorization_section_bytes)) { 23428 return TRUNKS_RC_AUTHORIZATION_FAILED; 23429 } 23430 if (!authorization_section_bytes.empty()) { 23431 tag = TPM_ST_SESSIONS; 23432 std::string tmp; 23433 rc = Serialize_UINT32(authorization_section_bytes.size(), 23434 &authorization_size_bytes); 23435 if (rc != TPM_RC_SUCCESS) { 23436 return rc; 23437 } 23438 command_size += 23439 authorization_size_bytes.size() + authorization_section_bytes.size(); 23440 } 23441 } 23442 std::string tag_bytes; 23443 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 23444 if (rc != TPM_RC_SUCCESS) { 23445 return rc; 23446 } 23447 std::string command_size_bytes; 23448 rc = Serialize_UINT32(command_size, &command_size_bytes); 23449 if (rc != TPM_RC_SUCCESS) { 23450 return rc; 23451 } 23452 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 23453 handle_section_bytes + authorization_size_bytes + 23454 authorization_section_bytes + parameter_section_bytes; 23455 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23456 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23457 serialized_command->size()); 23458 return TPM_RC_SUCCESS; 23459 } 23460 23461 TPM_RC Tpm::ParseResponse_PolicyNameHash( 23462 const std::string& response, 23463 AuthorizationDelegate* authorization_delegate) { 23464 VLOG(3) << __func__; 23465 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23466 TPM_RC rc = TPM_RC_SUCCESS; 23467 std::string buffer(response); 23468 TPM_ST tag; 23469 std::string tag_bytes; 23470 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 23471 if (rc != TPM_RC_SUCCESS) { 23472 return rc; 23473 } 23474 UINT32 response_size; 23475 std::string response_size_bytes; 23476 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 23477 if (rc != TPM_RC_SUCCESS) { 23478 return rc; 23479 } 23480 TPM_RC response_code; 23481 std::string response_code_bytes; 23482 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 23483 if (rc != TPM_RC_SUCCESS) { 23484 return rc; 23485 } 23486 if (response_size != response.size()) { 23487 return TPM_RC_SIZE; 23488 } 23489 if (response_code != TPM_RC_SUCCESS) { 23490 return response_code; 23491 } 23492 TPM_CC command_code = TPM_CC_PolicyNameHash; 23493 std::string command_code_bytes; 23494 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23495 if (rc != TPM_RC_SUCCESS) { 23496 return rc; 23497 } 23498 std::string authorization_section_bytes; 23499 if (tag == TPM_ST_SESSIONS) { 23500 UINT32 parameter_section_size = buffer.size(); 23501 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23502 if (rc != TPM_RC_SUCCESS) { 23503 return rc; 23504 } 23505 if (parameter_section_size > buffer.size()) { 23506 return TPM_RC_INSUFFICIENT; 23507 } 23508 authorization_section_bytes = buffer.substr(parameter_section_size); 23509 // Keep the parameter section in |buffer|. 23510 buffer.erase(parameter_section_size); 23511 } 23512 std::unique_ptr<crypto::SecureHash> hash( 23513 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23514 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 23515 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23516 hash->Update(buffer.data(), buffer.size()); 23517 std::string response_hash(32, 0); 23518 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23519 if (tag == TPM_ST_SESSIONS) { 23520 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23521 if (!authorization_delegate->CheckResponseAuthorization( 23522 response_hash, authorization_section_bytes)) { 23523 return TRUNKS_RC_AUTHORIZATION_FAILED; 23524 } 23525 } 23526 return TPM_RC_SUCCESS; 23527 } 23528 23529 void PolicyNameHashErrorCallback(const Tpm::PolicyNameHashResponse& callback, 23530 TPM_RC response_code) { 23531 VLOG(1) << __func__; 23532 callback.Run(response_code); 23533 } 23534 23535 void PolicyNameHashResponseParser(const Tpm::PolicyNameHashResponse& callback, 23536 AuthorizationDelegate* authorization_delegate, 23537 const std::string& response) { 23538 VLOG(1) << __func__; 23539 base::Callback<void(TPM_RC)> error_reporter = 23540 base::Bind(PolicyNameHashErrorCallback, callback); 23541 TPM_RC rc = 23542 Tpm::ParseResponse_PolicyNameHash(response, authorization_delegate); 23543 if (rc != TPM_RC_SUCCESS) { 23544 error_reporter.Run(rc); 23545 return; 23546 } 23547 callback.Run(rc); 23548 } 23549 23550 void Tpm::PolicyNameHash(const TPMI_SH_POLICY& policy_session, 23551 const std::string& policy_session_name, 23552 const TPM2B_DIGEST& name_hash, 23553 AuthorizationDelegate* authorization_delegate, 23554 const PolicyNameHashResponse& callback) { 23555 VLOG(1) << __func__; 23556 base::Callback<void(TPM_RC)> error_reporter = 23557 base::Bind(PolicyNameHashErrorCallback, callback); 23558 base::Callback<void(const std::string&)> parser = base::Bind( 23559 PolicyNameHashResponseParser, callback, authorization_delegate); 23560 std::string command; 23561 TPM_RC rc = SerializeCommand_PolicyNameHash(policy_session, 23562 policy_session_name, name_hash, 23563 &command, authorization_delegate); 23564 if (rc != TPM_RC_SUCCESS) { 23565 error_reporter.Run(rc); 23566 return; 23567 } 23568 transceiver_->SendCommand(command, parser); 23569 } 23570 23571 TPM_RC Tpm::PolicyNameHashSync(const TPMI_SH_POLICY& policy_session, 23572 const std::string& policy_session_name, 23573 const TPM2B_DIGEST& name_hash, 23574 AuthorizationDelegate* authorization_delegate) { 23575 VLOG(1) << __func__; 23576 std::string command; 23577 TPM_RC rc = SerializeCommand_PolicyNameHash(policy_session, 23578 policy_session_name, name_hash, 23579 &command, authorization_delegate); 23580 if (rc != TPM_RC_SUCCESS) { 23581 return rc; 23582 } 23583 std::string response = transceiver_->SendCommandAndWait(command); 23584 rc = ParseResponse_PolicyNameHash(response, authorization_delegate); 23585 return rc; 23586 } 23587 23588 TPM_RC Tpm::SerializeCommand_PolicyDuplicationSelect( 23589 const TPMI_SH_POLICY& policy_session, 23590 const std::string& policy_session_name, 23591 const TPM2B_NAME& object_name, 23592 const TPM2B_NAME& new_parent_name, 23593 const TPMI_YES_NO& include_object, 23594 std::string* serialized_command, 23595 AuthorizationDelegate* authorization_delegate) { 23596 VLOG(3) << __func__; 23597 TPM_RC rc = TPM_RC_SUCCESS; 23598 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23599 UINT32 command_size = 10; // Header size. 23600 std::string handle_section_bytes; 23601 std::string parameter_section_bytes; 23602 TPM_CC command_code = TPM_CC_PolicyDuplicationSelect; 23603 bool is_command_parameter_encryption_possible = true; 23604 bool is_response_parameter_encryption_possible = false; 23605 std::string command_code_bytes; 23606 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23607 if (rc != TPM_RC_SUCCESS) { 23608 return rc; 23609 } 23610 std::string policy_session_bytes; 23611 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 23612 if (rc != TPM_RC_SUCCESS) { 23613 return rc; 23614 } 23615 std::string object_name_bytes; 23616 rc = Serialize_TPM2B_NAME(object_name, &object_name_bytes); 23617 if (rc != TPM_RC_SUCCESS) { 23618 return rc; 23619 } 23620 std::string new_parent_name_bytes; 23621 rc = Serialize_TPM2B_NAME(new_parent_name, &new_parent_name_bytes); 23622 if (rc != TPM_RC_SUCCESS) { 23623 return rc; 23624 } 23625 std::string include_object_bytes; 23626 rc = Serialize_TPMI_YES_NO(include_object, &include_object_bytes); 23627 if (rc != TPM_RC_SUCCESS) { 23628 return rc; 23629 } 23630 if (authorization_delegate) { 23631 // Encrypt just the parameter data, not the size. 23632 std::string tmp = object_name_bytes.substr(2); 23633 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 23634 return TRUNKS_RC_ENCRYPTION_FAILED; 23635 } 23636 object_name_bytes.replace(2, std::string::npos, tmp); 23637 } 23638 std::unique_ptr<crypto::SecureHash> hash( 23639 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23640 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23641 hash->Update(policy_session_name.data(), policy_session_name.size()); 23642 handle_section_bytes += policy_session_bytes; 23643 command_size += policy_session_bytes.size(); 23644 hash->Update(object_name_bytes.data(), object_name_bytes.size()); 23645 parameter_section_bytes += object_name_bytes; 23646 command_size += object_name_bytes.size(); 23647 hash->Update(new_parent_name_bytes.data(), new_parent_name_bytes.size()); 23648 parameter_section_bytes += new_parent_name_bytes; 23649 command_size += new_parent_name_bytes.size(); 23650 hash->Update(include_object_bytes.data(), include_object_bytes.size()); 23651 parameter_section_bytes += include_object_bytes; 23652 command_size += include_object_bytes.size(); 23653 std::string command_hash(32, 0); 23654 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23655 std::string authorization_section_bytes; 23656 std::string authorization_size_bytes; 23657 if (authorization_delegate) { 23658 if (!authorization_delegate->GetCommandAuthorization( 23659 command_hash, is_command_parameter_encryption_possible, 23660 is_response_parameter_encryption_possible, 23661 &authorization_section_bytes)) { 23662 return TRUNKS_RC_AUTHORIZATION_FAILED; 23663 } 23664 if (!authorization_section_bytes.empty()) { 23665 tag = TPM_ST_SESSIONS; 23666 std::string tmp; 23667 rc = Serialize_UINT32(authorization_section_bytes.size(), 23668 &authorization_size_bytes); 23669 if (rc != TPM_RC_SUCCESS) { 23670 return rc; 23671 } 23672 command_size += 23673 authorization_size_bytes.size() + authorization_section_bytes.size(); 23674 } 23675 } 23676 std::string tag_bytes; 23677 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 23678 if (rc != TPM_RC_SUCCESS) { 23679 return rc; 23680 } 23681 std::string command_size_bytes; 23682 rc = Serialize_UINT32(command_size, &command_size_bytes); 23683 if (rc != TPM_RC_SUCCESS) { 23684 return rc; 23685 } 23686 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 23687 handle_section_bytes + authorization_size_bytes + 23688 authorization_section_bytes + parameter_section_bytes; 23689 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23690 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23691 serialized_command->size()); 23692 return TPM_RC_SUCCESS; 23693 } 23694 23695 TPM_RC Tpm::ParseResponse_PolicyDuplicationSelect( 23696 const std::string& response, 23697 AuthorizationDelegate* authorization_delegate) { 23698 VLOG(3) << __func__; 23699 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23700 TPM_RC rc = TPM_RC_SUCCESS; 23701 std::string buffer(response); 23702 TPM_ST tag; 23703 std::string tag_bytes; 23704 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 23705 if (rc != TPM_RC_SUCCESS) { 23706 return rc; 23707 } 23708 UINT32 response_size; 23709 std::string response_size_bytes; 23710 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 23711 if (rc != TPM_RC_SUCCESS) { 23712 return rc; 23713 } 23714 TPM_RC response_code; 23715 std::string response_code_bytes; 23716 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 23717 if (rc != TPM_RC_SUCCESS) { 23718 return rc; 23719 } 23720 if (response_size != response.size()) { 23721 return TPM_RC_SIZE; 23722 } 23723 if (response_code != TPM_RC_SUCCESS) { 23724 return response_code; 23725 } 23726 TPM_CC command_code = TPM_CC_PolicyDuplicationSelect; 23727 std::string command_code_bytes; 23728 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23729 if (rc != TPM_RC_SUCCESS) { 23730 return rc; 23731 } 23732 std::string authorization_section_bytes; 23733 if (tag == TPM_ST_SESSIONS) { 23734 UINT32 parameter_section_size = buffer.size(); 23735 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23736 if (rc != TPM_RC_SUCCESS) { 23737 return rc; 23738 } 23739 if (parameter_section_size > buffer.size()) { 23740 return TPM_RC_INSUFFICIENT; 23741 } 23742 authorization_section_bytes = buffer.substr(parameter_section_size); 23743 // Keep the parameter section in |buffer|. 23744 buffer.erase(parameter_section_size); 23745 } 23746 std::unique_ptr<crypto::SecureHash> hash( 23747 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23748 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 23749 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23750 hash->Update(buffer.data(), buffer.size()); 23751 std::string response_hash(32, 0); 23752 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23753 if (tag == TPM_ST_SESSIONS) { 23754 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23755 if (!authorization_delegate->CheckResponseAuthorization( 23756 response_hash, authorization_section_bytes)) { 23757 return TRUNKS_RC_AUTHORIZATION_FAILED; 23758 } 23759 } 23760 return TPM_RC_SUCCESS; 23761 } 23762 23763 void PolicyDuplicationSelectErrorCallback( 23764 const Tpm::PolicyDuplicationSelectResponse& callback, 23765 TPM_RC response_code) { 23766 VLOG(1) << __func__; 23767 callback.Run(response_code); 23768 } 23769 23770 void PolicyDuplicationSelectResponseParser( 23771 const Tpm::PolicyDuplicationSelectResponse& callback, 23772 AuthorizationDelegate* authorization_delegate, 23773 const std::string& response) { 23774 VLOG(1) << __func__; 23775 base::Callback<void(TPM_RC)> error_reporter = 23776 base::Bind(PolicyDuplicationSelectErrorCallback, callback); 23777 TPM_RC rc = Tpm::ParseResponse_PolicyDuplicationSelect( 23778 response, authorization_delegate); 23779 if (rc != TPM_RC_SUCCESS) { 23780 error_reporter.Run(rc); 23781 return; 23782 } 23783 callback.Run(rc); 23784 } 23785 23786 void Tpm::PolicyDuplicationSelect( 23787 const TPMI_SH_POLICY& policy_session, 23788 const std::string& policy_session_name, 23789 const TPM2B_NAME& object_name, 23790 const TPM2B_NAME& new_parent_name, 23791 const TPMI_YES_NO& include_object, 23792 AuthorizationDelegate* authorization_delegate, 23793 const PolicyDuplicationSelectResponse& callback) { 23794 VLOG(1) << __func__; 23795 base::Callback<void(TPM_RC)> error_reporter = 23796 base::Bind(PolicyDuplicationSelectErrorCallback, callback); 23797 base::Callback<void(const std::string&)> parser = base::Bind( 23798 PolicyDuplicationSelectResponseParser, callback, authorization_delegate); 23799 std::string command; 23800 TPM_RC rc = SerializeCommand_PolicyDuplicationSelect( 23801 policy_session, policy_session_name, object_name, new_parent_name, 23802 include_object, &command, authorization_delegate); 23803 if (rc != TPM_RC_SUCCESS) { 23804 error_reporter.Run(rc); 23805 return; 23806 } 23807 transceiver_->SendCommand(command, parser); 23808 } 23809 23810 TPM_RC Tpm::PolicyDuplicationSelectSync( 23811 const TPMI_SH_POLICY& policy_session, 23812 const std::string& policy_session_name, 23813 const TPM2B_NAME& object_name, 23814 const TPM2B_NAME& new_parent_name, 23815 const TPMI_YES_NO& include_object, 23816 AuthorizationDelegate* authorization_delegate) { 23817 VLOG(1) << __func__; 23818 std::string command; 23819 TPM_RC rc = SerializeCommand_PolicyDuplicationSelect( 23820 policy_session, policy_session_name, object_name, new_parent_name, 23821 include_object, &command, authorization_delegate); 23822 if (rc != TPM_RC_SUCCESS) { 23823 return rc; 23824 } 23825 std::string response = transceiver_->SendCommandAndWait(command); 23826 rc = ParseResponse_PolicyDuplicationSelect(response, authorization_delegate); 23827 return rc; 23828 } 23829 23830 TPM_RC Tpm::SerializeCommand_PolicyAuthorize( 23831 const TPMI_SH_POLICY& policy_session, 23832 const std::string& policy_session_name, 23833 const TPM2B_DIGEST& approved_policy, 23834 const TPM2B_NONCE& policy_ref, 23835 const TPM2B_NAME& key_sign, 23836 const TPMT_TK_VERIFIED& check_ticket, 23837 std::string* serialized_command, 23838 AuthorizationDelegate* authorization_delegate) { 23839 VLOG(3) << __func__; 23840 TPM_RC rc = TPM_RC_SUCCESS; 23841 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23842 UINT32 command_size = 10; // Header size. 23843 std::string handle_section_bytes; 23844 std::string parameter_section_bytes; 23845 TPM_CC command_code = TPM_CC_PolicyAuthorize; 23846 bool is_command_parameter_encryption_possible = true; 23847 bool is_response_parameter_encryption_possible = false; 23848 std::string command_code_bytes; 23849 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23850 if (rc != TPM_RC_SUCCESS) { 23851 return rc; 23852 } 23853 std::string policy_session_bytes; 23854 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 23855 if (rc != TPM_RC_SUCCESS) { 23856 return rc; 23857 } 23858 std::string approved_policy_bytes; 23859 rc = Serialize_TPM2B_DIGEST(approved_policy, &approved_policy_bytes); 23860 if (rc != TPM_RC_SUCCESS) { 23861 return rc; 23862 } 23863 std::string policy_ref_bytes; 23864 rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes); 23865 if (rc != TPM_RC_SUCCESS) { 23866 return rc; 23867 } 23868 std::string key_sign_bytes; 23869 rc = Serialize_TPM2B_NAME(key_sign, &key_sign_bytes); 23870 if (rc != TPM_RC_SUCCESS) { 23871 return rc; 23872 } 23873 std::string check_ticket_bytes; 23874 rc = Serialize_TPMT_TK_VERIFIED(check_ticket, &check_ticket_bytes); 23875 if (rc != TPM_RC_SUCCESS) { 23876 return rc; 23877 } 23878 if (authorization_delegate) { 23879 // Encrypt just the parameter data, not the size. 23880 std::string tmp = approved_policy_bytes.substr(2); 23881 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 23882 return TRUNKS_RC_ENCRYPTION_FAILED; 23883 } 23884 approved_policy_bytes.replace(2, std::string::npos, tmp); 23885 } 23886 std::unique_ptr<crypto::SecureHash> hash( 23887 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23888 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 23889 hash->Update(policy_session_name.data(), policy_session_name.size()); 23890 handle_section_bytes += policy_session_bytes; 23891 command_size += policy_session_bytes.size(); 23892 hash->Update(approved_policy_bytes.data(), approved_policy_bytes.size()); 23893 parameter_section_bytes += approved_policy_bytes; 23894 command_size += approved_policy_bytes.size(); 23895 hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size()); 23896 parameter_section_bytes += policy_ref_bytes; 23897 command_size += policy_ref_bytes.size(); 23898 hash->Update(key_sign_bytes.data(), key_sign_bytes.size()); 23899 parameter_section_bytes += key_sign_bytes; 23900 command_size += key_sign_bytes.size(); 23901 hash->Update(check_ticket_bytes.data(), check_ticket_bytes.size()); 23902 parameter_section_bytes += check_ticket_bytes; 23903 command_size += check_ticket_bytes.size(); 23904 std::string command_hash(32, 0); 23905 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23906 std::string authorization_section_bytes; 23907 std::string authorization_size_bytes; 23908 if (authorization_delegate) { 23909 if (!authorization_delegate->GetCommandAuthorization( 23910 command_hash, is_command_parameter_encryption_possible, 23911 is_response_parameter_encryption_possible, 23912 &authorization_section_bytes)) { 23913 return TRUNKS_RC_AUTHORIZATION_FAILED; 23914 } 23915 if (!authorization_section_bytes.empty()) { 23916 tag = TPM_ST_SESSIONS; 23917 std::string tmp; 23918 rc = Serialize_UINT32(authorization_section_bytes.size(), 23919 &authorization_size_bytes); 23920 if (rc != TPM_RC_SUCCESS) { 23921 return rc; 23922 } 23923 command_size += 23924 authorization_size_bytes.size() + authorization_section_bytes.size(); 23925 } 23926 } 23927 std::string tag_bytes; 23928 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 23929 if (rc != TPM_RC_SUCCESS) { 23930 return rc; 23931 } 23932 std::string command_size_bytes; 23933 rc = Serialize_UINT32(command_size, &command_size_bytes); 23934 if (rc != TPM_RC_SUCCESS) { 23935 return rc; 23936 } 23937 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 23938 handle_section_bytes + authorization_size_bytes + 23939 authorization_section_bytes + parameter_section_bytes; 23940 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23941 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23942 serialized_command->size()); 23943 return TPM_RC_SUCCESS; 23944 } 23945 23946 TPM_RC Tpm::ParseResponse_PolicyAuthorize( 23947 const std::string& response, 23948 AuthorizationDelegate* authorization_delegate) { 23949 VLOG(3) << __func__; 23950 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23951 TPM_RC rc = TPM_RC_SUCCESS; 23952 std::string buffer(response); 23953 TPM_ST tag; 23954 std::string tag_bytes; 23955 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 23956 if (rc != TPM_RC_SUCCESS) { 23957 return rc; 23958 } 23959 UINT32 response_size; 23960 std::string response_size_bytes; 23961 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 23962 if (rc != TPM_RC_SUCCESS) { 23963 return rc; 23964 } 23965 TPM_RC response_code; 23966 std::string response_code_bytes; 23967 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 23968 if (rc != TPM_RC_SUCCESS) { 23969 return rc; 23970 } 23971 if (response_size != response.size()) { 23972 return TPM_RC_SIZE; 23973 } 23974 if (response_code != TPM_RC_SUCCESS) { 23975 return response_code; 23976 } 23977 TPM_CC command_code = TPM_CC_PolicyAuthorize; 23978 std::string command_code_bytes; 23979 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 23980 if (rc != TPM_RC_SUCCESS) { 23981 return rc; 23982 } 23983 std::string authorization_section_bytes; 23984 if (tag == TPM_ST_SESSIONS) { 23985 UINT32 parameter_section_size = buffer.size(); 23986 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23987 if (rc != TPM_RC_SUCCESS) { 23988 return rc; 23989 } 23990 if (parameter_section_size > buffer.size()) { 23991 return TPM_RC_INSUFFICIENT; 23992 } 23993 authorization_section_bytes = buffer.substr(parameter_section_size); 23994 // Keep the parameter section in |buffer|. 23995 buffer.erase(parameter_section_size); 23996 } 23997 std::unique_ptr<crypto::SecureHash> hash( 23998 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 23999 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 24000 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24001 hash->Update(buffer.data(), buffer.size()); 24002 std::string response_hash(32, 0); 24003 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24004 if (tag == TPM_ST_SESSIONS) { 24005 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24006 if (!authorization_delegate->CheckResponseAuthorization( 24007 response_hash, authorization_section_bytes)) { 24008 return TRUNKS_RC_AUTHORIZATION_FAILED; 24009 } 24010 } 24011 return TPM_RC_SUCCESS; 24012 } 24013 24014 void PolicyAuthorizeErrorCallback(const Tpm::PolicyAuthorizeResponse& callback, 24015 TPM_RC response_code) { 24016 VLOG(1) << __func__; 24017 callback.Run(response_code); 24018 } 24019 24020 void PolicyAuthorizeResponseParser( 24021 const Tpm::PolicyAuthorizeResponse& callback, 24022 AuthorizationDelegate* authorization_delegate, 24023 const std::string& response) { 24024 VLOG(1) << __func__; 24025 base::Callback<void(TPM_RC)> error_reporter = 24026 base::Bind(PolicyAuthorizeErrorCallback, callback); 24027 TPM_RC rc = 24028 Tpm::ParseResponse_PolicyAuthorize(response, authorization_delegate); 24029 if (rc != TPM_RC_SUCCESS) { 24030 error_reporter.Run(rc); 24031 return; 24032 } 24033 callback.Run(rc); 24034 } 24035 24036 void Tpm::PolicyAuthorize(const TPMI_SH_POLICY& policy_session, 24037 const std::string& policy_session_name, 24038 const TPM2B_DIGEST& approved_policy, 24039 const TPM2B_NONCE& policy_ref, 24040 const TPM2B_NAME& key_sign, 24041 const TPMT_TK_VERIFIED& check_ticket, 24042 AuthorizationDelegate* authorization_delegate, 24043 const PolicyAuthorizeResponse& callback) { 24044 VLOG(1) << __func__; 24045 base::Callback<void(TPM_RC)> error_reporter = 24046 base::Bind(PolicyAuthorizeErrorCallback, callback); 24047 base::Callback<void(const std::string&)> parser = base::Bind( 24048 PolicyAuthorizeResponseParser, callback, authorization_delegate); 24049 std::string command; 24050 TPM_RC rc = SerializeCommand_PolicyAuthorize( 24051 policy_session, policy_session_name, approved_policy, policy_ref, 24052 key_sign, check_ticket, &command, authorization_delegate); 24053 if (rc != TPM_RC_SUCCESS) { 24054 error_reporter.Run(rc); 24055 return; 24056 } 24057 transceiver_->SendCommand(command, parser); 24058 } 24059 24060 TPM_RC Tpm::PolicyAuthorizeSync(const TPMI_SH_POLICY& policy_session, 24061 const std::string& policy_session_name, 24062 const TPM2B_DIGEST& approved_policy, 24063 const TPM2B_NONCE& policy_ref, 24064 const TPM2B_NAME& key_sign, 24065 const TPMT_TK_VERIFIED& check_ticket, 24066 AuthorizationDelegate* authorization_delegate) { 24067 VLOG(1) << __func__; 24068 std::string command; 24069 TPM_RC rc = SerializeCommand_PolicyAuthorize( 24070 policy_session, policy_session_name, approved_policy, policy_ref, 24071 key_sign, check_ticket, &command, authorization_delegate); 24072 if (rc != TPM_RC_SUCCESS) { 24073 return rc; 24074 } 24075 std::string response = transceiver_->SendCommandAndWait(command); 24076 rc = ParseResponse_PolicyAuthorize(response, authorization_delegate); 24077 return rc; 24078 } 24079 24080 TPM_RC Tpm::SerializeCommand_PolicyAuthValue( 24081 const TPMI_SH_POLICY& policy_session, 24082 const std::string& policy_session_name, 24083 std::string* serialized_command, 24084 AuthorizationDelegate* authorization_delegate) { 24085 VLOG(3) << __func__; 24086 TPM_RC rc = TPM_RC_SUCCESS; 24087 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24088 UINT32 command_size = 10; // Header size. 24089 std::string handle_section_bytes; 24090 std::string parameter_section_bytes; 24091 TPM_CC command_code = TPM_CC_PolicyAuthValue; 24092 bool is_command_parameter_encryption_possible = false; 24093 bool is_response_parameter_encryption_possible = false; 24094 std::string command_code_bytes; 24095 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24096 if (rc != TPM_RC_SUCCESS) { 24097 return rc; 24098 } 24099 std::string policy_session_bytes; 24100 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 24101 if (rc != TPM_RC_SUCCESS) { 24102 return rc; 24103 } 24104 std::unique_ptr<crypto::SecureHash> hash( 24105 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24106 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24107 hash->Update(policy_session_name.data(), policy_session_name.size()); 24108 handle_section_bytes += policy_session_bytes; 24109 command_size += policy_session_bytes.size(); 24110 std::string command_hash(32, 0); 24111 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24112 std::string authorization_section_bytes; 24113 std::string authorization_size_bytes; 24114 if (authorization_delegate) { 24115 if (!authorization_delegate->GetCommandAuthorization( 24116 command_hash, is_command_parameter_encryption_possible, 24117 is_response_parameter_encryption_possible, 24118 &authorization_section_bytes)) { 24119 return TRUNKS_RC_AUTHORIZATION_FAILED; 24120 } 24121 if (!authorization_section_bytes.empty()) { 24122 tag = TPM_ST_SESSIONS; 24123 std::string tmp; 24124 rc = Serialize_UINT32(authorization_section_bytes.size(), 24125 &authorization_size_bytes); 24126 if (rc != TPM_RC_SUCCESS) { 24127 return rc; 24128 } 24129 command_size += 24130 authorization_size_bytes.size() + authorization_section_bytes.size(); 24131 } 24132 } 24133 std::string tag_bytes; 24134 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 24135 if (rc != TPM_RC_SUCCESS) { 24136 return rc; 24137 } 24138 std::string command_size_bytes; 24139 rc = Serialize_UINT32(command_size, &command_size_bytes); 24140 if (rc != TPM_RC_SUCCESS) { 24141 return rc; 24142 } 24143 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 24144 handle_section_bytes + authorization_size_bytes + 24145 authorization_section_bytes + parameter_section_bytes; 24146 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24147 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24148 serialized_command->size()); 24149 return TPM_RC_SUCCESS; 24150 } 24151 24152 TPM_RC Tpm::ParseResponse_PolicyAuthValue( 24153 const std::string& response, 24154 AuthorizationDelegate* authorization_delegate) { 24155 VLOG(3) << __func__; 24156 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24157 TPM_RC rc = TPM_RC_SUCCESS; 24158 std::string buffer(response); 24159 TPM_ST tag; 24160 std::string tag_bytes; 24161 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 24162 if (rc != TPM_RC_SUCCESS) { 24163 return rc; 24164 } 24165 UINT32 response_size; 24166 std::string response_size_bytes; 24167 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 24168 if (rc != TPM_RC_SUCCESS) { 24169 return rc; 24170 } 24171 TPM_RC response_code; 24172 std::string response_code_bytes; 24173 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 24174 if (rc != TPM_RC_SUCCESS) { 24175 return rc; 24176 } 24177 if (response_size != response.size()) { 24178 return TPM_RC_SIZE; 24179 } 24180 if (response_code != TPM_RC_SUCCESS) { 24181 return response_code; 24182 } 24183 TPM_CC command_code = TPM_CC_PolicyAuthValue; 24184 std::string command_code_bytes; 24185 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24186 if (rc != TPM_RC_SUCCESS) { 24187 return rc; 24188 } 24189 std::string authorization_section_bytes; 24190 if (tag == TPM_ST_SESSIONS) { 24191 UINT32 parameter_section_size = buffer.size(); 24192 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24193 if (rc != TPM_RC_SUCCESS) { 24194 return rc; 24195 } 24196 if (parameter_section_size > buffer.size()) { 24197 return TPM_RC_INSUFFICIENT; 24198 } 24199 authorization_section_bytes = buffer.substr(parameter_section_size); 24200 // Keep the parameter section in |buffer|. 24201 buffer.erase(parameter_section_size); 24202 } 24203 std::unique_ptr<crypto::SecureHash> hash( 24204 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24205 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 24206 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24207 hash->Update(buffer.data(), buffer.size()); 24208 std::string response_hash(32, 0); 24209 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24210 if (tag == TPM_ST_SESSIONS) { 24211 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24212 if (!authorization_delegate->CheckResponseAuthorization( 24213 response_hash, authorization_section_bytes)) { 24214 return TRUNKS_RC_AUTHORIZATION_FAILED; 24215 } 24216 } 24217 return TPM_RC_SUCCESS; 24218 } 24219 24220 void PolicyAuthValueErrorCallback(const Tpm::PolicyAuthValueResponse& callback, 24221 TPM_RC response_code) { 24222 VLOG(1) << __func__; 24223 callback.Run(response_code); 24224 } 24225 24226 void PolicyAuthValueResponseParser( 24227 const Tpm::PolicyAuthValueResponse& callback, 24228 AuthorizationDelegate* authorization_delegate, 24229 const std::string& response) { 24230 VLOG(1) << __func__; 24231 base::Callback<void(TPM_RC)> error_reporter = 24232 base::Bind(PolicyAuthValueErrorCallback, callback); 24233 TPM_RC rc = 24234 Tpm::ParseResponse_PolicyAuthValue(response, authorization_delegate); 24235 if (rc != TPM_RC_SUCCESS) { 24236 error_reporter.Run(rc); 24237 return; 24238 } 24239 callback.Run(rc); 24240 } 24241 24242 void Tpm::PolicyAuthValue(const TPMI_SH_POLICY& policy_session, 24243 const std::string& policy_session_name, 24244 AuthorizationDelegate* authorization_delegate, 24245 const PolicyAuthValueResponse& callback) { 24246 VLOG(1) << __func__; 24247 base::Callback<void(TPM_RC)> error_reporter = 24248 base::Bind(PolicyAuthValueErrorCallback, callback); 24249 base::Callback<void(const std::string&)> parser = base::Bind( 24250 PolicyAuthValueResponseParser, callback, authorization_delegate); 24251 std::string command; 24252 TPM_RC rc = SerializeCommand_PolicyAuthValue( 24253 policy_session, policy_session_name, &command, authorization_delegate); 24254 if (rc != TPM_RC_SUCCESS) { 24255 error_reporter.Run(rc); 24256 return; 24257 } 24258 transceiver_->SendCommand(command, parser); 24259 } 24260 24261 TPM_RC Tpm::PolicyAuthValueSync(const TPMI_SH_POLICY& policy_session, 24262 const std::string& policy_session_name, 24263 AuthorizationDelegate* authorization_delegate) { 24264 VLOG(1) << __func__; 24265 std::string command; 24266 TPM_RC rc = SerializeCommand_PolicyAuthValue( 24267 policy_session, policy_session_name, &command, authorization_delegate); 24268 if (rc != TPM_RC_SUCCESS) { 24269 return rc; 24270 } 24271 std::string response = transceiver_->SendCommandAndWait(command); 24272 rc = ParseResponse_PolicyAuthValue(response, authorization_delegate); 24273 return rc; 24274 } 24275 24276 TPM_RC Tpm::SerializeCommand_PolicyPassword( 24277 const TPMI_SH_POLICY& policy_session, 24278 const std::string& policy_session_name, 24279 std::string* serialized_command, 24280 AuthorizationDelegate* authorization_delegate) { 24281 VLOG(3) << __func__; 24282 TPM_RC rc = TPM_RC_SUCCESS; 24283 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24284 UINT32 command_size = 10; // Header size. 24285 std::string handle_section_bytes; 24286 std::string parameter_section_bytes; 24287 TPM_CC command_code = TPM_CC_PolicyPassword; 24288 bool is_command_parameter_encryption_possible = false; 24289 bool is_response_parameter_encryption_possible = false; 24290 std::string command_code_bytes; 24291 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24292 if (rc != TPM_RC_SUCCESS) { 24293 return rc; 24294 } 24295 std::string policy_session_bytes; 24296 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 24297 if (rc != TPM_RC_SUCCESS) { 24298 return rc; 24299 } 24300 std::unique_ptr<crypto::SecureHash> hash( 24301 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24302 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24303 hash->Update(policy_session_name.data(), policy_session_name.size()); 24304 handle_section_bytes += policy_session_bytes; 24305 command_size += policy_session_bytes.size(); 24306 std::string command_hash(32, 0); 24307 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24308 std::string authorization_section_bytes; 24309 std::string authorization_size_bytes; 24310 if (authorization_delegate) { 24311 if (!authorization_delegate->GetCommandAuthorization( 24312 command_hash, is_command_parameter_encryption_possible, 24313 is_response_parameter_encryption_possible, 24314 &authorization_section_bytes)) { 24315 return TRUNKS_RC_AUTHORIZATION_FAILED; 24316 } 24317 if (!authorization_section_bytes.empty()) { 24318 tag = TPM_ST_SESSIONS; 24319 std::string tmp; 24320 rc = Serialize_UINT32(authorization_section_bytes.size(), 24321 &authorization_size_bytes); 24322 if (rc != TPM_RC_SUCCESS) { 24323 return rc; 24324 } 24325 command_size += 24326 authorization_size_bytes.size() + authorization_section_bytes.size(); 24327 } 24328 } 24329 std::string tag_bytes; 24330 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 24331 if (rc != TPM_RC_SUCCESS) { 24332 return rc; 24333 } 24334 std::string command_size_bytes; 24335 rc = Serialize_UINT32(command_size, &command_size_bytes); 24336 if (rc != TPM_RC_SUCCESS) { 24337 return rc; 24338 } 24339 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 24340 handle_section_bytes + authorization_size_bytes + 24341 authorization_section_bytes + parameter_section_bytes; 24342 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24343 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24344 serialized_command->size()); 24345 return TPM_RC_SUCCESS; 24346 } 24347 24348 TPM_RC Tpm::ParseResponse_PolicyPassword( 24349 const std::string& response, 24350 AuthorizationDelegate* authorization_delegate) { 24351 VLOG(3) << __func__; 24352 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24353 TPM_RC rc = TPM_RC_SUCCESS; 24354 std::string buffer(response); 24355 TPM_ST tag; 24356 std::string tag_bytes; 24357 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 24358 if (rc != TPM_RC_SUCCESS) { 24359 return rc; 24360 } 24361 UINT32 response_size; 24362 std::string response_size_bytes; 24363 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 24364 if (rc != TPM_RC_SUCCESS) { 24365 return rc; 24366 } 24367 TPM_RC response_code; 24368 std::string response_code_bytes; 24369 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 24370 if (rc != TPM_RC_SUCCESS) { 24371 return rc; 24372 } 24373 if (response_size != response.size()) { 24374 return TPM_RC_SIZE; 24375 } 24376 if (response_code != TPM_RC_SUCCESS) { 24377 return response_code; 24378 } 24379 TPM_CC command_code = TPM_CC_PolicyPassword; 24380 std::string command_code_bytes; 24381 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24382 if (rc != TPM_RC_SUCCESS) { 24383 return rc; 24384 } 24385 std::string authorization_section_bytes; 24386 if (tag == TPM_ST_SESSIONS) { 24387 UINT32 parameter_section_size = buffer.size(); 24388 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24389 if (rc != TPM_RC_SUCCESS) { 24390 return rc; 24391 } 24392 if (parameter_section_size > buffer.size()) { 24393 return TPM_RC_INSUFFICIENT; 24394 } 24395 authorization_section_bytes = buffer.substr(parameter_section_size); 24396 // Keep the parameter section in |buffer|. 24397 buffer.erase(parameter_section_size); 24398 } 24399 std::unique_ptr<crypto::SecureHash> hash( 24400 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24401 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 24402 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24403 hash->Update(buffer.data(), buffer.size()); 24404 std::string response_hash(32, 0); 24405 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24406 if (tag == TPM_ST_SESSIONS) { 24407 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24408 if (!authorization_delegate->CheckResponseAuthorization( 24409 response_hash, authorization_section_bytes)) { 24410 return TRUNKS_RC_AUTHORIZATION_FAILED; 24411 } 24412 } 24413 return TPM_RC_SUCCESS; 24414 } 24415 24416 void PolicyPasswordErrorCallback(const Tpm::PolicyPasswordResponse& callback, 24417 TPM_RC response_code) { 24418 VLOG(1) << __func__; 24419 callback.Run(response_code); 24420 } 24421 24422 void PolicyPasswordResponseParser(const Tpm::PolicyPasswordResponse& callback, 24423 AuthorizationDelegate* authorization_delegate, 24424 const std::string& response) { 24425 VLOG(1) << __func__; 24426 base::Callback<void(TPM_RC)> error_reporter = 24427 base::Bind(PolicyPasswordErrorCallback, callback); 24428 TPM_RC rc = 24429 Tpm::ParseResponse_PolicyPassword(response, authorization_delegate); 24430 if (rc != TPM_RC_SUCCESS) { 24431 error_reporter.Run(rc); 24432 return; 24433 } 24434 callback.Run(rc); 24435 } 24436 24437 void Tpm::PolicyPassword(const TPMI_SH_POLICY& policy_session, 24438 const std::string& policy_session_name, 24439 AuthorizationDelegate* authorization_delegate, 24440 const PolicyPasswordResponse& callback) { 24441 VLOG(1) << __func__; 24442 base::Callback<void(TPM_RC)> error_reporter = 24443 base::Bind(PolicyPasswordErrorCallback, callback); 24444 base::Callback<void(const std::string&)> parser = base::Bind( 24445 PolicyPasswordResponseParser, callback, authorization_delegate); 24446 std::string command; 24447 TPM_RC rc = SerializeCommand_PolicyPassword( 24448 policy_session, policy_session_name, &command, authorization_delegate); 24449 if (rc != TPM_RC_SUCCESS) { 24450 error_reporter.Run(rc); 24451 return; 24452 } 24453 transceiver_->SendCommand(command, parser); 24454 } 24455 24456 TPM_RC Tpm::PolicyPasswordSync(const TPMI_SH_POLICY& policy_session, 24457 const std::string& policy_session_name, 24458 AuthorizationDelegate* authorization_delegate) { 24459 VLOG(1) << __func__; 24460 std::string command; 24461 TPM_RC rc = SerializeCommand_PolicyPassword( 24462 policy_session, policy_session_name, &command, authorization_delegate); 24463 if (rc != TPM_RC_SUCCESS) { 24464 return rc; 24465 } 24466 std::string response = transceiver_->SendCommandAndWait(command); 24467 rc = ParseResponse_PolicyPassword(response, authorization_delegate); 24468 return rc; 24469 } 24470 24471 TPM_RC Tpm::SerializeCommand_PolicyGetDigest( 24472 const TPMI_SH_POLICY& policy_session, 24473 const std::string& policy_session_name, 24474 std::string* serialized_command, 24475 AuthorizationDelegate* authorization_delegate) { 24476 VLOG(3) << __func__; 24477 TPM_RC rc = TPM_RC_SUCCESS; 24478 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24479 UINT32 command_size = 10; // Header size. 24480 std::string handle_section_bytes; 24481 std::string parameter_section_bytes; 24482 TPM_CC command_code = TPM_CC_PolicyGetDigest; 24483 bool is_command_parameter_encryption_possible = false; 24484 bool is_response_parameter_encryption_possible = true; 24485 std::string command_code_bytes; 24486 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24487 if (rc != TPM_RC_SUCCESS) { 24488 return rc; 24489 } 24490 std::string policy_session_bytes; 24491 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 24492 if (rc != TPM_RC_SUCCESS) { 24493 return rc; 24494 } 24495 std::unique_ptr<crypto::SecureHash> hash( 24496 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24497 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24498 hash->Update(policy_session_name.data(), policy_session_name.size()); 24499 handle_section_bytes += policy_session_bytes; 24500 command_size += policy_session_bytes.size(); 24501 std::string command_hash(32, 0); 24502 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24503 std::string authorization_section_bytes; 24504 std::string authorization_size_bytes; 24505 if (authorization_delegate) { 24506 if (!authorization_delegate->GetCommandAuthorization( 24507 command_hash, is_command_parameter_encryption_possible, 24508 is_response_parameter_encryption_possible, 24509 &authorization_section_bytes)) { 24510 return TRUNKS_RC_AUTHORIZATION_FAILED; 24511 } 24512 if (!authorization_section_bytes.empty()) { 24513 tag = TPM_ST_SESSIONS; 24514 std::string tmp; 24515 rc = Serialize_UINT32(authorization_section_bytes.size(), 24516 &authorization_size_bytes); 24517 if (rc != TPM_RC_SUCCESS) { 24518 return rc; 24519 } 24520 command_size += 24521 authorization_size_bytes.size() + authorization_section_bytes.size(); 24522 } 24523 } 24524 std::string tag_bytes; 24525 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 24526 if (rc != TPM_RC_SUCCESS) { 24527 return rc; 24528 } 24529 std::string command_size_bytes; 24530 rc = Serialize_UINT32(command_size, &command_size_bytes); 24531 if (rc != TPM_RC_SUCCESS) { 24532 return rc; 24533 } 24534 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 24535 handle_section_bytes + authorization_size_bytes + 24536 authorization_section_bytes + parameter_section_bytes; 24537 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24538 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24539 serialized_command->size()); 24540 return TPM_RC_SUCCESS; 24541 } 24542 24543 TPM_RC Tpm::ParseResponse_PolicyGetDigest( 24544 const std::string& response, 24545 TPM2B_DIGEST* policy_digest, 24546 AuthorizationDelegate* authorization_delegate) { 24547 VLOG(3) << __func__; 24548 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24549 TPM_RC rc = TPM_RC_SUCCESS; 24550 std::string buffer(response); 24551 TPM_ST tag; 24552 std::string tag_bytes; 24553 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 24554 if (rc != TPM_RC_SUCCESS) { 24555 return rc; 24556 } 24557 UINT32 response_size; 24558 std::string response_size_bytes; 24559 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 24560 if (rc != TPM_RC_SUCCESS) { 24561 return rc; 24562 } 24563 TPM_RC response_code; 24564 std::string response_code_bytes; 24565 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 24566 if (rc != TPM_RC_SUCCESS) { 24567 return rc; 24568 } 24569 if (response_size != response.size()) { 24570 return TPM_RC_SIZE; 24571 } 24572 if (response_code != TPM_RC_SUCCESS) { 24573 return response_code; 24574 } 24575 TPM_CC command_code = TPM_CC_PolicyGetDigest; 24576 std::string command_code_bytes; 24577 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24578 if (rc != TPM_RC_SUCCESS) { 24579 return rc; 24580 } 24581 std::string authorization_section_bytes; 24582 if (tag == TPM_ST_SESSIONS) { 24583 UINT32 parameter_section_size = buffer.size(); 24584 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24585 if (rc != TPM_RC_SUCCESS) { 24586 return rc; 24587 } 24588 if (parameter_section_size > buffer.size()) { 24589 return TPM_RC_INSUFFICIENT; 24590 } 24591 authorization_section_bytes = buffer.substr(parameter_section_size); 24592 // Keep the parameter section in |buffer|. 24593 buffer.erase(parameter_section_size); 24594 } 24595 std::unique_ptr<crypto::SecureHash> hash( 24596 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24597 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 24598 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24599 hash->Update(buffer.data(), buffer.size()); 24600 std::string response_hash(32, 0); 24601 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24602 if (tag == TPM_ST_SESSIONS) { 24603 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24604 if (!authorization_delegate->CheckResponseAuthorization( 24605 response_hash, authorization_section_bytes)) { 24606 return TRUNKS_RC_AUTHORIZATION_FAILED; 24607 } 24608 } 24609 std::string policy_digest_bytes; 24610 rc = Parse_TPM2B_DIGEST(&buffer, policy_digest, &policy_digest_bytes); 24611 if (rc != TPM_RC_SUCCESS) { 24612 return rc; 24613 } 24614 if (tag == TPM_ST_SESSIONS) { 24615 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24616 // Decrypt just the parameter data, not the size. 24617 std::string tmp = policy_digest_bytes.substr(2); 24618 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 24619 return TRUNKS_RC_ENCRYPTION_FAILED; 24620 } 24621 policy_digest_bytes.replace(2, std::string::npos, tmp); 24622 rc = Parse_TPM2B_DIGEST(&policy_digest_bytes, policy_digest, nullptr); 24623 if (rc != TPM_RC_SUCCESS) { 24624 return rc; 24625 } 24626 } 24627 return TPM_RC_SUCCESS; 24628 } 24629 24630 void PolicyGetDigestErrorCallback(const Tpm::PolicyGetDigestResponse& callback, 24631 TPM_RC response_code) { 24632 VLOG(1) << __func__; 24633 callback.Run(response_code, TPM2B_DIGEST()); 24634 } 24635 24636 void PolicyGetDigestResponseParser( 24637 const Tpm::PolicyGetDigestResponse& callback, 24638 AuthorizationDelegate* authorization_delegate, 24639 const std::string& response) { 24640 VLOG(1) << __func__; 24641 base::Callback<void(TPM_RC)> error_reporter = 24642 base::Bind(PolicyGetDigestErrorCallback, callback); 24643 TPM2B_DIGEST policy_digest; 24644 TPM_RC rc = Tpm::ParseResponse_PolicyGetDigest(response, &policy_digest, 24645 authorization_delegate); 24646 if (rc != TPM_RC_SUCCESS) { 24647 error_reporter.Run(rc); 24648 return; 24649 } 24650 callback.Run(rc, policy_digest); 24651 } 24652 24653 void Tpm::PolicyGetDigest(const TPMI_SH_POLICY& policy_session, 24654 const std::string& policy_session_name, 24655 AuthorizationDelegate* authorization_delegate, 24656 const PolicyGetDigestResponse& callback) { 24657 VLOG(1) << __func__; 24658 base::Callback<void(TPM_RC)> error_reporter = 24659 base::Bind(PolicyGetDigestErrorCallback, callback); 24660 base::Callback<void(const std::string&)> parser = base::Bind( 24661 PolicyGetDigestResponseParser, callback, authorization_delegate); 24662 std::string command; 24663 TPM_RC rc = SerializeCommand_PolicyGetDigest( 24664 policy_session, policy_session_name, &command, authorization_delegate); 24665 if (rc != TPM_RC_SUCCESS) { 24666 error_reporter.Run(rc); 24667 return; 24668 } 24669 transceiver_->SendCommand(command, parser); 24670 } 24671 24672 TPM_RC Tpm::PolicyGetDigestSync(const TPMI_SH_POLICY& policy_session, 24673 const std::string& policy_session_name, 24674 TPM2B_DIGEST* policy_digest, 24675 AuthorizationDelegate* authorization_delegate) { 24676 VLOG(1) << __func__; 24677 std::string command; 24678 TPM_RC rc = SerializeCommand_PolicyGetDigest( 24679 policy_session, policy_session_name, &command, authorization_delegate); 24680 if (rc != TPM_RC_SUCCESS) { 24681 return rc; 24682 } 24683 std::string response = transceiver_->SendCommandAndWait(command); 24684 rc = ParseResponse_PolicyGetDigest(response, policy_digest, 24685 authorization_delegate); 24686 return rc; 24687 } 24688 24689 TPM_RC Tpm::SerializeCommand_PolicyNvWritten( 24690 const TPMI_SH_POLICY& policy_session, 24691 const std::string& policy_session_name, 24692 const TPMI_YES_NO& written_set, 24693 std::string* serialized_command, 24694 AuthorizationDelegate* authorization_delegate) { 24695 VLOG(3) << __func__; 24696 TPM_RC rc = TPM_RC_SUCCESS; 24697 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24698 UINT32 command_size = 10; // Header size. 24699 std::string handle_section_bytes; 24700 std::string parameter_section_bytes; 24701 TPM_CC command_code = TPM_CC_PolicyNvWritten; 24702 bool is_command_parameter_encryption_possible = false; 24703 bool is_response_parameter_encryption_possible = false; 24704 std::string command_code_bytes; 24705 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24706 if (rc != TPM_RC_SUCCESS) { 24707 return rc; 24708 } 24709 std::string policy_session_bytes; 24710 rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes); 24711 if (rc != TPM_RC_SUCCESS) { 24712 return rc; 24713 } 24714 std::string written_set_bytes; 24715 rc = Serialize_TPMI_YES_NO(written_set, &written_set_bytes); 24716 if (rc != TPM_RC_SUCCESS) { 24717 return rc; 24718 } 24719 std::unique_ptr<crypto::SecureHash> hash( 24720 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24721 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24722 hash->Update(policy_session_name.data(), policy_session_name.size()); 24723 handle_section_bytes += policy_session_bytes; 24724 command_size += policy_session_bytes.size(); 24725 hash->Update(written_set_bytes.data(), written_set_bytes.size()); 24726 parameter_section_bytes += written_set_bytes; 24727 command_size += written_set_bytes.size(); 24728 std::string command_hash(32, 0); 24729 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24730 std::string authorization_section_bytes; 24731 std::string authorization_size_bytes; 24732 if (authorization_delegate) { 24733 if (!authorization_delegate->GetCommandAuthorization( 24734 command_hash, is_command_parameter_encryption_possible, 24735 is_response_parameter_encryption_possible, 24736 &authorization_section_bytes)) { 24737 return TRUNKS_RC_AUTHORIZATION_FAILED; 24738 } 24739 if (!authorization_section_bytes.empty()) { 24740 tag = TPM_ST_SESSIONS; 24741 std::string tmp; 24742 rc = Serialize_UINT32(authorization_section_bytes.size(), 24743 &authorization_size_bytes); 24744 if (rc != TPM_RC_SUCCESS) { 24745 return rc; 24746 } 24747 command_size += 24748 authorization_size_bytes.size() + authorization_section_bytes.size(); 24749 } 24750 } 24751 std::string tag_bytes; 24752 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 24753 if (rc != TPM_RC_SUCCESS) { 24754 return rc; 24755 } 24756 std::string command_size_bytes; 24757 rc = Serialize_UINT32(command_size, &command_size_bytes); 24758 if (rc != TPM_RC_SUCCESS) { 24759 return rc; 24760 } 24761 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 24762 handle_section_bytes + authorization_size_bytes + 24763 authorization_section_bytes + parameter_section_bytes; 24764 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24765 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24766 serialized_command->size()); 24767 return TPM_RC_SUCCESS; 24768 } 24769 24770 TPM_RC Tpm::ParseResponse_PolicyNvWritten( 24771 const std::string& response, 24772 AuthorizationDelegate* authorization_delegate) { 24773 VLOG(3) << __func__; 24774 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24775 TPM_RC rc = TPM_RC_SUCCESS; 24776 std::string buffer(response); 24777 TPM_ST tag; 24778 std::string tag_bytes; 24779 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 24780 if (rc != TPM_RC_SUCCESS) { 24781 return rc; 24782 } 24783 UINT32 response_size; 24784 std::string response_size_bytes; 24785 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 24786 if (rc != TPM_RC_SUCCESS) { 24787 return rc; 24788 } 24789 TPM_RC response_code; 24790 std::string response_code_bytes; 24791 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 24792 if (rc != TPM_RC_SUCCESS) { 24793 return rc; 24794 } 24795 if (response_size != response.size()) { 24796 return TPM_RC_SIZE; 24797 } 24798 if (response_code != TPM_RC_SUCCESS) { 24799 return response_code; 24800 } 24801 TPM_CC command_code = TPM_CC_PolicyNvWritten; 24802 std::string command_code_bytes; 24803 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24804 if (rc != TPM_RC_SUCCESS) { 24805 return rc; 24806 } 24807 std::string authorization_section_bytes; 24808 if (tag == TPM_ST_SESSIONS) { 24809 UINT32 parameter_section_size = buffer.size(); 24810 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24811 if (rc != TPM_RC_SUCCESS) { 24812 return rc; 24813 } 24814 if (parameter_section_size > buffer.size()) { 24815 return TPM_RC_INSUFFICIENT; 24816 } 24817 authorization_section_bytes = buffer.substr(parameter_section_size); 24818 // Keep the parameter section in |buffer|. 24819 buffer.erase(parameter_section_size); 24820 } 24821 std::unique_ptr<crypto::SecureHash> hash( 24822 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24823 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 24824 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24825 hash->Update(buffer.data(), buffer.size()); 24826 std::string response_hash(32, 0); 24827 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24828 if (tag == TPM_ST_SESSIONS) { 24829 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24830 if (!authorization_delegate->CheckResponseAuthorization( 24831 response_hash, authorization_section_bytes)) { 24832 return TRUNKS_RC_AUTHORIZATION_FAILED; 24833 } 24834 } 24835 return TPM_RC_SUCCESS; 24836 } 24837 24838 void PolicyNvWrittenErrorCallback(const Tpm::PolicyNvWrittenResponse& callback, 24839 TPM_RC response_code) { 24840 VLOG(1) << __func__; 24841 callback.Run(response_code); 24842 } 24843 24844 void PolicyNvWrittenResponseParser( 24845 const Tpm::PolicyNvWrittenResponse& callback, 24846 AuthorizationDelegate* authorization_delegate, 24847 const std::string& response) { 24848 VLOG(1) << __func__; 24849 base::Callback<void(TPM_RC)> error_reporter = 24850 base::Bind(PolicyNvWrittenErrorCallback, callback); 24851 TPM_RC rc = 24852 Tpm::ParseResponse_PolicyNvWritten(response, authorization_delegate); 24853 if (rc != TPM_RC_SUCCESS) { 24854 error_reporter.Run(rc); 24855 return; 24856 } 24857 callback.Run(rc); 24858 } 24859 24860 void Tpm::PolicyNvWritten(const TPMI_SH_POLICY& policy_session, 24861 const std::string& policy_session_name, 24862 const TPMI_YES_NO& written_set, 24863 AuthorizationDelegate* authorization_delegate, 24864 const PolicyNvWrittenResponse& callback) { 24865 VLOG(1) << __func__; 24866 base::Callback<void(TPM_RC)> error_reporter = 24867 base::Bind(PolicyNvWrittenErrorCallback, callback); 24868 base::Callback<void(const std::string&)> parser = base::Bind( 24869 PolicyNvWrittenResponseParser, callback, authorization_delegate); 24870 std::string command; 24871 TPM_RC rc = SerializeCommand_PolicyNvWritten( 24872 policy_session, policy_session_name, written_set, &command, 24873 authorization_delegate); 24874 if (rc != TPM_RC_SUCCESS) { 24875 error_reporter.Run(rc); 24876 return; 24877 } 24878 transceiver_->SendCommand(command, parser); 24879 } 24880 24881 TPM_RC Tpm::PolicyNvWrittenSync(const TPMI_SH_POLICY& policy_session, 24882 const std::string& policy_session_name, 24883 const TPMI_YES_NO& written_set, 24884 AuthorizationDelegate* authorization_delegate) { 24885 VLOG(1) << __func__; 24886 std::string command; 24887 TPM_RC rc = SerializeCommand_PolicyNvWritten( 24888 policy_session, policy_session_name, written_set, &command, 24889 authorization_delegate); 24890 if (rc != TPM_RC_SUCCESS) { 24891 return rc; 24892 } 24893 std::string response = transceiver_->SendCommandAndWait(command); 24894 rc = ParseResponse_PolicyNvWritten(response, authorization_delegate); 24895 return rc; 24896 } 24897 24898 TPM_RC Tpm::SerializeCommand_CreatePrimary( 24899 const TPMI_RH_HIERARCHY& primary_handle, 24900 const std::string& primary_handle_name, 24901 const TPM2B_SENSITIVE_CREATE& in_sensitive, 24902 const TPM2B_PUBLIC& in_public, 24903 const TPM2B_DATA& outside_info, 24904 const TPML_PCR_SELECTION& creation_pcr, 24905 std::string* serialized_command, 24906 AuthorizationDelegate* authorization_delegate) { 24907 VLOG(3) << __func__; 24908 TPM_RC rc = TPM_RC_SUCCESS; 24909 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24910 UINT32 command_size = 10; // Header size. 24911 std::string handle_section_bytes; 24912 std::string parameter_section_bytes; 24913 TPM_CC command_code = TPM_CC_CreatePrimary; 24914 bool is_command_parameter_encryption_possible = true; 24915 bool is_response_parameter_encryption_possible = true; 24916 std::string command_code_bytes; 24917 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 24918 if (rc != TPM_RC_SUCCESS) { 24919 return rc; 24920 } 24921 std::string primary_handle_bytes; 24922 rc = Serialize_TPMI_RH_HIERARCHY(primary_handle, &primary_handle_bytes); 24923 if (rc != TPM_RC_SUCCESS) { 24924 return rc; 24925 } 24926 std::string in_sensitive_bytes; 24927 rc = Serialize_TPM2B_SENSITIVE_CREATE(in_sensitive, &in_sensitive_bytes); 24928 if (rc != TPM_RC_SUCCESS) { 24929 return rc; 24930 } 24931 std::string in_public_bytes; 24932 rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes); 24933 if (rc != TPM_RC_SUCCESS) { 24934 return rc; 24935 } 24936 std::string outside_info_bytes; 24937 rc = Serialize_TPM2B_DATA(outside_info, &outside_info_bytes); 24938 if (rc != TPM_RC_SUCCESS) { 24939 return rc; 24940 } 24941 std::string creation_pcr_bytes; 24942 rc = Serialize_TPML_PCR_SELECTION(creation_pcr, &creation_pcr_bytes); 24943 if (rc != TPM_RC_SUCCESS) { 24944 return rc; 24945 } 24946 if (authorization_delegate) { 24947 // Encrypt just the parameter data, not the size. 24948 std::string tmp = in_sensitive_bytes.substr(2); 24949 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 24950 return TRUNKS_RC_ENCRYPTION_FAILED; 24951 } 24952 in_sensitive_bytes.replace(2, std::string::npos, tmp); 24953 } 24954 std::unique_ptr<crypto::SecureHash> hash( 24955 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 24956 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 24957 hash->Update(primary_handle_name.data(), primary_handle_name.size()); 24958 handle_section_bytes += primary_handle_bytes; 24959 command_size += primary_handle_bytes.size(); 24960 hash->Update(in_sensitive_bytes.data(), in_sensitive_bytes.size()); 24961 parameter_section_bytes += in_sensitive_bytes; 24962 command_size += in_sensitive_bytes.size(); 24963 hash->Update(in_public_bytes.data(), in_public_bytes.size()); 24964 parameter_section_bytes += in_public_bytes; 24965 command_size += in_public_bytes.size(); 24966 hash->Update(outside_info_bytes.data(), outside_info_bytes.size()); 24967 parameter_section_bytes += outside_info_bytes; 24968 command_size += outside_info_bytes.size(); 24969 hash->Update(creation_pcr_bytes.data(), creation_pcr_bytes.size()); 24970 parameter_section_bytes += creation_pcr_bytes; 24971 command_size += creation_pcr_bytes.size(); 24972 std::string command_hash(32, 0); 24973 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24974 std::string authorization_section_bytes; 24975 std::string authorization_size_bytes; 24976 if (authorization_delegate) { 24977 if (!authorization_delegate->GetCommandAuthorization( 24978 command_hash, is_command_parameter_encryption_possible, 24979 is_response_parameter_encryption_possible, 24980 &authorization_section_bytes)) { 24981 return TRUNKS_RC_AUTHORIZATION_FAILED; 24982 } 24983 if (!authorization_section_bytes.empty()) { 24984 tag = TPM_ST_SESSIONS; 24985 std::string tmp; 24986 rc = Serialize_UINT32(authorization_section_bytes.size(), 24987 &authorization_size_bytes); 24988 if (rc != TPM_RC_SUCCESS) { 24989 return rc; 24990 } 24991 command_size += 24992 authorization_size_bytes.size() + authorization_section_bytes.size(); 24993 } 24994 } 24995 std::string tag_bytes; 24996 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 24997 if (rc != TPM_RC_SUCCESS) { 24998 return rc; 24999 } 25000 std::string command_size_bytes; 25001 rc = Serialize_UINT32(command_size, &command_size_bytes); 25002 if (rc != TPM_RC_SUCCESS) { 25003 return rc; 25004 } 25005 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 25006 handle_section_bytes + authorization_size_bytes + 25007 authorization_section_bytes + parameter_section_bytes; 25008 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25009 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25010 serialized_command->size()); 25011 return TPM_RC_SUCCESS; 25012 } 25013 25014 TPM_RC Tpm::ParseResponse_CreatePrimary( 25015 const std::string& response, 25016 TPM_HANDLE* object_handle, 25017 TPM2B_PUBLIC* out_public, 25018 TPM2B_CREATION_DATA* creation_data, 25019 TPM2B_DIGEST* creation_hash, 25020 TPMT_TK_CREATION* creation_ticket, 25021 TPM2B_NAME* name, 25022 AuthorizationDelegate* authorization_delegate) { 25023 VLOG(3) << __func__; 25024 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25025 TPM_RC rc = TPM_RC_SUCCESS; 25026 std::string buffer(response); 25027 TPM_ST tag; 25028 std::string tag_bytes; 25029 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 25030 if (rc != TPM_RC_SUCCESS) { 25031 return rc; 25032 } 25033 UINT32 response_size; 25034 std::string response_size_bytes; 25035 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 25036 if (rc != TPM_RC_SUCCESS) { 25037 return rc; 25038 } 25039 TPM_RC response_code; 25040 std::string response_code_bytes; 25041 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 25042 if (rc != TPM_RC_SUCCESS) { 25043 return rc; 25044 } 25045 if (response_size != response.size()) { 25046 return TPM_RC_SIZE; 25047 } 25048 if (response_code != TPM_RC_SUCCESS) { 25049 return response_code; 25050 } 25051 std::string object_handle_bytes; 25052 rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes); 25053 if (rc != TPM_RC_SUCCESS) { 25054 return rc; 25055 } 25056 TPM_CC command_code = TPM_CC_CreatePrimary; 25057 std::string command_code_bytes; 25058 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25059 if (rc != TPM_RC_SUCCESS) { 25060 return rc; 25061 } 25062 std::string authorization_section_bytes; 25063 if (tag == TPM_ST_SESSIONS) { 25064 UINT32 parameter_section_size = buffer.size(); 25065 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25066 if (rc != TPM_RC_SUCCESS) { 25067 return rc; 25068 } 25069 if (parameter_section_size > buffer.size()) { 25070 return TPM_RC_INSUFFICIENT; 25071 } 25072 authorization_section_bytes = buffer.substr(parameter_section_size); 25073 // Keep the parameter section in |buffer|. 25074 buffer.erase(parameter_section_size); 25075 } 25076 std::unique_ptr<crypto::SecureHash> hash( 25077 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25078 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 25079 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25080 hash->Update(buffer.data(), buffer.size()); 25081 std::string response_hash(32, 0); 25082 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25083 if (tag == TPM_ST_SESSIONS) { 25084 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25085 if (!authorization_delegate->CheckResponseAuthorization( 25086 response_hash, authorization_section_bytes)) { 25087 return TRUNKS_RC_AUTHORIZATION_FAILED; 25088 } 25089 } 25090 std::string out_public_bytes; 25091 rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes); 25092 if (rc != TPM_RC_SUCCESS) { 25093 return rc; 25094 } 25095 std::string creation_data_bytes; 25096 rc = Parse_TPM2B_CREATION_DATA(&buffer, creation_data, &creation_data_bytes); 25097 if (rc != TPM_RC_SUCCESS) { 25098 return rc; 25099 } 25100 std::string creation_hash_bytes; 25101 rc = Parse_TPM2B_DIGEST(&buffer, creation_hash, &creation_hash_bytes); 25102 if (rc != TPM_RC_SUCCESS) { 25103 return rc; 25104 } 25105 std::string creation_ticket_bytes; 25106 rc = Parse_TPMT_TK_CREATION(&buffer, creation_ticket, &creation_ticket_bytes); 25107 if (rc != TPM_RC_SUCCESS) { 25108 return rc; 25109 } 25110 std::string name_bytes; 25111 rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes); 25112 if (rc != TPM_RC_SUCCESS) { 25113 return rc; 25114 } 25115 if (tag == TPM_ST_SESSIONS) { 25116 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25117 // Decrypt just the parameter data, not the size. 25118 std::string tmp = out_public_bytes.substr(2); 25119 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 25120 return TRUNKS_RC_ENCRYPTION_FAILED; 25121 } 25122 out_public_bytes.replace(2, std::string::npos, tmp); 25123 rc = Parse_TPM2B_PUBLIC(&out_public_bytes, out_public, nullptr); 25124 if (rc != TPM_RC_SUCCESS) { 25125 return rc; 25126 } 25127 } 25128 return TPM_RC_SUCCESS; 25129 } 25130 25131 void CreatePrimaryErrorCallback(const Tpm::CreatePrimaryResponse& callback, 25132 TPM_RC response_code) { 25133 VLOG(1) << __func__; 25134 callback.Run(response_code, TPM_HANDLE(), TPM2B_PUBLIC(), 25135 TPM2B_CREATION_DATA(), TPM2B_DIGEST(), TPMT_TK_CREATION(), 25136 TPM2B_NAME()); 25137 } 25138 25139 void CreatePrimaryResponseParser(const Tpm::CreatePrimaryResponse& callback, 25140 AuthorizationDelegate* authorization_delegate, 25141 const std::string& response) { 25142 VLOG(1) << __func__; 25143 base::Callback<void(TPM_RC)> error_reporter = 25144 base::Bind(CreatePrimaryErrorCallback, callback); 25145 TPM_HANDLE object_handle; 25146 TPM2B_PUBLIC out_public; 25147 TPM2B_CREATION_DATA creation_data; 25148 TPM2B_DIGEST creation_hash; 25149 TPMT_TK_CREATION creation_ticket; 25150 TPM2B_NAME name; 25151 TPM_RC rc = Tpm::ParseResponse_CreatePrimary( 25152 response, &object_handle, &out_public, &creation_data, &creation_hash, 25153 &creation_ticket, &name, authorization_delegate); 25154 if (rc != TPM_RC_SUCCESS) { 25155 error_reporter.Run(rc); 25156 return; 25157 } 25158 callback.Run(rc, object_handle, out_public, creation_data, creation_hash, 25159 creation_ticket, name); 25160 } 25161 25162 void Tpm::CreatePrimary(const TPMI_RH_HIERARCHY& primary_handle, 25163 const std::string& primary_handle_name, 25164 const TPM2B_SENSITIVE_CREATE& in_sensitive, 25165 const TPM2B_PUBLIC& in_public, 25166 const TPM2B_DATA& outside_info, 25167 const TPML_PCR_SELECTION& creation_pcr, 25168 AuthorizationDelegate* authorization_delegate, 25169 const CreatePrimaryResponse& callback) { 25170 VLOG(1) << __func__; 25171 base::Callback<void(TPM_RC)> error_reporter = 25172 base::Bind(CreatePrimaryErrorCallback, callback); 25173 base::Callback<void(const std::string&)> parser = 25174 base::Bind(CreatePrimaryResponseParser, callback, authorization_delegate); 25175 std::string command; 25176 TPM_RC rc = SerializeCommand_CreatePrimary( 25177 primary_handle, primary_handle_name, in_sensitive, in_public, 25178 outside_info, creation_pcr, &command, authorization_delegate); 25179 if (rc != TPM_RC_SUCCESS) { 25180 error_reporter.Run(rc); 25181 return; 25182 } 25183 transceiver_->SendCommand(command, parser); 25184 } 25185 25186 TPM_RC Tpm::CreatePrimarySync(const TPMI_RH_HIERARCHY& primary_handle, 25187 const std::string& primary_handle_name, 25188 const TPM2B_SENSITIVE_CREATE& in_sensitive, 25189 const TPM2B_PUBLIC& in_public, 25190 const TPM2B_DATA& outside_info, 25191 const TPML_PCR_SELECTION& creation_pcr, 25192 TPM_HANDLE* object_handle, 25193 TPM2B_PUBLIC* out_public, 25194 TPM2B_CREATION_DATA* creation_data, 25195 TPM2B_DIGEST* creation_hash, 25196 TPMT_TK_CREATION* creation_ticket, 25197 TPM2B_NAME* name, 25198 AuthorizationDelegate* authorization_delegate) { 25199 VLOG(1) << __func__; 25200 std::string command; 25201 TPM_RC rc = SerializeCommand_CreatePrimary( 25202 primary_handle, primary_handle_name, in_sensitive, in_public, 25203 outside_info, creation_pcr, &command, authorization_delegate); 25204 if (rc != TPM_RC_SUCCESS) { 25205 return rc; 25206 } 25207 std::string response = transceiver_->SendCommandAndWait(command); 25208 rc = ParseResponse_CreatePrimary( 25209 response, object_handle, out_public, creation_data, creation_hash, 25210 creation_ticket, name, authorization_delegate); 25211 return rc; 25212 } 25213 25214 TPM_RC Tpm::SerializeCommand_HierarchyControl( 25215 const TPMI_RH_HIERARCHY& auth_handle, 25216 const std::string& auth_handle_name, 25217 const TPMI_RH_ENABLES& enable, 25218 const TPMI_YES_NO& state, 25219 std::string* serialized_command, 25220 AuthorizationDelegate* authorization_delegate) { 25221 VLOG(3) << __func__; 25222 TPM_RC rc = TPM_RC_SUCCESS; 25223 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25224 UINT32 command_size = 10; // Header size. 25225 std::string handle_section_bytes; 25226 std::string parameter_section_bytes; 25227 TPM_CC command_code = TPM_CC_HierarchyControl; 25228 bool is_command_parameter_encryption_possible = false; 25229 bool is_response_parameter_encryption_possible = false; 25230 std::string command_code_bytes; 25231 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25232 if (rc != TPM_RC_SUCCESS) { 25233 return rc; 25234 } 25235 std::string auth_handle_bytes; 25236 rc = Serialize_TPMI_RH_HIERARCHY(auth_handle, &auth_handle_bytes); 25237 if (rc != TPM_RC_SUCCESS) { 25238 return rc; 25239 } 25240 std::string enable_bytes; 25241 rc = Serialize_TPMI_RH_ENABLES(enable, &enable_bytes); 25242 if (rc != TPM_RC_SUCCESS) { 25243 return rc; 25244 } 25245 std::string state_bytes; 25246 rc = Serialize_TPMI_YES_NO(state, &state_bytes); 25247 if (rc != TPM_RC_SUCCESS) { 25248 return rc; 25249 } 25250 std::unique_ptr<crypto::SecureHash> hash( 25251 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25252 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25253 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 25254 handle_section_bytes += auth_handle_bytes; 25255 command_size += auth_handle_bytes.size(); 25256 hash->Update(enable_bytes.data(), enable_bytes.size()); 25257 parameter_section_bytes += enable_bytes; 25258 command_size += enable_bytes.size(); 25259 hash->Update(state_bytes.data(), state_bytes.size()); 25260 parameter_section_bytes += state_bytes; 25261 command_size += state_bytes.size(); 25262 std::string command_hash(32, 0); 25263 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25264 std::string authorization_section_bytes; 25265 std::string authorization_size_bytes; 25266 if (authorization_delegate) { 25267 if (!authorization_delegate->GetCommandAuthorization( 25268 command_hash, is_command_parameter_encryption_possible, 25269 is_response_parameter_encryption_possible, 25270 &authorization_section_bytes)) { 25271 return TRUNKS_RC_AUTHORIZATION_FAILED; 25272 } 25273 if (!authorization_section_bytes.empty()) { 25274 tag = TPM_ST_SESSIONS; 25275 std::string tmp; 25276 rc = Serialize_UINT32(authorization_section_bytes.size(), 25277 &authorization_size_bytes); 25278 if (rc != TPM_RC_SUCCESS) { 25279 return rc; 25280 } 25281 command_size += 25282 authorization_size_bytes.size() + authorization_section_bytes.size(); 25283 } 25284 } 25285 std::string tag_bytes; 25286 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 25287 if (rc != TPM_RC_SUCCESS) { 25288 return rc; 25289 } 25290 std::string command_size_bytes; 25291 rc = Serialize_UINT32(command_size, &command_size_bytes); 25292 if (rc != TPM_RC_SUCCESS) { 25293 return rc; 25294 } 25295 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 25296 handle_section_bytes + authorization_size_bytes + 25297 authorization_section_bytes + parameter_section_bytes; 25298 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25299 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25300 serialized_command->size()); 25301 return TPM_RC_SUCCESS; 25302 } 25303 25304 TPM_RC Tpm::ParseResponse_HierarchyControl( 25305 const std::string& response, 25306 AuthorizationDelegate* authorization_delegate) { 25307 VLOG(3) << __func__; 25308 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25309 TPM_RC rc = TPM_RC_SUCCESS; 25310 std::string buffer(response); 25311 TPM_ST tag; 25312 std::string tag_bytes; 25313 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 25314 if (rc != TPM_RC_SUCCESS) { 25315 return rc; 25316 } 25317 UINT32 response_size; 25318 std::string response_size_bytes; 25319 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 25320 if (rc != TPM_RC_SUCCESS) { 25321 return rc; 25322 } 25323 TPM_RC response_code; 25324 std::string response_code_bytes; 25325 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 25326 if (rc != TPM_RC_SUCCESS) { 25327 return rc; 25328 } 25329 if (response_size != response.size()) { 25330 return TPM_RC_SIZE; 25331 } 25332 if (response_code != TPM_RC_SUCCESS) { 25333 return response_code; 25334 } 25335 TPM_CC command_code = TPM_CC_HierarchyControl; 25336 std::string command_code_bytes; 25337 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25338 if (rc != TPM_RC_SUCCESS) { 25339 return rc; 25340 } 25341 std::string authorization_section_bytes; 25342 if (tag == TPM_ST_SESSIONS) { 25343 UINT32 parameter_section_size = buffer.size(); 25344 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25345 if (rc != TPM_RC_SUCCESS) { 25346 return rc; 25347 } 25348 if (parameter_section_size > buffer.size()) { 25349 return TPM_RC_INSUFFICIENT; 25350 } 25351 authorization_section_bytes = buffer.substr(parameter_section_size); 25352 // Keep the parameter section in |buffer|. 25353 buffer.erase(parameter_section_size); 25354 } 25355 std::unique_ptr<crypto::SecureHash> hash( 25356 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25357 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 25358 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25359 hash->Update(buffer.data(), buffer.size()); 25360 std::string response_hash(32, 0); 25361 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25362 if (tag == TPM_ST_SESSIONS) { 25363 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25364 if (!authorization_delegate->CheckResponseAuthorization( 25365 response_hash, authorization_section_bytes)) { 25366 return TRUNKS_RC_AUTHORIZATION_FAILED; 25367 } 25368 } 25369 return TPM_RC_SUCCESS; 25370 } 25371 25372 void HierarchyControlErrorCallback( 25373 const Tpm::HierarchyControlResponse& callback, 25374 TPM_RC response_code) { 25375 VLOG(1) << __func__; 25376 callback.Run(response_code); 25377 } 25378 25379 void HierarchyControlResponseParser( 25380 const Tpm::HierarchyControlResponse& callback, 25381 AuthorizationDelegate* authorization_delegate, 25382 const std::string& response) { 25383 VLOG(1) << __func__; 25384 base::Callback<void(TPM_RC)> error_reporter = 25385 base::Bind(HierarchyControlErrorCallback, callback); 25386 TPM_RC rc = 25387 Tpm::ParseResponse_HierarchyControl(response, authorization_delegate); 25388 if (rc != TPM_RC_SUCCESS) { 25389 error_reporter.Run(rc); 25390 return; 25391 } 25392 callback.Run(rc); 25393 } 25394 25395 void Tpm::HierarchyControl(const TPMI_RH_HIERARCHY& auth_handle, 25396 const std::string& auth_handle_name, 25397 const TPMI_RH_ENABLES& enable, 25398 const TPMI_YES_NO& state, 25399 AuthorizationDelegate* authorization_delegate, 25400 const HierarchyControlResponse& callback) { 25401 VLOG(1) << __func__; 25402 base::Callback<void(TPM_RC)> error_reporter = 25403 base::Bind(HierarchyControlErrorCallback, callback); 25404 base::Callback<void(const std::string&)> parser = base::Bind( 25405 HierarchyControlResponseParser, callback, authorization_delegate); 25406 std::string command; 25407 TPM_RC rc = SerializeCommand_HierarchyControl(auth_handle, auth_handle_name, 25408 enable, state, &command, 25409 authorization_delegate); 25410 if (rc != TPM_RC_SUCCESS) { 25411 error_reporter.Run(rc); 25412 return; 25413 } 25414 transceiver_->SendCommand(command, parser); 25415 } 25416 25417 TPM_RC Tpm::HierarchyControlSync( 25418 const TPMI_RH_HIERARCHY& auth_handle, 25419 const std::string& auth_handle_name, 25420 const TPMI_RH_ENABLES& enable, 25421 const TPMI_YES_NO& state, 25422 AuthorizationDelegate* authorization_delegate) { 25423 VLOG(1) << __func__; 25424 std::string command; 25425 TPM_RC rc = SerializeCommand_HierarchyControl(auth_handle, auth_handle_name, 25426 enable, state, &command, 25427 authorization_delegate); 25428 if (rc != TPM_RC_SUCCESS) { 25429 return rc; 25430 } 25431 std::string response = transceiver_->SendCommandAndWait(command); 25432 rc = ParseResponse_HierarchyControl(response, authorization_delegate); 25433 return rc; 25434 } 25435 25436 TPM_RC Tpm::SerializeCommand_SetPrimaryPolicy( 25437 const TPMI_RH_HIERARCHY& auth_handle, 25438 const std::string& auth_handle_name, 25439 const TPM2B_DIGEST& auth_policy, 25440 const TPMI_ALG_HASH& hash_alg, 25441 std::string* serialized_command, 25442 AuthorizationDelegate* authorization_delegate) { 25443 VLOG(3) << __func__; 25444 TPM_RC rc = TPM_RC_SUCCESS; 25445 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25446 UINT32 command_size = 10; // Header size. 25447 std::string handle_section_bytes; 25448 std::string parameter_section_bytes; 25449 TPM_CC command_code = TPM_CC_SetPrimaryPolicy; 25450 bool is_command_parameter_encryption_possible = true; 25451 bool is_response_parameter_encryption_possible = false; 25452 std::string command_code_bytes; 25453 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25454 if (rc != TPM_RC_SUCCESS) { 25455 return rc; 25456 } 25457 std::string auth_handle_bytes; 25458 rc = Serialize_TPMI_RH_HIERARCHY(auth_handle, &auth_handle_bytes); 25459 if (rc != TPM_RC_SUCCESS) { 25460 return rc; 25461 } 25462 std::string auth_policy_bytes; 25463 rc = Serialize_TPM2B_DIGEST(auth_policy, &auth_policy_bytes); 25464 if (rc != TPM_RC_SUCCESS) { 25465 return rc; 25466 } 25467 std::string hash_alg_bytes; 25468 rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes); 25469 if (rc != TPM_RC_SUCCESS) { 25470 return rc; 25471 } 25472 if (authorization_delegate) { 25473 // Encrypt just the parameter data, not the size. 25474 std::string tmp = auth_policy_bytes.substr(2); 25475 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 25476 return TRUNKS_RC_ENCRYPTION_FAILED; 25477 } 25478 auth_policy_bytes.replace(2, std::string::npos, tmp); 25479 } 25480 std::unique_ptr<crypto::SecureHash> hash( 25481 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25482 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25483 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 25484 handle_section_bytes += auth_handle_bytes; 25485 command_size += auth_handle_bytes.size(); 25486 hash->Update(auth_policy_bytes.data(), auth_policy_bytes.size()); 25487 parameter_section_bytes += auth_policy_bytes; 25488 command_size += auth_policy_bytes.size(); 25489 hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size()); 25490 parameter_section_bytes += hash_alg_bytes; 25491 command_size += hash_alg_bytes.size(); 25492 std::string command_hash(32, 0); 25493 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25494 std::string authorization_section_bytes; 25495 std::string authorization_size_bytes; 25496 if (authorization_delegate) { 25497 if (!authorization_delegate->GetCommandAuthorization( 25498 command_hash, is_command_parameter_encryption_possible, 25499 is_response_parameter_encryption_possible, 25500 &authorization_section_bytes)) { 25501 return TRUNKS_RC_AUTHORIZATION_FAILED; 25502 } 25503 if (!authorization_section_bytes.empty()) { 25504 tag = TPM_ST_SESSIONS; 25505 std::string tmp; 25506 rc = Serialize_UINT32(authorization_section_bytes.size(), 25507 &authorization_size_bytes); 25508 if (rc != TPM_RC_SUCCESS) { 25509 return rc; 25510 } 25511 command_size += 25512 authorization_size_bytes.size() + authorization_section_bytes.size(); 25513 } 25514 } 25515 std::string tag_bytes; 25516 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 25517 if (rc != TPM_RC_SUCCESS) { 25518 return rc; 25519 } 25520 std::string command_size_bytes; 25521 rc = Serialize_UINT32(command_size, &command_size_bytes); 25522 if (rc != TPM_RC_SUCCESS) { 25523 return rc; 25524 } 25525 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 25526 handle_section_bytes + authorization_size_bytes + 25527 authorization_section_bytes + parameter_section_bytes; 25528 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25529 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25530 serialized_command->size()); 25531 return TPM_RC_SUCCESS; 25532 } 25533 25534 TPM_RC Tpm::ParseResponse_SetPrimaryPolicy( 25535 const std::string& response, 25536 AuthorizationDelegate* authorization_delegate) { 25537 VLOG(3) << __func__; 25538 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25539 TPM_RC rc = TPM_RC_SUCCESS; 25540 std::string buffer(response); 25541 TPM_ST tag; 25542 std::string tag_bytes; 25543 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 25544 if (rc != TPM_RC_SUCCESS) { 25545 return rc; 25546 } 25547 UINT32 response_size; 25548 std::string response_size_bytes; 25549 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 25550 if (rc != TPM_RC_SUCCESS) { 25551 return rc; 25552 } 25553 TPM_RC response_code; 25554 std::string response_code_bytes; 25555 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 25556 if (rc != TPM_RC_SUCCESS) { 25557 return rc; 25558 } 25559 if (response_size != response.size()) { 25560 return TPM_RC_SIZE; 25561 } 25562 if (response_code != TPM_RC_SUCCESS) { 25563 return response_code; 25564 } 25565 TPM_CC command_code = TPM_CC_SetPrimaryPolicy; 25566 std::string command_code_bytes; 25567 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25568 if (rc != TPM_RC_SUCCESS) { 25569 return rc; 25570 } 25571 std::string authorization_section_bytes; 25572 if (tag == TPM_ST_SESSIONS) { 25573 UINT32 parameter_section_size = buffer.size(); 25574 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25575 if (rc != TPM_RC_SUCCESS) { 25576 return rc; 25577 } 25578 if (parameter_section_size > buffer.size()) { 25579 return TPM_RC_INSUFFICIENT; 25580 } 25581 authorization_section_bytes = buffer.substr(parameter_section_size); 25582 // Keep the parameter section in |buffer|. 25583 buffer.erase(parameter_section_size); 25584 } 25585 std::unique_ptr<crypto::SecureHash> hash( 25586 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25587 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 25588 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25589 hash->Update(buffer.data(), buffer.size()); 25590 std::string response_hash(32, 0); 25591 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25592 if (tag == TPM_ST_SESSIONS) { 25593 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25594 if (!authorization_delegate->CheckResponseAuthorization( 25595 response_hash, authorization_section_bytes)) { 25596 return TRUNKS_RC_AUTHORIZATION_FAILED; 25597 } 25598 } 25599 return TPM_RC_SUCCESS; 25600 } 25601 25602 void SetPrimaryPolicyErrorCallback( 25603 const Tpm::SetPrimaryPolicyResponse& callback, 25604 TPM_RC response_code) { 25605 VLOG(1) << __func__; 25606 callback.Run(response_code); 25607 } 25608 25609 void SetPrimaryPolicyResponseParser( 25610 const Tpm::SetPrimaryPolicyResponse& callback, 25611 AuthorizationDelegate* authorization_delegate, 25612 const std::string& response) { 25613 VLOG(1) << __func__; 25614 base::Callback<void(TPM_RC)> error_reporter = 25615 base::Bind(SetPrimaryPolicyErrorCallback, callback); 25616 TPM_RC rc = 25617 Tpm::ParseResponse_SetPrimaryPolicy(response, authorization_delegate); 25618 if (rc != TPM_RC_SUCCESS) { 25619 error_reporter.Run(rc); 25620 return; 25621 } 25622 callback.Run(rc); 25623 } 25624 25625 void Tpm::SetPrimaryPolicy(const TPMI_RH_HIERARCHY& auth_handle, 25626 const std::string& auth_handle_name, 25627 const TPM2B_DIGEST& auth_policy, 25628 const TPMI_ALG_HASH& hash_alg, 25629 AuthorizationDelegate* authorization_delegate, 25630 const SetPrimaryPolicyResponse& callback) { 25631 VLOG(1) << __func__; 25632 base::Callback<void(TPM_RC)> error_reporter = 25633 base::Bind(SetPrimaryPolicyErrorCallback, callback); 25634 base::Callback<void(const std::string&)> parser = base::Bind( 25635 SetPrimaryPolicyResponseParser, callback, authorization_delegate); 25636 std::string command; 25637 TPM_RC rc = SerializeCommand_SetPrimaryPolicy(auth_handle, auth_handle_name, 25638 auth_policy, hash_alg, &command, 25639 authorization_delegate); 25640 if (rc != TPM_RC_SUCCESS) { 25641 error_reporter.Run(rc); 25642 return; 25643 } 25644 transceiver_->SendCommand(command, parser); 25645 } 25646 25647 TPM_RC Tpm::SetPrimaryPolicySync( 25648 const TPMI_RH_HIERARCHY& auth_handle, 25649 const std::string& auth_handle_name, 25650 const TPM2B_DIGEST& auth_policy, 25651 const TPMI_ALG_HASH& hash_alg, 25652 AuthorizationDelegate* authorization_delegate) { 25653 VLOG(1) << __func__; 25654 std::string command; 25655 TPM_RC rc = SerializeCommand_SetPrimaryPolicy(auth_handle, auth_handle_name, 25656 auth_policy, hash_alg, &command, 25657 authorization_delegate); 25658 if (rc != TPM_RC_SUCCESS) { 25659 return rc; 25660 } 25661 std::string response = transceiver_->SendCommandAndWait(command); 25662 rc = ParseResponse_SetPrimaryPolicy(response, authorization_delegate); 25663 return rc; 25664 } 25665 25666 TPM_RC Tpm::SerializeCommand_ChangePPS( 25667 const TPMI_RH_PLATFORM& auth_handle, 25668 const std::string& auth_handle_name, 25669 std::string* serialized_command, 25670 AuthorizationDelegate* authorization_delegate) { 25671 VLOG(3) << __func__; 25672 TPM_RC rc = TPM_RC_SUCCESS; 25673 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25674 UINT32 command_size = 10; // Header size. 25675 std::string handle_section_bytes; 25676 std::string parameter_section_bytes; 25677 TPM_CC command_code = TPM_CC_ChangePPS; 25678 bool is_command_parameter_encryption_possible = false; 25679 bool is_response_parameter_encryption_possible = false; 25680 std::string command_code_bytes; 25681 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25682 if (rc != TPM_RC_SUCCESS) { 25683 return rc; 25684 } 25685 std::string auth_handle_bytes; 25686 rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes); 25687 if (rc != TPM_RC_SUCCESS) { 25688 return rc; 25689 } 25690 std::unique_ptr<crypto::SecureHash> hash( 25691 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25692 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25693 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 25694 handle_section_bytes += auth_handle_bytes; 25695 command_size += auth_handle_bytes.size(); 25696 std::string command_hash(32, 0); 25697 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25698 std::string authorization_section_bytes; 25699 std::string authorization_size_bytes; 25700 if (authorization_delegate) { 25701 if (!authorization_delegate->GetCommandAuthorization( 25702 command_hash, is_command_parameter_encryption_possible, 25703 is_response_parameter_encryption_possible, 25704 &authorization_section_bytes)) { 25705 return TRUNKS_RC_AUTHORIZATION_FAILED; 25706 } 25707 if (!authorization_section_bytes.empty()) { 25708 tag = TPM_ST_SESSIONS; 25709 std::string tmp; 25710 rc = Serialize_UINT32(authorization_section_bytes.size(), 25711 &authorization_size_bytes); 25712 if (rc != TPM_RC_SUCCESS) { 25713 return rc; 25714 } 25715 command_size += 25716 authorization_size_bytes.size() + authorization_section_bytes.size(); 25717 } 25718 } 25719 std::string tag_bytes; 25720 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 25721 if (rc != TPM_RC_SUCCESS) { 25722 return rc; 25723 } 25724 std::string command_size_bytes; 25725 rc = Serialize_UINT32(command_size, &command_size_bytes); 25726 if (rc != TPM_RC_SUCCESS) { 25727 return rc; 25728 } 25729 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 25730 handle_section_bytes + authorization_size_bytes + 25731 authorization_section_bytes + parameter_section_bytes; 25732 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25733 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25734 serialized_command->size()); 25735 return TPM_RC_SUCCESS; 25736 } 25737 25738 TPM_RC Tpm::ParseResponse_ChangePPS( 25739 const std::string& response, 25740 AuthorizationDelegate* authorization_delegate) { 25741 VLOG(3) << __func__; 25742 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25743 TPM_RC rc = TPM_RC_SUCCESS; 25744 std::string buffer(response); 25745 TPM_ST tag; 25746 std::string tag_bytes; 25747 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 25748 if (rc != TPM_RC_SUCCESS) { 25749 return rc; 25750 } 25751 UINT32 response_size; 25752 std::string response_size_bytes; 25753 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 25754 if (rc != TPM_RC_SUCCESS) { 25755 return rc; 25756 } 25757 TPM_RC response_code; 25758 std::string response_code_bytes; 25759 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 25760 if (rc != TPM_RC_SUCCESS) { 25761 return rc; 25762 } 25763 if (response_size != response.size()) { 25764 return TPM_RC_SIZE; 25765 } 25766 if (response_code != TPM_RC_SUCCESS) { 25767 return response_code; 25768 } 25769 TPM_CC command_code = TPM_CC_ChangePPS; 25770 std::string command_code_bytes; 25771 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25772 if (rc != TPM_RC_SUCCESS) { 25773 return rc; 25774 } 25775 std::string authorization_section_bytes; 25776 if (tag == TPM_ST_SESSIONS) { 25777 UINT32 parameter_section_size = buffer.size(); 25778 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25779 if (rc != TPM_RC_SUCCESS) { 25780 return rc; 25781 } 25782 if (parameter_section_size > buffer.size()) { 25783 return TPM_RC_INSUFFICIENT; 25784 } 25785 authorization_section_bytes = buffer.substr(parameter_section_size); 25786 // Keep the parameter section in |buffer|. 25787 buffer.erase(parameter_section_size); 25788 } 25789 std::unique_ptr<crypto::SecureHash> hash( 25790 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25791 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 25792 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25793 hash->Update(buffer.data(), buffer.size()); 25794 std::string response_hash(32, 0); 25795 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25796 if (tag == TPM_ST_SESSIONS) { 25797 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25798 if (!authorization_delegate->CheckResponseAuthorization( 25799 response_hash, authorization_section_bytes)) { 25800 return TRUNKS_RC_AUTHORIZATION_FAILED; 25801 } 25802 } 25803 return TPM_RC_SUCCESS; 25804 } 25805 25806 void ChangePPSErrorCallback(const Tpm::ChangePPSResponse& callback, 25807 TPM_RC response_code) { 25808 VLOG(1) << __func__; 25809 callback.Run(response_code); 25810 } 25811 25812 void ChangePPSResponseParser(const Tpm::ChangePPSResponse& callback, 25813 AuthorizationDelegate* authorization_delegate, 25814 const std::string& response) { 25815 VLOG(1) << __func__; 25816 base::Callback<void(TPM_RC)> error_reporter = 25817 base::Bind(ChangePPSErrorCallback, callback); 25818 TPM_RC rc = Tpm::ParseResponse_ChangePPS(response, authorization_delegate); 25819 if (rc != TPM_RC_SUCCESS) { 25820 error_reporter.Run(rc); 25821 return; 25822 } 25823 callback.Run(rc); 25824 } 25825 25826 void Tpm::ChangePPS(const TPMI_RH_PLATFORM& auth_handle, 25827 const std::string& auth_handle_name, 25828 AuthorizationDelegate* authorization_delegate, 25829 const ChangePPSResponse& callback) { 25830 VLOG(1) << __func__; 25831 base::Callback<void(TPM_RC)> error_reporter = 25832 base::Bind(ChangePPSErrorCallback, callback); 25833 base::Callback<void(const std::string&)> parser = 25834 base::Bind(ChangePPSResponseParser, callback, authorization_delegate); 25835 std::string command; 25836 TPM_RC rc = SerializeCommand_ChangePPS(auth_handle, auth_handle_name, 25837 &command, authorization_delegate); 25838 if (rc != TPM_RC_SUCCESS) { 25839 error_reporter.Run(rc); 25840 return; 25841 } 25842 transceiver_->SendCommand(command, parser); 25843 } 25844 25845 TPM_RC Tpm::ChangePPSSync(const TPMI_RH_PLATFORM& auth_handle, 25846 const std::string& auth_handle_name, 25847 AuthorizationDelegate* authorization_delegate) { 25848 VLOG(1) << __func__; 25849 std::string command; 25850 TPM_RC rc = SerializeCommand_ChangePPS(auth_handle, auth_handle_name, 25851 &command, authorization_delegate); 25852 if (rc != TPM_RC_SUCCESS) { 25853 return rc; 25854 } 25855 std::string response = transceiver_->SendCommandAndWait(command); 25856 rc = ParseResponse_ChangePPS(response, authorization_delegate); 25857 return rc; 25858 } 25859 25860 TPM_RC Tpm::SerializeCommand_ChangeEPS( 25861 const TPMI_RH_PLATFORM& auth_handle, 25862 const std::string& auth_handle_name, 25863 std::string* serialized_command, 25864 AuthorizationDelegate* authorization_delegate) { 25865 VLOG(3) << __func__; 25866 TPM_RC rc = TPM_RC_SUCCESS; 25867 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25868 UINT32 command_size = 10; // Header size. 25869 std::string handle_section_bytes; 25870 std::string parameter_section_bytes; 25871 TPM_CC command_code = TPM_CC_ChangeEPS; 25872 bool is_command_parameter_encryption_possible = false; 25873 bool is_response_parameter_encryption_possible = false; 25874 std::string command_code_bytes; 25875 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25876 if (rc != TPM_RC_SUCCESS) { 25877 return rc; 25878 } 25879 std::string auth_handle_bytes; 25880 rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes); 25881 if (rc != TPM_RC_SUCCESS) { 25882 return rc; 25883 } 25884 std::unique_ptr<crypto::SecureHash> hash( 25885 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25886 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25887 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 25888 handle_section_bytes += auth_handle_bytes; 25889 command_size += auth_handle_bytes.size(); 25890 std::string command_hash(32, 0); 25891 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25892 std::string authorization_section_bytes; 25893 std::string authorization_size_bytes; 25894 if (authorization_delegate) { 25895 if (!authorization_delegate->GetCommandAuthorization( 25896 command_hash, is_command_parameter_encryption_possible, 25897 is_response_parameter_encryption_possible, 25898 &authorization_section_bytes)) { 25899 return TRUNKS_RC_AUTHORIZATION_FAILED; 25900 } 25901 if (!authorization_section_bytes.empty()) { 25902 tag = TPM_ST_SESSIONS; 25903 std::string tmp; 25904 rc = Serialize_UINT32(authorization_section_bytes.size(), 25905 &authorization_size_bytes); 25906 if (rc != TPM_RC_SUCCESS) { 25907 return rc; 25908 } 25909 command_size += 25910 authorization_size_bytes.size() + authorization_section_bytes.size(); 25911 } 25912 } 25913 std::string tag_bytes; 25914 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 25915 if (rc != TPM_RC_SUCCESS) { 25916 return rc; 25917 } 25918 std::string command_size_bytes; 25919 rc = Serialize_UINT32(command_size, &command_size_bytes); 25920 if (rc != TPM_RC_SUCCESS) { 25921 return rc; 25922 } 25923 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 25924 handle_section_bytes + authorization_size_bytes + 25925 authorization_section_bytes + parameter_section_bytes; 25926 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25927 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25928 serialized_command->size()); 25929 return TPM_RC_SUCCESS; 25930 } 25931 25932 TPM_RC Tpm::ParseResponse_ChangeEPS( 25933 const std::string& response, 25934 AuthorizationDelegate* authorization_delegate) { 25935 VLOG(3) << __func__; 25936 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25937 TPM_RC rc = TPM_RC_SUCCESS; 25938 std::string buffer(response); 25939 TPM_ST tag; 25940 std::string tag_bytes; 25941 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 25942 if (rc != TPM_RC_SUCCESS) { 25943 return rc; 25944 } 25945 UINT32 response_size; 25946 std::string response_size_bytes; 25947 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 25948 if (rc != TPM_RC_SUCCESS) { 25949 return rc; 25950 } 25951 TPM_RC response_code; 25952 std::string response_code_bytes; 25953 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 25954 if (rc != TPM_RC_SUCCESS) { 25955 return rc; 25956 } 25957 if (response_size != response.size()) { 25958 return TPM_RC_SIZE; 25959 } 25960 if (response_code != TPM_RC_SUCCESS) { 25961 return response_code; 25962 } 25963 TPM_CC command_code = TPM_CC_ChangeEPS; 25964 std::string command_code_bytes; 25965 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 25966 if (rc != TPM_RC_SUCCESS) { 25967 return rc; 25968 } 25969 std::string authorization_section_bytes; 25970 if (tag == TPM_ST_SESSIONS) { 25971 UINT32 parameter_section_size = buffer.size(); 25972 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25973 if (rc != TPM_RC_SUCCESS) { 25974 return rc; 25975 } 25976 if (parameter_section_size > buffer.size()) { 25977 return TPM_RC_INSUFFICIENT; 25978 } 25979 authorization_section_bytes = buffer.substr(parameter_section_size); 25980 // Keep the parameter section in |buffer|. 25981 buffer.erase(parameter_section_size); 25982 } 25983 std::unique_ptr<crypto::SecureHash> hash( 25984 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 25985 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 25986 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 25987 hash->Update(buffer.data(), buffer.size()); 25988 std::string response_hash(32, 0); 25989 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25990 if (tag == TPM_ST_SESSIONS) { 25991 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25992 if (!authorization_delegate->CheckResponseAuthorization( 25993 response_hash, authorization_section_bytes)) { 25994 return TRUNKS_RC_AUTHORIZATION_FAILED; 25995 } 25996 } 25997 return TPM_RC_SUCCESS; 25998 } 25999 26000 void ChangeEPSErrorCallback(const Tpm::ChangeEPSResponse& callback, 26001 TPM_RC response_code) { 26002 VLOG(1) << __func__; 26003 callback.Run(response_code); 26004 } 26005 26006 void ChangeEPSResponseParser(const Tpm::ChangeEPSResponse& callback, 26007 AuthorizationDelegate* authorization_delegate, 26008 const std::string& response) { 26009 VLOG(1) << __func__; 26010 base::Callback<void(TPM_RC)> error_reporter = 26011 base::Bind(ChangeEPSErrorCallback, callback); 26012 TPM_RC rc = Tpm::ParseResponse_ChangeEPS(response, authorization_delegate); 26013 if (rc != TPM_RC_SUCCESS) { 26014 error_reporter.Run(rc); 26015 return; 26016 } 26017 callback.Run(rc); 26018 } 26019 26020 void Tpm::ChangeEPS(const TPMI_RH_PLATFORM& auth_handle, 26021 const std::string& auth_handle_name, 26022 AuthorizationDelegate* authorization_delegate, 26023 const ChangeEPSResponse& callback) { 26024 VLOG(1) << __func__; 26025 base::Callback<void(TPM_RC)> error_reporter = 26026 base::Bind(ChangeEPSErrorCallback, callback); 26027 base::Callback<void(const std::string&)> parser = 26028 base::Bind(ChangeEPSResponseParser, callback, authorization_delegate); 26029 std::string command; 26030 TPM_RC rc = SerializeCommand_ChangeEPS(auth_handle, auth_handle_name, 26031 &command, authorization_delegate); 26032 if (rc != TPM_RC_SUCCESS) { 26033 error_reporter.Run(rc); 26034 return; 26035 } 26036 transceiver_->SendCommand(command, parser); 26037 } 26038 26039 TPM_RC Tpm::ChangeEPSSync(const TPMI_RH_PLATFORM& auth_handle, 26040 const std::string& auth_handle_name, 26041 AuthorizationDelegate* authorization_delegate) { 26042 VLOG(1) << __func__; 26043 std::string command; 26044 TPM_RC rc = SerializeCommand_ChangeEPS(auth_handle, auth_handle_name, 26045 &command, authorization_delegate); 26046 if (rc != TPM_RC_SUCCESS) { 26047 return rc; 26048 } 26049 std::string response = transceiver_->SendCommandAndWait(command); 26050 rc = ParseResponse_ChangeEPS(response, authorization_delegate); 26051 return rc; 26052 } 26053 26054 TPM_RC Tpm::SerializeCommand_Clear( 26055 const TPMI_RH_CLEAR& auth_handle, 26056 const std::string& auth_handle_name, 26057 std::string* serialized_command, 26058 AuthorizationDelegate* authorization_delegate) { 26059 VLOG(3) << __func__; 26060 TPM_RC rc = TPM_RC_SUCCESS; 26061 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26062 UINT32 command_size = 10; // Header size. 26063 std::string handle_section_bytes; 26064 std::string parameter_section_bytes; 26065 TPM_CC command_code = TPM_CC_Clear; 26066 bool is_command_parameter_encryption_possible = false; 26067 bool is_response_parameter_encryption_possible = false; 26068 std::string command_code_bytes; 26069 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26070 if (rc != TPM_RC_SUCCESS) { 26071 return rc; 26072 } 26073 std::string auth_handle_bytes; 26074 rc = Serialize_TPMI_RH_CLEAR(auth_handle, &auth_handle_bytes); 26075 if (rc != TPM_RC_SUCCESS) { 26076 return rc; 26077 } 26078 std::unique_ptr<crypto::SecureHash> hash( 26079 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26080 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26081 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 26082 handle_section_bytes += auth_handle_bytes; 26083 command_size += auth_handle_bytes.size(); 26084 std::string command_hash(32, 0); 26085 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26086 std::string authorization_section_bytes; 26087 std::string authorization_size_bytes; 26088 if (authorization_delegate) { 26089 if (!authorization_delegate->GetCommandAuthorization( 26090 command_hash, is_command_parameter_encryption_possible, 26091 is_response_parameter_encryption_possible, 26092 &authorization_section_bytes)) { 26093 return TRUNKS_RC_AUTHORIZATION_FAILED; 26094 } 26095 if (!authorization_section_bytes.empty()) { 26096 tag = TPM_ST_SESSIONS; 26097 std::string tmp; 26098 rc = Serialize_UINT32(authorization_section_bytes.size(), 26099 &authorization_size_bytes); 26100 if (rc != TPM_RC_SUCCESS) { 26101 return rc; 26102 } 26103 command_size += 26104 authorization_size_bytes.size() + authorization_section_bytes.size(); 26105 } 26106 } 26107 std::string tag_bytes; 26108 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 26109 if (rc != TPM_RC_SUCCESS) { 26110 return rc; 26111 } 26112 std::string command_size_bytes; 26113 rc = Serialize_UINT32(command_size, &command_size_bytes); 26114 if (rc != TPM_RC_SUCCESS) { 26115 return rc; 26116 } 26117 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 26118 handle_section_bytes + authorization_size_bytes + 26119 authorization_section_bytes + parameter_section_bytes; 26120 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26121 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26122 serialized_command->size()); 26123 return TPM_RC_SUCCESS; 26124 } 26125 26126 TPM_RC Tpm::ParseResponse_Clear(const std::string& response, 26127 AuthorizationDelegate* authorization_delegate) { 26128 VLOG(3) << __func__; 26129 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26130 TPM_RC rc = TPM_RC_SUCCESS; 26131 std::string buffer(response); 26132 TPM_ST tag; 26133 std::string tag_bytes; 26134 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 26135 if (rc != TPM_RC_SUCCESS) { 26136 return rc; 26137 } 26138 UINT32 response_size; 26139 std::string response_size_bytes; 26140 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 26141 if (rc != TPM_RC_SUCCESS) { 26142 return rc; 26143 } 26144 TPM_RC response_code; 26145 std::string response_code_bytes; 26146 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 26147 if (rc != TPM_RC_SUCCESS) { 26148 return rc; 26149 } 26150 if (response_size != response.size()) { 26151 return TPM_RC_SIZE; 26152 } 26153 if (response_code != TPM_RC_SUCCESS) { 26154 return response_code; 26155 } 26156 TPM_CC command_code = TPM_CC_Clear; 26157 std::string command_code_bytes; 26158 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26159 if (rc != TPM_RC_SUCCESS) { 26160 return rc; 26161 } 26162 std::string authorization_section_bytes; 26163 if (tag == TPM_ST_SESSIONS) { 26164 UINT32 parameter_section_size = buffer.size(); 26165 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26166 if (rc != TPM_RC_SUCCESS) { 26167 return rc; 26168 } 26169 if (parameter_section_size > buffer.size()) { 26170 return TPM_RC_INSUFFICIENT; 26171 } 26172 authorization_section_bytes = buffer.substr(parameter_section_size); 26173 // Keep the parameter section in |buffer|. 26174 buffer.erase(parameter_section_size); 26175 } 26176 std::unique_ptr<crypto::SecureHash> hash( 26177 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26178 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 26179 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26180 hash->Update(buffer.data(), buffer.size()); 26181 std::string response_hash(32, 0); 26182 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26183 if (tag == TPM_ST_SESSIONS) { 26184 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26185 if (!authorization_delegate->CheckResponseAuthorization( 26186 response_hash, authorization_section_bytes)) { 26187 return TRUNKS_RC_AUTHORIZATION_FAILED; 26188 } 26189 } 26190 return TPM_RC_SUCCESS; 26191 } 26192 26193 void ClearErrorCallback(const Tpm::ClearResponse& callback, 26194 TPM_RC response_code) { 26195 VLOG(1) << __func__; 26196 callback.Run(response_code); 26197 } 26198 26199 void ClearResponseParser(const Tpm::ClearResponse& callback, 26200 AuthorizationDelegate* authorization_delegate, 26201 const std::string& response) { 26202 VLOG(1) << __func__; 26203 base::Callback<void(TPM_RC)> error_reporter = 26204 base::Bind(ClearErrorCallback, callback); 26205 TPM_RC rc = Tpm::ParseResponse_Clear(response, authorization_delegate); 26206 if (rc != TPM_RC_SUCCESS) { 26207 error_reporter.Run(rc); 26208 return; 26209 } 26210 callback.Run(rc); 26211 } 26212 26213 void Tpm::Clear(const TPMI_RH_CLEAR& auth_handle, 26214 const std::string& auth_handle_name, 26215 AuthorizationDelegate* authorization_delegate, 26216 const ClearResponse& callback) { 26217 VLOG(1) << __func__; 26218 base::Callback<void(TPM_RC)> error_reporter = 26219 base::Bind(ClearErrorCallback, callback); 26220 base::Callback<void(const std::string&)> parser = 26221 base::Bind(ClearResponseParser, callback, authorization_delegate); 26222 std::string command; 26223 TPM_RC rc = SerializeCommand_Clear(auth_handle, auth_handle_name, &command, 26224 authorization_delegate); 26225 if (rc != TPM_RC_SUCCESS) { 26226 error_reporter.Run(rc); 26227 return; 26228 } 26229 transceiver_->SendCommand(command, parser); 26230 } 26231 26232 TPM_RC Tpm::ClearSync(const TPMI_RH_CLEAR& auth_handle, 26233 const std::string& auth_handle_name, 26234 AuthorizationDelegate* authorization_delegate) { 26235 VLOG(1) << __func__; 26236 std::string command; 26237 TPM_RC rc = SerializeCommand_Clear(auth_handle, auth_handle_name, &command, 26238 authorization_delegate); 26239 if (rc != TPM_RC_SUCCESS) { 26240 return rc; 26241 } 26242 std::string response = transceiver_->SendCommandAndWait(command); 26243 rc = ParseResponse_Clear(response, authorization_delegate); 26244 return rc; 26245 } 26246 26247 TPM_RC Tpm::SerializeCommand_ClearControl( 26248 const TPMI_RH_CLEAR& auth, 26249 const std::string& auth_name, 26250 const TPMI_YES_NO& disable, 26251 std::string* serialized_command, 26252 AuthorizationDelegate* authorization_delegate) { 26253 VLOG(3) << __func__; 26254 TPM_RC rc = TPM_RC_SUCCESS; 26255 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26256 UINT32 command_size = 10; // Header size. 26257 std::string handle_section_bytes; 26258 std::string parameter_section_bytes; 26259 TPM_CC command_code = TPM_CC_ClearControl; 26260 bool is_command_parameter_encryption_possible = false; 26261 bool is_response_parameter_encryption_possible = false; 26262 std::string command_code_bytes; 26263 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26264 if (rc != TPM_RC_SUCCESS) { 26265 return rc; 26266 } 26267 std::string auth_bytes; 26268 rc = Serialize_TPMI_RH_CLEAR(auth, &auth_bytes); 26269 if (rc != TPM_RC_SUCCESS) { 26270 return rc; 26271 } 26272 std::string disable_bytes; 26273 rc = Serialize_TPMI_YES_NO(disable, &disable_bytes); 26274 if (rc != TPM_RC_SUCCESS) { 26275 return rc; 26276 } 26277 std::unique_ptr<crypto::SecureHash> hash( 26278 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26279 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26280 hash->Update(auth_name.data(), auth_name.size()); 26281 handle_section_bytes += auth_bytes; 26282 command_size += auth_bytes.size(); 26283 hash->Update(disable_bytes.data(), disable_bytes.size()); 26284 parameter_section_bytes += disable_bytes; 26285 command_size += disable_bytes.size(); 26286 std::string command_hash(32, 0); 26287 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26288 std::string authorization_section_bytes; 26289 std::string authorization_size_bytes; 26290 if (authorization_delegate) { 26291 if (!authorization_delegate->GetCommandAuthorization( 26292 command_hash, is_command_parameter_encryption_possible, 26293 is_response_parameter_encryption_possible, 26294 &authorization_section_bytes)) { 26295 return TRUNKS_RC_AUTHORIZATION_FAILED; 26296 } 26297 if (!authorization_section_bytes.empty()) { 26298 tag = TPM_ST_SESSIONS; 26299 std::string tmp; 26300 rc = Serialize_UINT32(authorization_section_bytes.size(), 26301 &authorization_size_bytes); 26302 if (rc != TPM_RC_SUCCESS) { 26303 return rc; 26304 } 26305 command_size += 26306 authorization_size_bytes.size() + authorization_section_bytes.size(); 26307 } 26308 } 26309 std::string tag_bytes; 26310 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 26311 if (rc != TPM_RC_SUCCESS) { 26312 return rc; 26313 } 26314 std::string command_size_bytes; 26315 rc = Serialize_UINT32(command_size, &command_size_bytes); 26316 if (rc != TPM_RC_SUCCESS) { 26317 return rc; 26318 } 26319 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 26320 handle_section_bytes + authorization_size_bytes + 26321 authorization_section_bytes + parameter_section_bytes; 26322 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26323 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26324 serialized_command->size()); 26325 return TPM_RC_SUCCESS; 26326 } 26327 26328 TPM_RC Tpm::ParseResponse_ClearControl( 26329 const std::string& response, 26330 AuthorizationDelegate* authorization_delegate) { 26331 VLOG(3) << __func__; 26332 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26333 TPM_RC rc = TPM_RC_SUCCESS; 26334 std::string buffer(response); 26335 TPM_ST tag; 26336 std::string tag_bytes; 26337 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 26338 if (rc != TPM_RC_SUCCESS) { 26339 return rc; 26340 } 26341 UINT32 response_size; 26342 std::string response_size_bytes; 26343 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 26344 if (rc != TPM_RC_SUCCESS) { 26345 return rc; 26346 } 26347 TPM_RC response_code; 26348 std::string response_code_bytes; 26349 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 26350 if (rc != TPM_RC_SUCCESS) { 26351 return rc; 26352 } 26353 if (response_size != response.size()) { 26354 return TPM_RC_SIZE; 26355 } 26356 if (response_code != TPM_RC_SUCCESS) { 26357 return response_code; 26358 } 26359 TPM_CC command_code = TPM_CC_ClearControl; 26360 std::string command_code_bytes; 26361 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26362 if (rc != TPM_RC_SUCCESS) { 26363 return rc; 26364 } 26365 std::string authorization_section_bytes; 26366 if (tag == TPM_ST_SESSIONS) { 26367 UINT32 parameter_section_size = buffer.size(); 26368 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26369 if (rc != TPM_RC_SUCCESS) { 26370 return rc; 26371 } 26372 if (parameter_section_size > buffer.size()) { 26373 return TPM_RC_INSUFFICIENT; 26374 } 26375 authorization_section_bytes = buffer.substr(parameter_section_size); 26376 // Keep the parameter section in |buffer|. 26377 buffer.erase(parameter_section_size); 26378 } 26379 std::unique_ptr<crypto::SecureHash> hash( 26380 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26381 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 26382 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26383 hash->Update(buffer.data(), buffer.size()); 26384 std::string response_hash(32, 0); 26385 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26386 if (tag == TPM_ST_SESSIONS) { 26387 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26388 if (!authorization_delegate->CheckResponseAuthorization( 26389 response_hash, authorization_section_bytes)) { 26390 return TRUNKS_RC_AUTHORIZATION_FAILED; 26391 } 26392 } 26393 return TPM_RC_SUCCESS; 26394 } 26395 26396 void ClearControlErrorCallback(const Tpm::ClearControlResponse& callback, 26397 TPM_RC response_code) { 26398 VLOG(1) << __func__; 26399 callback.Run(response_code); 26400 } 26401 26402 void ClearControlResponseParser(const Tpm::ClearControlResponse& callback, 26403 AuthorizationDelegate* authorization_delegate, 26404 const std::string& response) { 26405 VLOG(1) << __func__; 26406 base::Callback<void(TPM_RC)> error_reporter = 26407 base::Bind(ClearControlErrorCallback, callback); 26408 TPM_RC rc = Tpm::ParseResponse_ClearControl(response, authorization_delegate); 26409 if (rc != TPM_RC_SUCCESS) { 26410 error_reporter.Run(rc); 26411 return; 26412 } 26413 callback.Run(rc); 26414 } 26415 26416 void Tpm::ClearControl(const TPMI_RH_CLEAR& auth, 26417 const std::string& auth_name, 26418 const TPMI_YES_NO& disable, 26419 AuthorizationDelegate* authorization_delegate, 26420 const ClearControlResponse& callback) { 26421 VLOG(1) << __func__; 26422 base::Callback<void(TPM_RC)> error_reporter = 26423 base::Bind(ClearControlErrorCallback, callback); 26424 base::Callback<void(const std::string&)> parser = 26425 base::Bind(ClearControlResponseParser, callback, authorization_delegate); 26426 std::string command; 26427 TPM_RC rc = SerializeCommand_ClearControl(auth, auth_name, disable, &command, 26428 authorization_delegate); 26429 if (rc != TPM_RC_SUCCESS) { 26430 error_reporter.Run(rc); 26431 return; 26432 } 26433 transceiver_->SendCommand(command, parser); 26434 } 26435 26436 TPM_RC Tpm::ClearControlSync(const TPMI_RH_CLEAR& auth, 26437 const std::string& auth_name, 26438 const TPMI_YES_NO& disable, 26439 AuthorizationDelegate* authorization_delegate) { 26440 VLOG(1) << __func__; 26441 std::string command; 26442 TPM_RC rc = SerializeCommand_ClearControl(auth, auth_name, disable, &command, 26443 authorization_delegate); 26444 if (rc != TPM_RC_SUCCESS) { 26445 return rc; 26446 } 26447 std::string response = transceiver_->SendCommandAndWait(command); 26448 rc = ParseResponse_ClearControl(response, authorization_delegate); 26449 return rc; 26450 } 26451 26452 TPM_RC Tpm::SerializeCommand_HierarchyChangeAuth( 26453 const TPMI_RH_HIERARCHY_AUTH& auth_handle, 26454 const std::string& auth_handle_name, 26455 const TPM2B_AUTH& new_auth, 26456 std::string* serialized_command, 26457 AuthorizationDelegate* authorization_delegate) { 26458 VLOG(3) << __func__; 26459 TPM_RC rc = TPM_RC_SUCCESS; 26460 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26461 UINT32 command_size = 10; // Header size. 26462 std::string handle_section_bytes; 26463 std::string parameter_section_bytes; 26464 TPM_CC command_code = TPM_CC_HierarchyChangeAuth; 26465 bool is_command_parameter_encryption_possible = true; 26466 bool is_response_parameter_encryption_possible = false; 26467 std::string command_code_bytes; 26468 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26469 if (rc != TPM_RC_SUCCESS) { 26470 return rc; 26471 } 26472 std::string auth_handle_bytes; 26473 rc = Serialize_TPMI_RH_HIERARCHY_AUTH(auth_handle, &auth_handle_bytes); 26474 if (rc != TPM_RC_SUCCESS) { 26475 return rc; 26476 } 26477 std::string new_auth_bytes; 26478 rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes); 26479 if (rc != TPM_RC_SUCCESS) { 26480 return rc; 26481 } 26482 if (authorization_delegate) { 26483 // Encrypt just the parameter data, not the size. 26484 std::string tmp = new_auth_bytes.substr(2); 26485 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 26486 return TRUNKS_RC_ENCRYPTION_FAILED; 26487 } 26488 new_auth_bytes.replace(2, std::string::npos, tmp); 26489 } 26490 std::unique_ptr<crypto::SecureHash> hash( 26491 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26492 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26493 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 26494 handle_section_bytes += auth_handle_bytes; 26495 command_size += auth_handle_bytes.size(); 26496 hash->Update(new_auth_bytes.data(), new_auth_bytes.size()); 26497 parameter_section_bytes += new_auth_bytes; 26498 command_size += new_auth_bytes.size(); 26499 std::string command_hash(32, 0); 26500 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26501 std::string authorization_section_bytes; 26502 std::string authorization_size_bytes; 26503 if (authorization_delegate) { 26504 if (!authorization_delegate->GetCommandAuthorization( 26505 command_hash, is_command_parameter_encryption_possible, 26506 is_response_parameter_encryption_possible, 26507 &authorization_section_bytes)) { 26508 return TRUNKS_RC_AUTHORIZATION_FAILED; 26509 } 26510 if (!authorization_section_bytes.empty()) { 26511 tag = TPM_ST_SESSIONS; 26512 std::string tmp; 26513 rc = Serialize_UINT32(authorization_section_bytes.size(), 26514 &authorization_size_bytes); 26515 if (rc != TPM_RC_SUCCESS) { 26516 return rc; 26517 } 26518 command_size += 26519 authorization_size_bytes.size() + authorization_section_bytes.size(); 26520 } 26521 } 26522 std::string tag_bytes; 26523 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 26524 if (rc != TPM_RC_SUCCESS) { 26525 return rc; 26526 } 26527 std::string command_size_bytes; 26528 rc = Serialize_UINT32(command_size, &command_size_bytes); 26529 if (rc != TPM_RC_SUCCESS) { 26530 return rc; 26531 } 26532 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 26533 handle_section_bytes + authorization_size_bytes + 26534 authorization_section_bytes + parameter_section_bytes; 26535 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26536 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26537 serialized_command->size()); 26538 return TPM_RC_SUCCESS; 26539 } 26540 26541 TPM_RC Tpm::ParseResponse_HierarchyChangeAuth( 26542 const std::string& response, 26543 AuthorizationDelegate* authorization_delegate) { 26544 VLOG(3) << __func__; 26545 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26546 TPM_RC rc = TPM_RC_SUCCESS; 26547 std::string buffer(response); 26548 TPM_ST tag; 26549 std::string tag_bytes; 26550 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 26551 if (rc != TPM_RC_SUCCESS) { 26552 return rc; 26553 } 26554 UINT32 response_size; 26555 std::string response_size_bytes; 26556 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 26557 if (rc != TPM_RC_SUCCESS) { 26558 return rc; 26559 } 26560 TPM_RC response_code; 26561 std::string response_code_bytes; 26562 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 26563 if (rc != TPM_RC_SUCCESS) { 26564 return rc; 26565 } 26566 if (response_size != response.size()) { 26567 return TPM_RC_SIZE; 26568 } 26569 if (response_code != TPM_RC_SUCCESS) { 26570 return response_code; 26571 } 26572 TPM_CC command_code = TPM_CC_HierarchyChangeAuth; 26573 std::string command_code_bytes; 26574 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26575 if (rc != TPM_RC_SUCCESS) { 26576 return rc; 26577 } 26578 std::string authorization_section_bytes; 26579 if (tag == TPM_ST_SESSIONS) { 26580 UINT32 parameter_section_size = buffer.size(); 26581 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26582 if (rc != TPM_RC_SUCCESS) { 26583 return rc; 26584 } 26585 if (parameter_section_size > buffer.size()) { 26586 return TPM_RC_INSUFFICIENT; 26587 } 26588 authorization_section_bytes = buffer.substr(parameter_section_size); 26589 // Keep the parameter section in |buffer|. 26590 buffer.erase(parameter_section_size); 26591 } 26592 std::unique_ptr<crypto::SecureHash> hash( 26593 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26594 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 26595 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26596 hash->Update(buffer.data(), buffer.size()); 26597 std::string response_hash(32, 0); 26598 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26599 if (tag == TPM_ST_SESSIONS) { 26600 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26601 if (!authorization_delegate->CheckResponseAuthorization( 26602 response_hash, authorization_section_bytes)) { 26603 return TRUNKS_RC_AUTHORIZATION_FAILED; 26604 } 26605 } 26606 return TPM_RC_SUCCESS; 26607 } 26608 26609 void HierarchyChangeAuthErrorCallback( 26610 const Tpm::HierarchyChangeAuthResponse& callback, 26611 TPM_RC response_code) { 26612 VLOG(1) << __func__; 26613 callback.Run(response_code); 26614 } 26615 26616 void HierarchyChangeAuthResponseParser( 26617 const Tpm::HierarchyChangeAuthResponse& callback, 26618 AuthorizationDelegate* authorization_delegate, 26619 const std::string& response) { 26620 VLOG(1) << __func__; 26621 base::Callback<void(TPM_RC)> error_reporter = 26622 base::Bind(HierarchyChangeAuthErrorCallback, callback); 26623 TPM_RC rc = 26624 Tpm::ParseResponse_HierarchyChangeAuth(response, authorization_delegate); 26625 if (rc != TPM_RC_SUCCESS) { 26626 error_reporter.Run(rc); 26627 return; 26628 } 26629 callback.Run(rc); 26630 } 26631 26632 void Tpm::HierarchyChangeAuth(const TPMI_RH_HIERARCHY_AUTH& auth_handle, 26633 const std::string& auth_handle_name, 26634 const TPM2B_AUTH& new_auth, 26635 AuthorizationDelegate* authorization_delegate, 26636 const HierarchyChangeAuthResponse& callback) { 26637 VLOG(1) << __func__; 26638 base::Callback<void(TPM_RC)> error_reporter = 26639 base::Bind(HierarchyChangeAuthErrorCallback, callback); 26640 base::Callback<void(const std::string&)> parser = base::Bind( 26641 HierarchyChangeAuthResponseParser, callback, authorization_delegate); 26642 std::string command; 26643 TPM_RC rc = SerializeCommand_HierarchyChangeAuth( 26644 auth_handle, auth_handle_name, new_auth, &command, 26645 authorization_delegate); 26646 if (rc != TPM_RC_SUCCESS) { 26647 error_reporter.Run(rc); 26648 return; 26649 } 26650 transceiver_->SendCommand(command, parser); 26651 } 26652 26653 TPM_RC Tpm::HierarchyChangeAuthSync( 26654 const TPMI_RH_HIERARCHY_AUTH& auth_handle, 26655 const std::string& auth_handle_name, 26656 const TPM2B_AUTH& new_auth, 26657 AuthorizationDelegate* authorization_delegate) { 26658 VLOG(1) << __func__; 26659 std::string command; 26660 TPM_RC rc = SerializeCommand_HierarchyChangeAuth( 26661 auth_handle, auth_handle_name, new_auth, &command, 26662 authorization_delegate); 26663 if (rc != TPM_RC_SUCCESS) { 26664 return rc; 26665 } 26666 std::string response = transceiver_->SendCommandAndWait(command); 26667 rc = ParseResponse_HierarchyChangeAuth(response, authorization_delegate); 26668 return rc; 26669 } 26670 26671 TPM_RC Tpm::SerializeCommand_DictionaryAttackLockReset( 26672 const TPMI_RH_LOCKOUT& lock_handle, 26673 const std::string& lock_handle_name, 26674 std::string* serialized_command, 26675 AuthorizationDelegate* authorization_delegate) { 26676 VLOG(3) << __func__; 26677 TPM_RC rc = TPM_RC_SUCCESS; 26678 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26679 UINT32 command_size = 10; // Header size. 26680 std::string handle_section_bytes; 26681 std::string parameter_section_bytes; 26682 TPM_CC command_code = TPM_CC_DictionaryAttackLockReset; 26683 bool is_command_parameter_encryption_possible = false; 26684 bool is_response_parameter_encryption_possible = false; 26685 std::string command_code_bytes; 26686 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26687 if (rc != TPM_RC_SUCCESS) { 26688 return rc; 26689 } 26690 std::string lock_handle_bytes; 26691 rc = Serialize_TPMI_RH_LOCKOUT(lock_handle, &lock_handle_bytes); 26692 if (rc != TPM_RC_SUCCESS) { 26693 return rc; 26694 } 26695 std::unique_ptr<crypto::SecureHash> hash( 26696 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26697 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26698 hash->Update(lock_handle_name.data(), lock_handle_name.size()); 26699 handle_section_bytes += lock_handle_bytes; 26700 command_size += lock_handle_bytes.size(); 26701 std::string command_hash(32, 0); 26702 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26703 std::string authorization_section_bytes; 26704 std::string authorization_size_bytes; 26705 if (authorization_delegate) { 26706 if (!authorization_delegate->GetCommandAuthorization( 26707 command_hash, is_command_parameter_encryption_possible, 26708 is_response_parameter_encryption_possible, 26709 &authorization_section_bytes)) { 26710 return TRUNKS_RC_AUTHORIZATION_FAILED; 26711 } 26712 if (!authorization_section_bytes.empty()) { 26713 tag = TPM_ST_SESSIONS; 26714 std::string tmp; 26715 rc = Serialize_UINT32(authorization_section_bytes.size(), 26716 &authorization_size_bytes); 26717 if (rc != TPM_RC_SUCCESS) { 26718 return rc; 26719 } 26720 command_size += 26721 authorization_size_bytes.size() + authorization_section_bytes.size(); 26722 } 26723 } 26724 std::string tag_bytes; 26725 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 26726 if (rc != TPM_RC_SUCCESS) { 26727 return rc; 26728 } 26729 std::string command_size_bytes; 26730 rc = Serialize_UINT32(command_size, &command_size_bytes); 26731 if (rc != TPM_RC_SUCCESS) { 26732 return rc; 26733 } 26734 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 26735 handle_section_bytes + authorization_size_bytes + 26736 authorization_section_bytes + parameter_section_bytes; 26737 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26738 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26739 serialized_command->size()); 26740 return TPM_RC_SUCCESS; 26741 } 26742 26743 TPM_RC Tpm::ParseResponse_DictionaryAttackLockReset( 26744 const std::string& response, 26745 AuthorizationDelegate* authorization_delegate) { 26746 VLOG(3) << __func__; 26747 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26748 TPM_RC rc = TPM_RC_SUCCESS; 26749 std::string buffer(response); 26750 TPM_ST tag; 26751 std::string tag_bytes; 26752 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 26753 if (rc != TPM_RC_SUCCESS) { 26754 return rc; 26755 } 26756 UINT32 response_size; 26757 std::string response_size_bytes; 26758 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 26759 if (rc != TPM_RC_SUCCESS) { 26760 return rc; 26761 } 26762 TPM_RC response_code; 26763 std::string response_code_bytes; 26764 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 26765 if (rc != TPM_RC_SUCCESS) { 26766 return rc; 26767 } 26768 if (response_size != response.size()) { 26769 return TPM_RC_SIZE; 26770 } 26771 if (response_code != TPM_RC_SUCCESS) { 26772 return response_code; 26773 } 26774 TPM_CC command_code = TPM_CC_DictionaryAttackLockReset; 26775 std::string command_code_bytes; 26776 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26777 if (rc != TPM_RC_SUCCESS) { 26778 return rc; 26779 } 26780 std::string authorization_section_bytes; 26781 if (tag == TPM_ST_SESSIONS) { 26782 UINT32 parameter_section_size = buffer.size(); 26783 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26784 if (rc != TPM_RC_SUCCESS) { 26785 return rc; 26786 } 26787 if (parameter_section_size > buffer.size()) { 26788 return TPM_RC_INSUFFICIENT; 26789 } 26790 authorization_section_bytes = buffer.substr(parameter_section_size); 26791 // Keep the parameter section in |buffer|. 26792 buffer.erase(parameter_section_size); 26793 } 26794 std::unique_ptr<crypto::SecureHash> hash( 26795 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26796 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 26797 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26798 hash->Update(buffer.data(), buffer.size()); 26799 std::string response_hash(32, 0); 26800 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26801 if (tag == TPM_ST_SESSIONS) { 26802 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26803 if (!authorization_delegate->CheckResponseAuthorization( 26804 response_hash, authorization_section_bytes)) { 26805 return TRUNKS_RC_AUTHORIZATION_FAILED; 26806 } 26807 } 26808 return TPM_RC_SUCCESS; 26809 } 26810 26811 void DictionaryAttackLockResetErrorCallback( 26812 const Tpm::DictionaryAttackLockResetResponse& callback, 26813 TPM_RC response_code) { 26814 VLOG(1) << __func__; 26815 callback.Run(response_code); 26816 } 26817 26818 void DictionaryAttackLockResetResponseParser( 26819 const Tpm::DictionaryAttackLockResetResponse& callback, 26820 AuthorizationDelegate* authorization_delegate, 26821 const std::string& response) { 26822 VLOG(1) << __func__; 26823 base::Callback<void(TPM_RC)> error_reporter = 26824 base::Bind(DictionaryAttackLockResetErrorCallback, callback); 26825 TPM_RC rc = Tpm::ParseResponse_DictionaryAttackLockReset( 26826 response, authorization_delegate); 26827 if (rc != TPM_RC_SUCCESS) { 26828 error_reporter.Run(rc); 26829 return; 26830 } 26831 callback.Run(rc); 26832 } 26833 26834 void Tpm::DictionaryAttackLockReset( 26835 const TPMI_RH_LOCKOUT& lock_handle, 26836 const std::string& lock_handle_name, 26837 AuthorizationDelegate* authorization_delegate, 26838 const DictionaryAttackLockResetResponse& callback) { 26839 VLOG(1) << __func__; 26840 base::Callback<void(TPM_RC)> error_reporter = 26841 base::Bind(DictionaryAttackLockResetErrorCallback, callback); 26842 base::Callback<void(const std::string&)> parser = 26843 base::Bind(DictionaryAttackLockResetResponseParser, callback, 26844 authorization_delegate); 26845 std::string command; 26846 TPM_RC rc = SerializeCommand_DictionaryAttackLockReset( 26847 lock_handle, lock_handle_name, &command, authorization_delegate); 26848 if (rc != TPM_RC_SUCCESS) { 26849 error_reporter.Run(rc); 26850 return; 26851 } 26852 transceiver_->SendCommand(command, parser); 26853 } 26854 26855 TPM_RC Tpm::DictionaryAttackLockResetSync( 26856 const TPMI_RH_LOCKOUT& lock_handle, 26857 const std::string& lock_handle_name, 26858 AuthorizationDelegate* authorization_delegate) { 26859 VLOG(1) << __func__; 26860 std::string command; 26861 TPM_RC rc = SerializeCommand_DictionaryAttackLockReset( 26862 lock_handle, lock_handle_name, &command, authorization_delegate); 26863 if (rc != TPM_RC_SUCCESS) { 26864 return rc; 26865 } 26866 std::string response = transceiver_->SendCommandAndWait(command); 26867 rc = 26868 ParseResponse_DictionaryAttackLockReset(response, authorization_delegate); 26869 return rc; 26870 } 26871 26872 TPM_RC Tpm::SerializeCommand_DictionaryAttackParameters( 26873 const TPMI_RH_LOCKOUT& lock_handle, 26874 const std::string& lock_handle_name, 26875 const UINT32& new_max_tries, 26876 const UINT32& new_recovery_time, 26877 const UINT32& lockout_recovery, 26878 std::string* serialized_command, 26879 AuthorizationDelegate* authorization_delegate) { 26880 VLOG(3) << __func__; 26881 TPM_RC rc = TPM_RC_SUCCESS; 26882 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26883 UINT32 command_size = 10; // Header size. 26884 std::string handle_section_bytes; 26885 std::string parameter_section_bytes; 26886 TPM_CC command_code = TPM_CC_DictionaryAttackParameters; 26887 bool is_command_parameter_encryption_possible = false; 26888 bool is_response_parameter_encryption_possible = false; 26889 std::string command_code_bytes; 26890 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 26891 if (rc != TPM_RC_SUCCESS) { 26892 return rc; 26893 } 26894 std::string lock_handle_bytes; 26895 rc = Serialize_TPMI_RH_LOCKOUT(lock_handle, &lock_handle_bytes); 26896 if (rc != TPM_RC_SUCCESS) { 26897 return rc; 26898 } 26899 std::string new_max_tries_bytes; 26900 rc = Serialize_UINT32(new_max_tries, &new_max_tries_bytes); 26901 if (rc != TPM_RC_SUCCESS) { 26902 return rc; 26903 } 26904 std::string new_recovery_time_bytes; 26905 rc = Serialize_UINT32(new_recovery_time, &new_recovery_time_bytes); 26906 if (rc != TPM_RC_SUCCESS) { 26907 return rc; 26908 } 26909 std::string lockout_recovery_bytes; 26910 rc = Serialize_UINT32(lockout_recovery, &lockout_recovery_bytes); 26911 if (rc != TPM_RC_SUCCESS) { 26912 return rc; 26913 } 26914 std::unique_ptr<crypto::SecureHash> hash( 26915 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 26916 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 26917 hash->Update(lock_handle_name.data(), lock_handle_name.size()); 26918 handle_section_bytes += lock_handle_bytes; 26919 command_size += lock_handle_bytes.size(); 26920 hash->Update(new_max_tries_bytes.data(), new_max_tries_bytes.size()); 26921 parameter_section_bytes += new_max_tries_bytes; 26922 command_size += new_max_tries_bytes.size(); 26923 hash->Update(new_recovery_time_bytes.data(), new_recovery_time_bytes.size()); 26924 parameter_section_bytes += new_recovery_time_bytes; 26925 command_size += new_recovery_time_bytes.size(); 26926 hash->Update(lockout_recovery_bytes.data(), lockout_recovery_bytes.size()); 26927 parameter_section_bytes += lockout_recovery_bytes; 26928 command_size += lockout_recovery_bytes.size(); 26929 std::string command_hash(32, 0); 26930 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26931 std::string authorization_section_bytes; 26932 std::string authorization_size_bytes; 26933 if (authorization_delegate) { 26934 if (!authorization_delegate->GetCommandAuthorization( 26935 command_hash, is_command_parameter_encryption_possible, 26936 is_response_parameter_encryption_possible, 26937 &authorization_section_bytes)) { 26938 return TRUNKS_RC_AUTHORIZATION_FAILED; 26939 } 26940 if (!authorization_section_bytes.empty()) { 26941 tag = TPM_ST_SESSIONS; 26942 std::string tmp; 26943 rc = Serialize_UINT32(authorization_section_bytes.size(), 26944 &authorization_size_bytes); 26945 if (rc != TPM_RC_SUCCESS) { 26946 return rc; 26947 } 26948 command_size += 26949 authorization_size_bytes.size() + authorization_section_bytes.size(); 26950 } 26951 } 26952 std::string tag_bytes; 26953 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 26954 if (rc != TPM_RC_SUCCESS) { 26955 return rc; 26956 } 26957 std::string command_size_bytes; 26958 rc = Serialize_UINT32(command_size, &command_size_bytes); 26959 if (rc != TPM_RC_SUCCESS) { 26960 return rc; 26961 } 26962 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 26963 handle_section_bytes + authorization_size_bytes + 26964 authorization_section_bytes + parameter_section_bytes; 26965 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26966 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26967 serialized_command->size()); 26968 return TPM_RC_SUCCESS; 26969 } 26970 26971 TPM_RC Tpm::ParseResponse_DictionaryAttackParameters( 26972 const std::string& response, 26973 AuthorizationDelegate* authorization_delegate) { 26974 VLOG(3) << __func__; 26975 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26976 TPM_RC rc = TPM_RC_SUCCESS; 26977 std::string buffer(response); 26978 TPM_ST tag; 26979 std::string tag_bytes; 26980 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 26981 if (rc != TPM_RC_SUCCESS) { 26982 return rc; 26983 } 26984 UINT32 response_size; 26985 std::string response_size_bytes; 26986 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 26987 if (rc != TPM_RC_SUCCESS) { 26988 return rc; 26989 } 26990 TPM_RC response_code; 26991 std::string response_code_bytes; 26992 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 26993 if (rc != TPM_RC_SUCCESS) { 26994 return rc; 26995 } 26996 if (response_size != response.size()) { 26997 return TPM_RC_SIZE; 26998 } 26999 if (response_code != TPM_RC_SUCCESS) { 27000 return response_code; 27001 } 27002 TPM_CC command_code = TPM_CC_DictionaryAttackParameters; 27003 std::string command_code_bytes; 27004 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27005 if (rc != TPM_RC_SUCCESS) { 27006 return rc; 27007 } 27008 std::string authorization_section_bytes; 27009 if (tag == TPM_ST_SESSIONS) { 27010 UINT32 parameter_section_size = buffer.size(); 27011 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27012 if (rc != TPM_RC_SUCCESS) { 27013 return rc; 27014 } 27015 if (parameter_section_size > buffer.size()) { 27016 return TPM_RC_INSUFFICIENT; 27017 } 27018 authorization_section_bytes = buffer.substr(parameter_section_size); 27019 // Keep the parameter section in |buffer|. 27020 buffer.erase(parameter_section_size); 27021 } 27022 std::unique_ptr<crypto::SecureHash> hash( 27023 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27024 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 27025 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27026 hash->Update(buffer.data(), buffer.size()); 27027 std::string response_hash(32, 0); 27028 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27029 if (tag == TPM_ST_SESSIONS) { 27030 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27031 if (!authorization_delegate->CheckResponseAuthorization( 27032 response_hash, authorization_section_bytes)) { 27033 return TRUNKS_RC_AUTHORIZATION_FAILED; 27034 } 27035 } 27036 return TPM_RC_SUCCESS; 27037 } 27038 27039 void DictionaryAttackParametersErrorCallback( 27040 const Tpm::DictionaryAttackParametersResponse& callback, 27041 TPM_RC response_code) { 27042 VLOG(1) << __func__; 27043 callback.Run(response_code); 27044 } 27045 27046 void DictionaryAttackParametersResponseParser( 27047 const Tpm::DictionaryAttackParametersResponse& callback, 27048 AuthorizationDelegate* authorization_delegate, 27049 const std::string& response) { 27050 VLOG(1) << __func__; 27051 base::Callback<void(TPM_RC)> error_reporter = 27052 base::Bind(DictionaryAttackParametersErrorCallback, callback); 27053 TPM_RC rc = Tpm::ParseResponse_DictionaryAttackParameters( 27054 response, authorization_delegate); 27055 if (rc != TPM_RC_SUCCESS) { 27056 error_reporter.Run(rc); 27057 return; 27058 } 27059 callback.Run(rc); 27060 } 27061 27062 void Tpm::DictionaryAttackParameters( 27063 const TPMI_RH_LOCKOUT& lock_handle, 27064 const std::string& lock_handle_name, 27065 const UINT32& new_max_tries, 27066 const UINT32& new_recovery_time, 27067 const UINT32& lockout_recovery, 27068 AuthorizationDelegate* authorization_delegate, 27069 const DictionaryAttackParametersResponse& callback) { 27070 VLOG(1) << __func__; 27071 base::Callback<void(TPM_RC)> error_reporter = 27072 base::Bind(DictionaryAttackParametersErrorCallback, callback); 27073 base::Callback<void(const std::string&)> parser = 27074 base::Bind(DictionaryAttackParametersResponseParser, callback, 27075 authorization_delegate); 27076 std::string command; 27077 TPM_RC rc = SerializeCommand_DictionaryAttackParameters( 27078 lock_handle, lock_handle_name, new_max_tries, new_recovery_time, 27079 lockout_recovery, &command, authorization_delegate); 27080 if (rc != TPM_RC_SUCCESS) { 27081 error_reporter.Run(rc); 27082 return; 27083 } 27084 transceiver_->SendCommand(command, parser); 27085 } 27086 27087 TPM_RC Tpm::DictionaryAttackParametersSync( 27088 const TPMI_RH_LOCKOUT& lock_handle, 27089 const std::string& lock_handle_name, 27090 const UINT32& new_max_tries, 27091 const UINT32& new_recovery_time, 27092 const UINT32& lockout_recovery, 27093 AuthorizationDelegate* authorization_delegate) { 27094 VLOG(1) << __func__; 27095 std::string command; 27096 TPM_RC rc = SerializeCommand_DictionaryAttackParameters( 27097 lock_handle, lock_handle_name, new_max_tries, new_recovery_time, 27098 lockout_recovery, &command, authorization_delegate); 27099 if (rc != TPM_RC_SUCCESS) { 27100 return rc; 27101 } 27102 std::string response = transceiver_->SendCommandAndWait(command); 27103 rc = ParseResponse_DictionaryAttackParameters(response, 27104 authorization_delegate); 27105 return rc; 27106 } 27107 27108 TPM_RC Tpm::SerializeCommand_PP_Commands( 27109 const TPMI_RH_PLATFORM& auth, 27110 const std::string& auth_name, 27111 const TPML_CC& set_list, 27112 const TPML_CC& clear_list, 27113 std::string* serialized_command, 27114 AuthorizationDelegate* authorization_delegate) { 27115 VLOG(3) << __func__; 27116 TPM_RC rc = TPM_RC_SUCCESS; 27117 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27118 UINT32 command_size = 10; // Header size. 27119 std::string handle_section_bytes; 27120 std::string parameter_section_bytes; 27121 TPM_CC command_code = TPM_CC_PP_Commands; 27122 bool is_command_parameter_encryption_possible = false; 27123 bool is_response_parameter_encryption_possible = false; 27124 std::string command_code_bytes; 27125 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27126 if (rc != TPM_RC_SUCCESS) { 27127 return rc; 27128 } 27129 std::string auth_bytes; 27130 rc = Serialize_TPMI_RH_PLATFORM(auth, &auth_bytes); 27131 if (rc != TPM_RC_SUCCESS) { 27132 return rc; 27133 } 27134 std::string set_list_bytes; 27135 rc = Serialize_TPML_CC(set_list, &set_list_bytes); 27136 if (rc != TPM_RC_SUCCESS) { 27137 return rc; 27138 } 27139 std::string clear_list_bytes; 27140 rc = Serialize_TPML_CC(clear_list, &clear_list_bytes); 27141 if (rc != TPM_RC_SUCCESS) { 27142 return rc; 27143 } 27144 std::unique_ptr<crypto::SecureHash> hash( 27145 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27146 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27147 hash->Update(auth_name.data(), auth_name.size()); 27148 handle_section_bytes += auth_bytes; 27149 command_size += auth_bytes.size(); 27150 hash->Update(set_list_bytes.data(), set_list_bytes.size()); 27151 parameter_section_bytes += set_list_bytes; 27152 command_size += set_list_bytes.size(); 27153 hash->Update(clear_list_bytes.data(), clear_list_bytes.size()); 27154 parameter_section_bytes += clear_list_bytes; 27155 command_size += clear_list_bytes.size(); 27156 std::string command_hash(32, 0); 27157 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27158 std::string authorization_section_bytes; 27159 std::string authorization_size_bytes; 27160 if (authorization_delegate) { 27161 if (!authorization_delegate->GetCommandAuthorization( 27162 command_hash, is_command_parameter_encryption_possible, 27163 is_response_parameter_encryption_possible, 27164 &authorization_section_bytes)) { 27165 return TRUNKS_RC_AUTHORIZATION_FAILED; 27166 } 27167 if (!authorization_section_bytes.empty()) { 27168 tag = TPM_ST_SESSIONS; 27169 std::string tmp; 27170 rc = Serialize_UINT32(authorization_section_bytes.size(), 27171 &authorization_size_bytes); 27172 if (rc != TPM_RC_SUCCESS) { 27173 return rc; 27174 } 27175 command_size += 27176 authorization_size_bytes.size() + authorization_section_bytes.size(); 27177 } 27178 } 27179 std::string tag_bytes; 27180 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 27181 if (rc != TPM_RC_SUCCESS) { 27182 return rc; 27183 } 27184 std::string command_size_bytes; 27185 rc = Serialize_UINT32(command_size, &command_size_bytes); 27186 if (rc != TPM_RC_SUCCESS) { 27187 return rc; 27188 } 27189 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 27190 handle_section_bytes + authorization_size_bytes + 27191 authorization_section_bytes + parameter_section_bytes; 27192 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27193 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27194 serialized_command->size()); 27195 return TPM_RC_SUCCESS; 27196 } 27197 27198 TPM_RC Tpm::ParseResponse_PP_Commands( 27199 const std::string& response, 27200 AuthorizationDelegate* authorization_delegate) { 27201 VLOG(3) << __func__; 27202 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27203 TPM_RC rc = TPM_RC_SUCCESS; 27204 std::string buffer(response); 27205 TPM_ST tag; 27206 std::string tag_bytes; 27207 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 27208 if (rc != TPM_RC_SUCCESS) { 27209 return rc; 27210 } 27211 UINT32 response_size; 27212 std::string response_size_bytes; 27213 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 27214 if (rc != TPM_RC_SUCCESS) { 27215 return rc; 27216 } 27217 TPM_RC response_code; 27218 std::string response_code_bytes; 27219 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 27220 if (rc != TPM_RC_SUCCESS) { 27221 return rc; 27222 } 27223 if (response_size != response.size()) { 27224 return TPM_RC_SIZE; 27225 } 27226 if (response_code != TPM_RC_SUCCESS) { 27227 return response_code; 27228 } 27229 TPM_CC command_code = TPM_CC_PP_Commands; 27230 std::string command_code_bytes; 27231 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27232 if (rc != TPM_RC_SUCCESS) { 27233 return rc; 27234 } 27235 std::string authorization_section_bytes; 27236 if (tag == TPM_ST_SESSIONS) { 27237 UINT32 parameter_section_size = buffer.size(); 27238 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27239 if (rc != TPM_RC_SUCCESS) { 27240 return rc; 27241 } 27242 if (parameter_section_size > buffer.size()) { 27243 return TPM_RC_INSUFFICIENT; 27244 } 27245 authorization_section_bytes = buffer.substr(parameter_section_size); 27246 // Keep the parameter section in |buffer|. 27247 buffer.erase(parameter_section_size); 27248 } 27249 std::unique_ptr<crypto::SecureHash> hash( 27250 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27251 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 27252 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27253 hash->Update(buffer.data(), buffer.size()); 27254 std::string response_hash(32, 0); 27255 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27256 if (tag == TPM_ST_SESSIONS) { 27257 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27258 if (!authorization_delegate->CheckResponseAuthorization( 27259 response_hash, authorization_section_bytes)) { 27260 return TRUNKS_RC_AUTHORIZATION_FAILED; 27261 } 27262 } 27263 return TPM_RC_SUCCESS; 27264 } 27265 27266 void PP_CommandsErrorCallback(const Tpm::PP_CommandsResponse& callback, 27267 TPM_RC response_code) { 27268 VLOG(1) << __func__; 27269 callback.Run(response_code); 27270 } 27271 27272 void PP_CommandsResponseParser(const Tpm::PP_CommandsResponse& callback, 27273 AuthorizationDelegate* authorization_delegate, 27274 const std::string& response) { 27275 VLOG(1) << __func__; 27276 base::Callback<void(TPM_RC)> error_reporter = 27277 base::Bind(PP_CommandsErrorCallback, callback); 27278 TPM_RC rc = Tpm::ParseResponse_PP_Commands(response, authorization_delegate); 27279 if (rc != TPM_RC_SUCCESS) { 27280 error_reporter.Run(rc); 27281 return; 27282 } 27283 callback.Run(rc); 27284 } 27285 27286 void Tpm::PP_Commands(const TPMI_RH_PLATFORM& auth, 27287 const std::string& auth_name, 27288 const TPML_CC& set_list, 27289 const TPML_CC& clear_list, 27290 AuthorizationDelegate* authorization_delegate, 27291 const PP_CommandsResponse& callback) { 27292 VLOG(1) << __func__; 27293 base::Callback<void(TPM_RC)> error_reporter = 27294 base::Bind(PP_CommandsErrorCallback, callback); 27295 base::Callback<void(const std::string&)> parser = 27296 base::Bind(PP_CommandsResponseParser, callback, authorization_delegate); 27297 std::string command; 27298 TPM_RC rc = SerializeCommand_PP_Commands( 27299 auth, auth_name, set_list, clear_list, &command, authorization_delegate); 27300 if (rc != TPM_RC_SUCCESS) { 27301 error_reporter.Run(rc); 27302 return; 27303 } 27304 transceiver_->SendCommand(command, parser); 27305 } 27306 27307 TPM_RC Tpm::PP_CommandsSync(const TPMI_RH_PLATFORM& auth, 27308 const std::string& auth_name, 27309 const TPML_CC& set_list, 27310 const TPML_CC& clear_list, 27311 AuthorizationDelegate* authorization_delegate) { 27312 VLOG(1) << __func__; 27313 std::string command; 27314 TPM_RC rc = SerializeCommand_PP_Commands( 27315 auth, auth_name, set_list, clear_list, &command, authorization_delegate); 27316 if (rc != TPM_RC_SUCCESS) { 27317 return rc; 27318 } 27319 std::string response = transceiver_->SendCommandAndWait(command); 27320 rc = ParseResponse_PP_Commands(response, authorization_delegate); 27321 return rc; 27322 } 27323 27324 TPM_RC Tpm::SerializeCommand_SetAlgorithmSet( 27325 const TPMI_RH_PLATFORM& auth_handle, 27326 const std::string& auth_handle_name, 27327 const UINT32& algorithm_set, 27328 std::string* serialized_command, 27329 AuthorizationDelegate* authorization_delegate) { 27330 VLOG(3) << __func__; 27331 TPM_RC rc = TPM_RC_SUCCESS; 27332 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27333 UINT32 command_size = 10; // Header size. 27334 std::string handle_section_bytes; 27335 std::string parameter_section_bytes; 27336 TPM_CC command_code = TPM_CC_SetAlgorithmSet; 27337 bool is_command_parameter_encryption_possible = false; 27338 bool is_response_parameter_encryption_possible = false; 27339 std::string command_code_bytes; 27340 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27341 if (rc != TPM_RC_SUCCESS) { 27342 return rc; 27343 } 27344 std::string auth_handle_bytes; 27345 rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes); 27346 if (rc != TPM_RC_SUCCESS) { 27347 return rc; 27348 } 27349 std::string algorithm_set_bytes; 27350 rc = Serialize_UINT32(algorithm_set, &algorithm_set_bytes); 27351 if (rc != TPM_RC_SUCCESS) { 27352 return rc; 27353 } 27354 std::unique_ptr<crypto::SecureHash> hash( 27355 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27356 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27357 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 27358 handle_section_bytes += auth_handle_bytes; 27359 command_size += auth_handle_bytes.size(); 27360 hash->Update(algorithm_set_bytes.data(), algorithm_set_bytes.size()); 27361 parameter_section_bytes += algorithm_set_bytes; 27362 command_size += algorithm_set_bytes.size(); 27363 std::string command_hash(32, 0); 27364 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27365 std::string authorization_section_bytes; 27366 std::string authorization_size_bytes; 27367 if (authorization_delegate) { 27368 if (!authorization_delegate->GetCommandAuthorization( 27369 command_hash, is_command_parameter_encryption_possible, 27370 is_response_parameter_encryption_possible, 27371 &authorization_section_bytes)) { 27372 return TRUNKS_RC_AUTHORIZATION_FAILED; 27373 } 27374 if (!authorization_section_bytes.empty()) { 27375 tag = TPM_ST_SESSIONS; 27376 std::string tmp; 27377 rc = Serialize_UINT32(authorization_section_bytes.size(), 27378 &authorization_size_bytes); 27379 if (rc != TPM_RC_SUCCESS) { 27380 return rc; 27381 } 27382 command_size += 27383 authorization_size_bytes.size() + authorization_section_bytes.size(); 27384 } 27385 } 27386 std::string tag_bytes; 27387 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 27388 if (rc != TPM_RC_SUCCESS) { 27389 return rc; 27390 } 27391 std::string command_size_bytes; 27392 rc = Serialize_UINT32(command_size, &command_size_bytes); 27393 if (rc != TPM_RC_SUCCESS) { 27394 return rc; 27395 } 27396 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 27397 handle_section_bytes + authorization_size_bytes + 27398 authorization_section_bytes + parameter_section_bytes; 27399 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27400 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27401 serialized_command->size()); 27402 return TPM_RC_SUCCESS; 27403 } 27404 27405 TPM_RC Tpm::ParseResponse_SetAlgorithmSet( 27406 const std::string& response, 27407 AuthorizationDelegate* authorization_delegate) { 27408 VLOG(3) << __func__; 27409 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27410 TPM_RC rc = TPM_RC_SUCCESS; 27411 std::string buffer(response); 27412 TPM_ST tag; 27413 std::string tag_bytes; 27414 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 27415 if (rc != TPM_RC_SUCCESS) { 27416 return rc; 27417 } 27418 UINT32 response_size; 27419 std::string response_size_bytes; 27420 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 27421 if (rc != TPM_RC_SUCCESS) { 27422 return rc; 27423 } 27424 TPM_RC response_code; 27425 std::string response_code_bytes; 27426 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 27427 if (rc != TPM_RC_SUCCESS) { 27428 return rc; 27429 } 27430 if (response_size != response.size()) { 27431 return TPM_RC_SIZE; 27432 } 27433 if (response_code != TPM_RC_SUCCESS) { 27434 return response_code; 27435 } 27436 TPM_CC command_code = TPM_CC_SetAlgorithmSet; 27437 std::string command_code_bytes; 27438 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27439 if (rc != TPM_RC_SUCCESS) { 27440 return rc; 27441 } 27442 std::string authorization_section_bytes; 27443 if (tag == TPM_ST_SESSIONS) { 27444 UINT32 parameter_section_size = buffer.size(); 27445 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27446 if (rc != TPM_RC_SUCCESS) { 27447 return rc; 27448 } 27449 if (parameter_section_size > buffer.size()) { 27450 return TPM_RC_INSUFFICIENT; 27451 } 27452 authorization_section_bytes = buffer.substr(parameter_section_size); 27453 // Keep the parameter section in |buffer|. 27454 buffer.erase(parameter_section_size); 27455 } 27456 std::unique_ptr<crypto::SecureHash> hash( 27457 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27458 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 27459 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27460 hash->Update(buffer.data(), buffer.size()); 27461 std::string response_hash(32, 0); 27462 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27463 if (tag == TPM_ST_SESSIONS) { 27464 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27465 if (!authorization_delegate->CheckResponseAuthorization( 27466 response_hash, authorization_section_bytes)) { 27467 return TRUNKS_RC_AUTHORIZATION_FAILED; 27468 } 27469 } 27470 return TPM_RC_SUCCESS; 27471 } 27472 27473 void SetAlgorithmSetErrorCallback(const Tpm::SetAlgorithmSetResponse& callback, 27474 TPM_RC response_code) { 27475 VLOG(1) << __func__; 27476 callback.Run(response_code); 27477 } 27478 27479 void SetAlgorithmSetResponseParser( 27480 const Tpm::SetAlgorithmSetResponse& callback, 27481 AuthorizationDelegate* authorization_delegate, 27482 const std::string& response) { 27483 VLOG(1) << __func__; 27484 base::Callback<void(TPM_RC)> error_reporter = 27485 base::Bind(SetAlgorithmSetErrorCallback, callback); 27486 TPM_RC rc = 27487 Tpm::ParseResponse_SetAlgorithmSet(response, authorization_delegate); 27488 if (rc != TPM_RC_SUCCESS) { 27489 error_reporter.Run(rc); 27490 return; 27491 } 27492 callback.Run(rc); 27493 } 27494 27495 void Tpm::SetAlgorithmSet(const TPMI_RH_PLATFORM& auth_handle, 27496 const std::string& auth_handle_name, 27497 const UINT32& algorithm_set, 27498 AuthorizationDelegate* authorization_delegate, 27499 const SetAlgorithmSetResponse& callback) { 27500 VLOG(1) << __func__; 27501 base::Callback<void(TPM_RC)> error_reporter = 27502 base::Bind(SetAlgorithmSetErrorCallback, callback); 27503 base::Callback<void(const std::string&)> parser = base::Bind( 27504 SetAlgorithmSetResponseParser, callback, authorization_delegate); 27505 std::string command; 27506 TPM_RC rc = SerializeCommand_SetAlgorithmSet(auth_handle, auth_handle_name, 27507 algorithm_set, &command, 27508 authorization_delegate); 27509 if (rc != TPM_RC_SUCCESS) { 27510 error_reporter.Run(rc); 27511 return; 27512 } 27513 transceiver_->SendCommand(command, parser); 27514 } 27515 27516 TPM_RC Tpm::SetAlgorithmSetSync(const TPMI_RH_PLATFORM& auth_handle, 27517 const std::string& auth_handle_name, 27518 const UINT32& algorithm_set, 27519 AuthorizationDelegate* authorization_delegate) { 27520 VLOG(1) << __func__; 27521 std::string command; 27522 TPM_RC rc = SerializeCommand_SetAlgorithmSet(auth_handle, auth_handle_name, 27523 algorithm_set, &command, 27524 authorization_delegate); 27525 if (rc != TPM_RC_SUCCESS) { 27526 return rc; 27527 } 27528 std::string response = transceiver_->SendCommandAndWait(command); 27529 rc = ParseResponse_SetAlgorithmSet(response, authorization_delegate); 27530 return rc; 27531 } 27532 27533 TPM_RC Tpm::SerializeCommand_FieldUpgradeStart( 27534 const TPMI_RH_PLATFORM& authorization, 27535 const std::string& authorization_name, 27536 const TPMI_DH_OBJECT& key_handle, 27537 const std::string& key_handle_name, 27538 const TPM2B_DIGEST& fu_digest, 27539 const TPMT_SIGNATURE& manifest_signature, 27540 std::string* serialized_command, 27541 AuthorizationDelegate* authorization_delegate) { 27542 VLOG(3) << __func__; 27543 TPM_RC rc = TPM_RC_SUCCESS; 27544 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27545 UINT32 command_size = 10; // Header size. 27546 std::string handle_section_bytes; 27547 std::string parameter_section_bytes; 27548 TPM_CC command_code = TPM_CC_FieldUpgradeStart; 27549 bool is_command_parameter_encryption_possible = true; 27550 bool is_response_parameter_encryption_possible = false; 27551 std::string command_code_bytes; 27552 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27553 if (rc != TPM_RC_SUCCESS) { 27554 return rc; 27555 } 27556 std::string authorization_bytes; 27557 rc = Serialize_TPMI_RH_PLATFORM(authorization, &authorization_bytes); 27558 if (rc != TPM_RC_SUCCESS) { 27559 return rc; 27560 } 27561 std::string key_handle_bytes; 27562 rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes); 27563 if (rc != TPM_RC_SUCCESS) { 27564 return rc; 27565 } 27566 std::string fu_digest_bytes; 27567 rc = Serialize_TPM2B_DIGEST(fu_digest, &fu_digest_bytes); 27568 if (rc != TPM_RC_SUCCESS) { 27569 return rc; 27570 } 27571 std::string manifest_signature_bytes; 27572 rc = Serialize_TPMT_SIGNATURE(manifest_signature, &manifest_signature_bytes); 27573 if (rc != TPM_RC_SUCCESS) { 27574 return rc; 27575 } 27576 if (authorization_delegate) { 27577 // Encrypt just the parameter data, not the size. 27578 std::string tmp = fu_digest_bytes.substr(2); 27579 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 27580 return TRUNKS_RC_ENCRYPTION_FAILED; 27581 } 27582 fu_digest_bytes.replace(2, std::string::npos, tmp); 27583 } 27584 std::unique_ptr<crypto::SecureHash> hash( 27585 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27586 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27587 hash->Update(authorization_name.data(), authorization_name.size()); 27588 handle_section_bytes += authorization_bytes; 27589 command_size += authorization_bytes.size(); 27590 hash->Update(key_handle_name.data(), key_handle_name.size()); 27591 handle_section_bytes += key_handle_bytes; 27592 command_size += key_handle_bytes.size(); 27593 hash->Update(fu_digest_bytes.data(), fu_digest_bytes.size()); 27594 parameter_section_bytes += fu_digest_bytes; 27595 command_size += fu_digest_bytes.size(); 27596 hash->Update(manifest_signature_bytes.data(), 27597 manifest_signature_bytes.size()); 27598 parameter_section_bytes += manifest_signature_bytes; 27599 command_size += manifest_signature_bytes.size(); 27600 std::string command_hash(32, 0); 27601 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27602 std::string authorization_section_bytes; 27603 std::string authorization_size_bytes; 27604 if (authorization_delegate) { 27605 if (!authorization_delegate->GetCommandAuthorization( 27606 command_hash, is_command_parameter_encryption_possible, 27607 is_response_parameter_encryption_possible, 27608 &authorization_section_bytes)) { 27609 return TRUNKS_RC_AUTHORIZATION_FAILED; 27610 } 27611 if (!authorization_section_bytes.empty()) { 27612 tag = TPM_ST_SESSIONS; 27613 std::string tmp; 27614 rc = Serialize_UINT32(authorization_section_bytes.size(), 27615 &authorization_size_bytes); 27616 if (rc != TPM_RC_SUCCESS) { 27617 return rc; 27618 } 27619 command_size += 27620 authorization_size_bytes.size() + authorization_section_bytes.size(); 27621 } 27622 } 27623 std::string tag_bytes; 27624 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 27625 if (rc != TPM_RC_SUCCESS) { 27626 return rc; 27627 } 27628 std::string command_size_bytes; 27629 rc = Serialize_UINT32(command_size, &command_size_bytes); 27630 if (rc != TPM_RC_SUCCESS) { 27631 return rc; 27632 } 27633 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 27634 handle_section_bytes + authorization_size_bytes + 27635 authorization_section_bytes + parameter_section_bytes; 27636 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27637 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27638 serialized_command->size()); 27639 return TPM_RC_SUCCESS; 27640 } 27641 27642 TPM_RC Tpm::ParseResponse_FieldUpgradeStart( 27643 const std::string& response, 27644 AuthorizationDelegate* authorization_delegate) { 27645 VLOG(3) << __func__; 27646 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27647 TPM_RC rc = TPM_RC_SUCCESS; 27648 std::string buffer(response); 27649 TPM_ST tag; 27650 std::string tag_bytes; 27651 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 27652 if (rc != TPM_RC_SUCCESS) { 27653 return rc; 27654 } 27655 UINT32 response_size; 27656 std::string response_size_bytes; 27657 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 27658 if (rc != TPM_RC_SUCCESS) { 27659 return rc; 27660 } 27661 TPM_RC response_code; 27662 std::string response_code_bytes; 27663 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 27664 if (rc != TPM_RC_SUCCESS) { 27665 return rc; 27666 } 27667 if (response_size != response.size()) { 27668 return TPM_RC_SIZE; 27669 } 27670 if (response_code != TPM_RC_SUCCESS) { 27671 return response_code; 27672 } 27673 TPM_CC command_code = TPM_CC_FieldUpgradeStart; 27674 std::string command_code_bytes; 27675 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27676 if (rc != TPM_RC_SUCCESS) { 27677 return rc; 27678 } 27679 std::string authorization_section_bytes; 27680 if (tag == TPM_ST_SESSIONS) { 27681 UINT32 parameter_section_size = buffer.size(); 27682 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27683 if (rc != TPM_RC_SUCCESS) { 27684 return rc; 27685 } 27686 if (parameter_section_size > buffer.size()) { 27687 return TPM_RC_INSUFFICIENT; 27688 } 27689 authorization_section_bytes = buffer.substr(parameter_section_size); 27690 // Keep the parameter section in |buffer|. 27691 buffer.erase(parameter_section_size); 27692 } 27693 std::unique_ptr<crypto::SecureHash> hash( 27694 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27695 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 27696 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27697 hash->Update(buffer.data(), buffer.size()); 27698 std::string response_hash(32, 0); 27699 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27700 if (tag == TPM_ST_SESSIONS) { 27701 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27702 if (!authorization_delegate->CheckResponseAuthorization( 27703 response_hash, authorization_section_bytes)) { 27704 return TRUNKS_RC_AUTHORIZATION_FAILED; 27705 } 27706 } 27707 return TPM_RC_SUCCESS; 27708 } 27709 27710 void FieldUpgradeStartErrorCallback( 27711 const Tpm::FieldUpgradeStartResponse& callback, 27712 TPM_RC response_code) { 27713 VLOG(1) << __func__; 27714 callback.Run(response_code); 27715 } 27716 27717 void FieldUpgradeStartResponseParser( 27718 const Tpm::FieldUpgradeStartResponse& callback, 27719 AuthorizationDelegate* authorization_delegate, 27720 const std::string& response) { 27721 VLOG(1) << __func__; 27722 base::Callback<void(TPM_RC)> error_reporter = 27723 base::Bind(FieldUpgradeStartErrorCallback, callback); 27724 TPM_RC rc = 27725 Tpm::ParseResponse_FieldUpgradeStart(response, authorization_delegate); 27726 if (rc != TPM_RC_SUCCESS) { 27727 error_reporter.Run(rc); 27728 return; 27729 } 27730 callback.Run(rc); 27731 } 27732 27733 void Tpm::FieldUpgradeStart(const TPMI_RH_PLATFORM& authorization, 27734 const std::string& authorization_name, 27735 const TPMI_DH_OBJECT& key_handle, 27736 const std::string& key_handle_name, 27737 const TPM2B_DIGEST& fu_digest, 27738 const TPMT_SIGNATURE& manifest_signature, 27739 AuthorizationDelegate* authorization_delegate, 27740 const FieldUpgradeStartResponse& callback) { 27741 VLOG(1) << __func__; 27742 base::Callback<void(TPM_RC)> error_reporter = 27743 base::Bind(FieldUpgradeStartErrorCallback, callback); 27744 base::Callback<void(const std::string&)> parser = base::Bind( 27745 FieldUpgradeStartResponseParser, callback, authorization_delegate); 27746 std::string command; 27747 TPM_RC rc = SerializeCommand_FieldUpgradeStart( 27748 authorization, authorization_name, key_handle, key_handle_name, fu_digest, 27749 manifest_signature, &command, authorization_delegate); 27750 if (rc != TPM_RC_SUCCESS) { 27751 error_reporter.Run(rc); 27752 return; 27753 } 27754 transceiver_->SendCommand(command, parser); 27755 } 27756 27757 TPM_RC Tpm::FieldUpgradeStartSync( 27758 const TPMI_RH_PLATFORM& authorization, 27759 const std::string& authorization_name, 27760 const TPMI_DH_OBJECT& key_handle, 27761 const std::string& key_handle_name, 27762 const TPM2B_DIGEST& fu_digest, 27763 const TPMT_SIGNATURE& manifest_signature, 27764 AuthorizationDelegate* authorization_delegate) { 27765 VLOG(1) << __func__; 27766 std::string command; 27767 TPM_RC rc = SerializeCommand_FieldUpgradeStart( 27768 authorization, authorization_name, key_handle, key_handle_name, fu_digest, 27769 manifest_signature, &command, authorization_delegate); 27770 if (rc != TPM_RC_SUCCESS) { 27771 return rc; 27772 } 27773 std::string response = transceiver_->SendCommandAndWait(command); 27774 rc = ParseResponse_FieldUpgradeStart(response, authorization_delegate); 27775 return rc; 27776 } 27777 27778 TPM_RC Tpm::SerializeCommand_FieldUpgradeData( 27779 const TPM2B_MAX_BUFFER& fu_data, 27780 std::string* serialized_command, 27781 AuthorizationDelegate* authorization_delegate) { 27782 VLOG(3) << __func__; 27783 TPM_RC rc = TPM_RC_SUCCESS; 27784 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27785 UINT32 command_size = 10; // Header size. 27786 std::string handle_section_bytes; 27787 std::string parameter_section_bytes; 27788 TPM_CC command_code = TPM_CC_FieldUpgradeData; 27789 bool is_command_parameter_encryption_possible = true; 27790 bool is_response_parameter_encryption_possible = false; 27791 std::string command_code_bytes; 27792 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27793 if (rc != TPM_RC_SUCCESS) { 27794 return rc; 27795 } 27796 std::string fu_data_bytes; 27797 rc = Serialize_TPM2B_MAX_BUFFER(fu_data, &fu_data_bytes); 27798 if (rc != TPM_RC_SUCCESS) { 27799 return rc; 27800 } 27801 if (authorization_delegate) { 27802 // Encrypt just the parameter data, not the size. 27803 std::string tmp = fu_data_bytes.substr(2); 27804 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 27805 return TRUNKS_RC_ENCRYPTION_FAILED; 27806 } 27807 fu_data_bytes.replace(2, std::string::npos, tmp); 27808 } 27809 std::unique_ptr<crypto::SecureHash> hash( 27810 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27811 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27812 hash->Update(fu_data_bytes.data(), fu_data_bytes.size()); 27813 parameter_section_bytes += fu_data_bytes; 27814 command_size += fu_data_bytes.size(); 27815 std::string command_hash(32, 0); 27816 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27817 std::string authorization_section_bytes; 27818 std::string authorization_size_bytes; 27819 if (authorization_delegate) { 27820 if (!authorization_delegate->GetCommandAuthorization( 27821 command_hash, is_command_parameter_encryption_possible, 27822 is_response_parameter_encryption_possible, 27823 &authorization_section_bytes)) { 27824 return TRUNKS_RC_AUTHORIZATION_FAILED; 27825 } 27826 if (!authorization_section_bytes.empty()) { 27827 tag = TPM_ST_SESSIONS; 27828 std::string tmp; 27829 rc = Serialize_UINT32(authorization_section_bytes.size(), 27830 &authorization_size_bytes); 27831 if (rc != TPM_RC_SUCCESS) { 27832 return rc; 27833 } 27834 command_size += 27835 authorization_size_bytes.size() + authorization_section_bytes.size(); 27836 } 27837 } 27838 std::string tag_bytes; 27839 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 27840 if (rc != TPM_RC_SUCCESS) { 27841 return rc; 27842 } 27843 std::string command_size_bytes; 27844 rc = Serialize_UINT32(command_size, &command_size_bytes); 27845 if (rc != TPM_RC_SUCCESS) { 27846 return rc; 27847 } 27848 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 27849 handle_section_bytes + authorization_size_bytes + 27850 authorization_section_bytes + parameter_section_bytes; 27851 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27852 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27853 serialized_command->size()); 27854 return TPM_RC_SUCCESS; 27855 } 27856 27857 TPM_RC Tpm::ParseResponse_FieldUpgradeData( 27858 const std::string& response, 27859 TPMT_HA* next_digest, 27860 TPMT_HA* first_digest, 27861 AuthorizationDelegate* authorization_delegate) { 27862 VLOG(3) << __func__; 27863 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27864 TPM_RC rc = TPM_RC_SUCCESS; 27865 std::string buffer(response); 27866 TPM_ST tag; 27867 std::string tag_bytes; 27868 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 27869 if (rc != TPM_RC_SUCCESS) { 27870 return rc; 27871 } 27872 UINT32 response_size; 27873 std::string response_size_bytes; 27874 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 27875 if (rc != TPM_RC_SUCCESS) { 27876 return rc; 27877 } 27878 TPM_RC response_code; 27879 std::string response_code_bytes; 27880 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 27881 if (rc != TPM_RC_SUCCESS) { 27882 return rc; 27883 } 27884 if (response_size != response.size()) { 27885 return TPM_RC_SIZE; 27886 } 27887 if (response_code != TPM_RC_SUCCESS) { 27888 return response_code; 27889 } 27890 TPM_CC command_code = TPM_CC_FieldUpgradeData; 27891 std::string command_code_bytes; 27892 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 27893 if (rc != TPM_RC_SUCCESS) { 27894 return rc; 27895 } 27896 std::string authorization_section_bytes; 27897 if (tag == TPM_ST_SESSIONS) { 27898 UINT32 parameter_section_size = buffer.size(); 27899 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27900 if (rc != TPM_RC_SUCCESS) { 27901 return rc; 27902 } 27903 if (parameter_section_size > buffer.size()) { 27904 return TPM_RC_INSUFFICIENT; 27905 } 27906 authorization_section_bytes = buffer.substr(parameter_section_size); 27907 // Keep the parameter section in |buffer|. 27908 buffer.erase(parameter_section_size); 27909 } 27910 std::unique_ptr<crypto::SecureHash> hash( 27911 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 27912 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 27913 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 27914 hash->Update(buffer.data(), buffer.size()); 27915 std::string response_hash(32, 0); 27916 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27917 if (tag == TPM_ST_SESSIONS) { 27918 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27919 if (!authorization_delegate->CheckResponseAuthorization( 27920 response_hash, authorization_section_bytes)) { 27921 return TRUNKS_RC_AUTHORIZATION_FAILED; 27922 } 27923 } 27924 std::string next_digest_bytes; 27925 rc = Parse_TPMT_HA(&buffer, next_digest, &next_digest_bytes); 27926 if (rc != TPM_RC_SUCCESS) { 27927 return rc; 27928 } 27929 std::string first_digest_bytes; 27930 rc = Parse_TPMT_HA(&buffer, first_digest, &first_digest_bytes); 27931 if (rc != TPM_RC_SUCCESS) { 27932 return rc; 27933 } 27934 return TPM_RC_SUCCESS; 27935 } 27936 27937 void FieldUpgradeDataErrorCallback( 27938 const Tpm::FieldUpgradeDataResponse& callback, 27939 TPM_RC response_code) { 27940 VLOG(1) << __func__; 27941 callback.Run(response_code, TPMT_HA(), TPMT_HA()); 27942 } 27943 27944 void FieldUpgradeDataResponseParser( 27945 const Tpm::FieldUpgradeDataResponse& callback, 27946 AuthorizationDelegate* authorization_delegate, 27947 const std::string& response) { 27948 VLOG(1) << __func__; 27949 base::Callback<void(TPM_RC)> error_reporter = 27950 base::Bind(FieldUpgradeDataErrorCallback, callback); 27951 TPMT_HA next_digest; 27952 TPMT_HA first_digest; 27953 TPM_RC rc = Tpm::ParseResponse_FieldUpgradeData( 27954 response, &next_digest, &first_digest, authorization_delegate); 27955 if (rc != TPM_RC_SUCCESS) { 27956 error_reporter.Run(rc); 27957 return; 27958 } 27959 callback.Run(rc, next_digest, first_digest); 27960 } 27961 27962 void Tpm::FieldUpgradeData(const TPM2B_MAX_BUFFER& fu_data, 27963 AuthorizationDelegate* authorization_delegate, 27964 const FieldUpgradeDataResponse& callback) { 27965 VLOG(1) << __func__; 27966 base::Callback<void(TPM_RC)> error_reporter = 27967 base::Bind(FieldUpgradeDataErrorCallback, callback); 27968 base::Callback<void(const std::string&)> parser = base::Bind( 27969 FieldUpgradeDataResponseParser, callback, authorization_delegate); 27970 std::string command; 27971 TPM_RC rc = SerializeCommand_FieldUpgradeData(fu_data, &command, 27972 authorization_delegate); 27973 if (rc != TPM_RC_SUCCESS) { 27974 error_reporter.Run(rc); 27975 return; 27976 } 27977 transceiver_->SendCommand(command, parser); 27978 } 27979 27980 TPM_RC Tpm::FieldUpgradeDataSync( 27981 const TPM2B_MAX_BUFFER& fu_data, 27982 TPMT_HA* next_digest, 27983 TPMT_HA* first_digest, 27984 AuthorizationDelegate* authorization_delegate) { 27985 VLOG(1) << __func__; 27986 std::string command; 27987 TPM_RC rc = SerializeCommand_FieldUpgradeData(fu_data, &command, 27988 authorization_delegate); 27989 if (rc != TPM_RC_SUCCESS) { 27990 return rc; 27991 } 27992 std::string response = transceiver_->SendCommandAndWait(command); 27993 rc = ParseResponse_FieldUpgradeData(response, next_digest, first_digest, 27994 authorization_delegate); 27995 return rc; 27996 } 27997 27998 TPM_RC Tpm::SerializeCommand_FirmwareRead( 27999 const UINT32& sequence_number, 28000 std::string* serialized_command, 28001 AuthorizationDelegate* authorization_delegate) { 28002 VLOG(3) << __func__; 28003 TPM_RC rc = TPM_RC_SUCCESS; 28004 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28005 UINT32 command_size = 10; // Header size. 28006 std::string handle_section_bytes; 28007 std::string parameter_section_bytes; 28008 TPM_CC command_code = TPM_CC_FirmwareRead; 28009 bool is_command_parameter_encryption_possible = false; 28010 bool is_response_parameter_encryption_possible = true; 28011 std::string command_code_bytes; 28012 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28013 if (rc != TPM_RC_SUCCESS) { 28014 return rc; 28015 } 28016 std::string sequence_number_bytes; 28017 rc = Serialize_UINT32(sequence_number, &sequence_number_bytes); 28018 if (rc != TPM_RC_SUCCESS) { 28019 return rc; 28020 } 28021 std::unique_ptr<crypto::SecureHash> hash( 28022 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28023 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28024 hash->Update(sequence_number_bytes.data(), sequence_number_bytes.size()); 28025 parameter_section_bytes += sequence_number_bytes; 28026 command_size += sequence_number_bytes.size(); 28027 std::string command_hash(32, 0); 28028 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28029 std::string authorization_section_bytes; 28030 std::string authorization_size_bytes; 28031 if (authorization_delegate) { 28032 if (!authorization_delegate->GetCommandAuthorization( 28033 command_hash, is_command_parameter_encryption_possible, 28034 is_response_parameter_encryption_possible, 28035 &authorization_section_bytes)) { 28036 return TRUNKS_RC_AUTHORIZATION_FAILED; 28037 } 28038 if (!authorization_section_bytes.empty()) { 28039 tag = TPM_ST_SESSIONS; 28040 std::string tmp; 28041 rc = Serialize_UINT32(authorization_section_bytes.size(), 28042 &authorization_size_bytes); 28043 if (rc != TPM_RC_SUCCESS) { 28044 return rc; 28045 } 28046 command_size += 28047 authorization_size_bytes.size() + authorization_section_bytes.size(); 28048 } 28049 } 28050 std::string tag_bytes; 28051 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 28052 if (rc != TPM_RC_SUCCESS) { 28053 return rc; 28054 } 28055 std::string command_size_bytes; 28056 rc = Serialize_UINT32(command_size, &command_size_bytes); 28057 if (rc != TPM_RC_SUCCESS) { 28058 return rc; 28059 } 28060 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 28061 handle_section_bytes + authorization_size_bytes + 28062 authorization_section_bytes + parameter_section_bytes; 28063 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28064 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28065 serialized_command->size()); 28066 return TPM_RC_SUCCESS; 28067 } 28068 28069 TPM_RC Tpm::ParseResponse_FirmwareRead( 28070 const std::string& response, 28071 TPM2B_MAX_BUFFER* fu_data, 28072 AuthorizationDelegate* authorization_delegate) { 28073 VLOG(3) << __func__; 28074 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28075 TPM_RC rc = TPM_RC_SUCCESS; 28076 std::string buffer(response); 28077 TPM_ST tag; 28078 std::string tag_bytes; 28079 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 28080 if (rc != TPM_RC_SUCCESS) { 28081 return rc; 28082 } 28083 UINT32 response_size; 28084 std::string response_size_bytes; 28085 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 28086 if (rc != TPM_RC_SUCCESS) { 28087 return rc; 28088 } 28089 TPM_RC response_code; 28090 std::string response_code_bytes; 28091 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 28092 if (rc != TPM_RC_SUCCESS) { 28093 return rc; 28094 } 28095 if (response_size != response.size()) { 28096 return TPM_RC_SIZE; 28097 } 28098 if (response_code != TPM_RC_SUCCESS) { 28099 return response_code; 28100 } 28101 TPM_CC command_code = TPM_CC_FirmwareRead; 28102 std::string command_code_bytes; 28103 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28104 if (rc != TPM_RC_SUCCESS) { 28105 return rc; 28106 } 28107 std::string authorization_section_bytes; 28108 if (tag == TPM_ST_SESSIONS) { 28109 UINT32 parameter_section_size = buffer.size(); 28110 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28111 if (rc != TPM_RC_SUCCESS) { 28112 return rc; 28113 } 28114 if (parameter_section_size > buffer.size()) { 28115 return TPM_RC_INSUFFICIENT; 28116 } 28117 authorization_section_bytes = buffer.substr(parameter_section_size); 28118 // Keep the parameter section in |buffer|. 28119 buffer.erase(parameter_section_size); 28120 } 28121 std::unique_ptr<crypto::SecureHash> hash( 28122 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28123 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 28124 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28125 hash->Update(buffer.data(), buffer.size()); 28126 std::string response_hash(32, 0); 28127 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28128 if (tag == TPM_ST_SESSIONS) { 28129 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28130 if (!authorization_delegate->CheckResponseAuthorization( 28131 response_hash, authorization_section_bytes)) { 28132 return TRUNKS_RC_AUTHORIZATION_FAILED; 28133 } 28134 } 28135 std::string fu_data_bytes; 28136 rc = Parse_TPM2B_MAX_BUFFER(&buffer, fu_data, &fu_data_bytes); 28137 if (rc != TPM_RC_SUCCESS) { 28138 return rc; 28139 } 28140 if (tag == TPM_ST_SESSIONS) { 28141 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28142 // Decrypt just the parameter data, not the size. 28143 std::string tmp = fu_data_bytes.substr(2); 28144 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 28145 return TRUNKS_RC_ENCRYPTION_FAILED; 28146 } 28147 fu_data_bytes.replace(2, std::string::npos, tmp); 28148 rc = Parse_TPM2B_MAX_BUFFER(&fu_data_bytes, fu_data, nullptr); 28149 if (rc != TPM_RC_SUCCESS) { 28150 return rc; 28151 } 28152 } 28153 return TPM_RC_SUCCESS; 28154 } 28155 28156 void FirmwareReadErrorCallback(const Tpm::FirmwareReadResponse& callback, 28157 TPM_RC response_code) { 28158 VLOG(1) << __func__; 28159 callback.Run(response_code, TPM2B_MAX_BUFFER()); 28160 } 28161 28162 void FirmwareReadResponseParser(const Tpm::FirmwareReadResponse& callback, 28163 AuthorizationDelegate* authorization_delegate, 28164 const std::string& response) { 28165 VLOG(1) << __func__; 28166 base::Callback<void(TPM_RC)> error_reporter = 28167 base::Bind(FirmwareReadErrorCallback, callback); 28168 TPM2B_MAX_BUFFER fu_data; 28169 TPM_RC rc = Tpm::ParseResponse_FirmwareRead(response, &fu_data, 28170 authorization_delegate); 28171 if (rc != TPM_RC_SUCCESS) { 28172 error_reporter.Run(rc); 28173 return; 28174 } 28175 callback.Run(rc, fu_data); 28176 } 28177 28178 void Tpm::FirmwareRead(const UINT32& sequence_number, 28179 AuthorizationDelegate* authorization_delegate, 28180 const FirmwareReadResponse& callback) { 28181 VLOG(1) << __func__; 28182 base::Callback<void(TPM_RC)> error_reporter = 28183 base::Bind(FirmwareReadErrorCallback, callback); 28184 base::Callback<void(const std::string&)> parser = 28185 base::Bind(FirmwareReadResponseParser, callback, authorization_delegate); 28186 std::string command; 28187 TPM_RC rc = SerializeCommand_FirmwareRead(sequence_number, &command, 28188 authorization_delegate); 28189 if (rc != TPM_RC_SUCCESS) { 28190 error_reporter.Run(rc); 28191 return; 28192 } 28193 transceiver_->SendCommand(command, parser); 28194 } 28195 28196 TPM_RC Tpm::FirmwareReadSync(const UINT32& sequence_number, 28197 TPM2B_MAX_BUFFER* fu_data, 28198 AuthorizationDelegate* authorization_delegate) { 28199 VLOG(1) << __func__; 28200 std::string command; 28201 TPM_RC rc = SerializeCommand_FirmwareRead(sequence_number, &command, 28202 authorization_delegate); 28203 if (rc != TPM_RC_SUCCESS) { 28204 return rc; 28205 } 28206 std::string response = transceiver_->SendCommandAndWait(command); 28207 rc = ParseResponse_FirmwareRead(response, fu_data, authorization_delegate); 28208 return rc; 28209 } 28210 28211 TPM_RC Tpm::SerializeCommand_ContextSave( 28212 const TPMI_DH_CONTEXT& save_handle, 28213 const std::string& save_handle_name, 28214 std::string* serialized_command, 28215 AuthorizationDelegate* authorization_delegate) { 28216 VLOG(3) << __func__; 28217 TPM_RC rc = TPM_RC_SUCCESS; 28218 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28219 UINT32 command_size = 10; // Header size. 28220 std::string handle_section_bytes; 28221 std::string parameter_section_bytes; 28222 TPM_CC command_code = TPM_CC_ContextSave; 28223 bool is_command_parameter_encryption_possible = false; 28224 bool is_response_parameter_encryption_possible = false; 28225 std::string command_code_bytes; 28226 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28227 if (rc != TPM_RC_SUCCESS) { 28228 return rc; 28229 } 28230 std::string save_handle_bytes; 28231 rc = Serialize_TPMI_DH_CONTEXT(save_handle, &save_handle_bytes); 28232 if (rc != TPM_RC_SUCCESS) { 28233 return rc; 28234 } 28235 std::unique_ptr<crypto::SecureHash> hash( 28236 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28237 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28238 hash->Update(save_handle_name.data(), save_handle_name.size()); 28239 handle_section_bytes += save_handle_bytes; 28240 command_size += save_handle_bytes.size(); 28241 std::string command_hash(32, 0); 28242 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28243 std::string authorization_section_bytes; 28244 std::string authorization_size_bytes; 28245 if (authorization_delegate) { 28246 if (!authorization_delegate->GetCommandAuthorization( 28247 command_hash, is_command_parameter_encryption_possible, 28248 is_response_parameter_encryption_possible, 28249 &authorization_section_bytes)) { 28250 return TRUNKS_RC_AUTHORIZATION_FAILED; 28251 } 28252 if (!authorization_section_bytes.empty()) { 28253 tag = TPM_ST_SESSIONS; 28254 std::string tmp; 28255 rc = Serialize_UINT32(authorization_section_bytes.size(), 28256 &authorization_size_bytes); 28257 if (rc != TPM_RC_SUCCESS) { 28258 return rc; 28259 } 28260 command_size += 28261 authorization_size_bytes.size() + authorization_section_bytes.size(); 28262 } 28263 } 28264 std::string tag_bytes; 28265 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 28266 if (rc != TPM_RC_SUCCESS) { 28267 return rc; 28268 } 28269 std::string command_size_bytes; 28270 rc = Serialize_UINT32(command_size, &command_size_bytes); 28271 if (rc != TPM_RC_SUCCESS) { 28272 return rc; 28273 } 28274 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 28275 handle_section_bytes + authorization_size_bytes + 28276 authorization_section_bytes + parameter_section_bytes; 28277 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28278 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28279 serialized_command->size()); 28280 return TPM_RC_SUCCESS; 28281 } 28282 28283 TPM_RC Tpm::ParseResponse_ContextSave( 28284 const std::string& response, 28285 TPMS_CONTEXT* context, 28286 AuthorizationDelegate* authorization_delegate) { 28287 VLOG(3) << __func__; 28288 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28289 TPM_RC rc = TPM_RC_SUCCESS; 28290 std::string buffer(response); 28291 TPM_ST tag; 28292 std::string tag_bytes; 28293 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 28294 if (rc != TPM_RC_SUCCESS) { 28295 return rc; 28296 } 28297 UINT32 response_size; 28298 std::string response_size_bytes; 28299 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 28300 if (rc != TPM_RC_SUCCESS) { 28301 return rc; 28302 } 28303 TPM_RC response_code; 28304 std::string response_code_bytes; 28305 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 28306 if (rc != TPM_RC_SUCCESS) { 28307 return rc; 28308 } 28309 if (response_size != response.size()) { 28310 return TPM_RC_SIZE; 28311 } 28312 if (response_code != TPM_RC_SUCCESS) { 28313 return response_code; 28314 } 28315 TPM_CC command_code = TPM_CC_ContextSave; 28316 std::string command_code_bytes; 28317 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28318 if (rc != TPM_RC_SUCCESS) { 28319 return rc; 28320 } 28321 std::string authorization_section_bytes; 28322 if (tag == TPM_ST_SESSIONS) { 28323 UINT32 parameter_section_size = buffer.size(); 28324 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28325 if (rc != TPM_RC_SUCCESS) { 28326 return rc; 28327 } 28328 if (parameter_section_size > buffer.size()) { 28329 return TPM_RC_INSUFFICIENT; 28330 } 28331 authorization_section_bytes = buffer.substr(parameter_section_size); 28332 // Keep the parameter section in |buffer|. 28333 buffer.erase(parameter_section_size); 28334 } 28335 std::unique_ptr<crypto::SecureHash> hash( 28336 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28337 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 28338 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28339 hash->Update(buffer.data(), buffer.size()); 28340 std::string response_hash(32, 0); 28341 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28342 if (tag == TPM_ST_SESSIONS) { 28343 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28344 if (!authorization_delegate->CheckResponseAuthorization( 28345 response_hash, authorization_section_bytes)) { 28346 return TRUNKS_RC_AUTHORIZATION_FAILED; 28347 } 28348 } 28349 std::string context_bytes; 28350 rc = Parse_TPMS_CONTEXT(&buffer, context, &context_bytes); 28351 if (rc != TPM_RC_SUCCESS) { 28352 return rc; 28353 } 28354 return TPM_RC_SUCCESS; 28355 } 28356 28357 void ContextSaveErrorCallback(const Tpm::ContextSaveResponse& callback, 28358 TPM_RC response_code) { 28359 VLOG(1) << __func__; 28360 callback.Run(response_code, TPMS_CONTEXT()); 28361 } 28362 28363 void ContextSaveResponseParser(const Tpm::ContextSaveResponse& callback, 28364 AuthorizationDelegate* authorization_delegate, 28365 const std::string& response) { 28366 VLOG(1) << __func__; 28367 base::Callback<void(TPM_RC)> error_reporter = 28368 base::Bind(ContextSaveErrorCallback, callback); 28369 TPMS_CONTEXT context; 28370 TPM_RC rc = Tpm::ParseResponse_ContextSave(response, &context, 28371 authorization_delegate); 28372 if (rc != TPM_RC_SUCCESS) { 28373 error_reporter.Run(rc); 28374 return; 28375 } 28376 callback.Run(rc, context); 28377 } 28378 28379 void Tpm::ContextSave(const TPMI_DH_CONTEXT& save_handle, 28380 const std::string& save_handle_name, 28381 AuthorizationDelegate* authorization_delegate, 28382 const ContextSaveResponse& callback) { 28383 VLOG(1) << __func__; 28384 base::Callback<void(TPM_RC)> error_reporter = 28385 base::Bind(ContextSaveErrorCallback, callback); 28386 base::Callback<void(const std::string&)> parser = 28387 base::Bind(ContextSaveResponseParser, callback, authorization_delegate); 28388 std::string command; 28389 TPM_RC rc = SerializeCommand_ContextSave(save_handle, save_handle_name, 28390 &command, authorization_delegate); 28391 if (rc != TPM_RC_SUCCESS) { 28392 error_reporter.Run(rc); 28393 return; 28394 } 28395 transceiver_->SendCommand(command, parser); 28396 } 28397 28398 TPM_RC Tpm::ContextSaveSync(const TPMI_DH_CONTEXT& save_handle, 28399 const std::string& save_handle_name, 28400 TPMS_CONTEXT* context, 28401 AuthorizationDelegate* authorization_delegate) { 28402 VLOG(1) << __func__; 28403 std::string command; 28404 TPM_RC rc = SerializeCommand_ContextSave(save_handle, save_handle_name, 28405 &command, authorization_delegate); 28406 if (rc != TPM_RC_SUCCESS) { 28407 return rc; 28408 } 28409 std::string response = transceiver_->SendCommandAndWait(command); 28410 rc = ParseResponse_ContextSave(response, context, authorization_delegate); 28411 return rc; 28412 } 28413 28414 TPM_RC Tpm::SerializeCommand_ContextLoad( 28415 const TPMS_CONTEXT& context, 28416 std::string* serialized_command, 28417 AuthorizationDelegate* authorization_delegate) { 28418 VLOG(3) << __func__; 28419 TPM_RC rc = TPM_RC_SUCCESS; 28420 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28421 UINT32 command_size = 10; // Header size. 28422 std::string handle_section_bytes; 28423 std::string parameter_section_bytes; 28424 TPM_CC command_code = TPM_CC_ContextLoad; 28425 bool is_command_parameter_encryption_possible = false; 28426 bool is_response_parameter_encryption_possible = false; 28427 std::string command_code_bytes; 28428 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28429 if (rc != TPM_RC_SUCCESS) { 28430 return rc; 28431 } 28432 std::string context_bytes; 28433 rc = Serialize_TPMS_CONTEXT(context, &context_bytes); 28434 if (rc != TPM_RC_SUCCESS) { 28435 return rc; 28436 } 28437 std::unique_ptr<crypto::SecureHash> hash( 28438 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28439 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28440 hash->Update(context_bytes.data(), context_bytes.size()); 28441 parameter_section_bytes += context_bytes; 28442 command_size += context_bytes.size(); 28443 std::string command_hash(32, 0); 28444 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28445 std::string authorization_section_bytes; 28446 std::string authorization_size_bytes; 28447 if (authorization_delegate) { 28448 if (!authorization_delegate->GetCommandAuthorization( 28449 command_hash, is_command_parameter_encryption_possible, 28450 is_response_parameter_encryption_possible, 28451 &authorization_section_bytes)) { 28452 return TRUNKS_RC_AUTHORIZATION_FAILED; 28453 } 28454 if (!authorization_section_bytes.empty()) { 28455 tag = TPM_ST_SESSIONS; 28456 std::string tmp; 28457 rc = Serialize_UINT32(authorization_section_bytes.size(), 28458 &authorization_size_bytes); 28459 if (rc != TPM_RC_SUCCESS) { 28460 return rc; 28461 } 28462 command_size += 28463 authorization_size_bytes.size() + authorization_section_bytes.size(); 28464 } 28465 } 28466 std::string tag_bytes; 28467 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 28468 if (rc != TPM_RC_SUCCESS) { 28469 return rc; 28470 } 28471 std::string command_size_bytes; 28472 rc = Serialize_UINT32(command_size, &command_size_bytes); 28473 if (rc != TPM_RC_SUCCESS) { 28474 return rc; 28475 } 28476 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 28477 handle_section_bytes + authorization_size_bytes + 28478 authorization_section_bytes + parameter_section_bytes; 28479 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28480 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28481 serialized_command->size()); 28482 return TPM_RC_SUCCESS; 28483 } 28484 28485 TPM_RC Tpm::ParseResponse_ContextLoad( 28486 const std::string& response, 28487 TPMI_DH_CONTEXT* loaded_handle, 28488 AuthorizationDelegate* authorization_delegate) { 28489 VLOG(3) << __func__; 28490 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28491 TPM_RC rc = TPM_RC_SUCCESS; 28492 std::string buffer(response); 28493 TPM_ST tag; 28494 std::string tag_bytes; 28495 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 28496 if (rc != TPM_RC_SUCCESS) { 28497 return rc; 28498 } 28499 UINT32 response_size; 28500 std::string response_size_bytes; 28501 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 28502 if (rc != TPM_RC_SUCCESS) { 28503 return rc; 28504 } 28505 TPM_RC response_code; 28506 std::string response_code_bytes; 28507 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 28508 if (rc != TPM_RC_SUCCESS) { 28509 return rc; 28510 } 28511 if (response_size != response.size()) { 28512 return TPM_RC_SIZE; 28513 } 28514 if (response_code != TPM_RC_SUCCESS) { 28515 return response_code; 28516 } 28517 std::string loaded_handle_bytes; 28518 rc = Parse_TPMI_DH_CONTEXT(&buffer, loaded_handle, &loaded_handle_bytes); 28519 if (rc != TPM_RC_SUCCESS) { 28520 return rc; 28521 } 28522 TPM_CC command_code = TPM_CC_ContextLoad; 28523 std::string command_code_bytes; 28524 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28525 if (rc != TPM_RC_SUCCESS) { 28526 return rc; 28527 } 28528 std::string authorization_section_bytes; 28529 if (tag == TPM_ST_SESSIONS) { 28530 UINT32 parameter_section_size = buffer.size(); 28531 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28532 if (rc != TPM_RC_SUCCESS) { 28533 return rc; 28534 } 28535 if (parameter_section_size > buffer.size()) { 28536 return TPM_RC_INSUFFICIENT; 28537 } 28538 authorization_section_bytes = buffer.substr(parameter_section_size); 28539 // Keep the parameter section in |buffer|. 28540 buffer.erase(parameter_section_size); 28541 } 28542 std::unique_ptr<crypto::SecureHash> hash( 28543 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28544 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 28545 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28546 hash->Update(buffer.data(), buffer.size()); 28547 std::string response_hash(32, 0); 28548 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28549 if (tag == TPM_ST_SESSIONS) { 28550 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28551 if (!authorization_delegate->CheckResponseAuthorization( 28552 response_hash, authorization_section_bytes)) { 28553 return TRUNKS_RC_AUTHORIZATION_FAILED; 28554 } 28555 } 28556 return TPM_RC_SUCCESS; 28557 } 28558 28559 void ContextLoadErrorCallback(const Tpm::ContextLoadResponse& callback, 28560 TPM_RC response_code) { 28561 VLOG(1) << __func__; 28562 callback.Run(response_code, TPMI_DH_CONTEXT()); 28563 } 28564 28565 void ContextLoadResponseParser(const Tpm::ContextLoadResponse& callback, 28566 AuthorizationDelegate* authorization_delegate, 28567 const std::string& response) { 28568 VLOG(1) << __func__; 28569 base::Callback<void(TPM_RC)> error_reporter = 28570 base::Bind(ContextLoadErrorCallback, callback); 28571 TPMI_DH_CONTEXT loaded_handle; 28572 TPM_RC rc = Tpm::ParseResponse_ContextLoad(response, &loaded_handle, 28573 authorization_delegate); 28574 if (rc != TPM_RC_SUCCESS) { 28575 error_reporter.Run(rc); 28576 return; 28577 } 28578 callback.Run(rc, loaded_handle); 28579 } 28580 28581 void Tpm::ContextLoad(const TPMS_CONTEXT& context, 28582 AuthorizationDelegate* authorization_delegate, 28583 const ContextLoadResponse& callback) { 28584 VLOG(1) << __func__; 28585 base::Callback<void(TPM_RC)> error_reporter = 28586 base::Bind(ContextLoadErrorCallback, callback); 28587 base::Callback<void(const std::string&)> parser = 28588 base::Bind(ContextLoadResponseParser, callback, authorization_delegate); 28589 std::string command; 28590 TPM_RC rc = 28591 SerializeCommand_ContextLoad(context, &command, authorization_delegate); 28592 if (rc != TPM_RC_SUCCESS) { 28593 error_reporter.Run(rc); 28594 return; 28595 } 28596 transceiver_->SendCommand(command, parser); 28597 } 28598 28599 TPM_RC Tpm::ContextLoadSync(const TPMS_CONTEXT& context, 28600 TPMI_DH_CONTEXT* loaded_handle, 28601 AuthorizationDelegate* authorization_delegate) { 28602 VLOG(1) << __func__; 28603 std::string command; 28604 TPM_RC rc = 28605 SerializeCommand_ContextLoad(context, &command, authorization_delegate); 28606 if (rc != TPM_RC_SUCCESS) { 28607 return rc; 28608 } 28609 std::string response = transceiver_->SendCommandAndWait(command); 28610 rc = ParseResponse_ContextLoad(response, loaded_handle, 28611 authorization_delegate); 28612 return rc; 28613 } 28614 28615 TPM_RC Tpm::SerializeCommand_FlushContext( 28616 const TPMI_DH_CONTEXT& flush_handle, 28617 std::string* serialized_command, 28618 AuthorizationDelegate* authorization_delegate) { 28619 VLOG(3) << __func__; 28620 TPM_RC rc = TPM_RC_SUCCESS; 28621 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28622 UINT32 command_size = 10; // Header size. 28623 std::string handle_section_bytes; 28624 std::string parameter_section_bytes; 28625 TPM_CC command_code = TPM_CC_FlushContext; 28626 bool is_command_parameter_encryption_possible = false; 28627 bool is_response_parameter_encryption_possible = false; 28628 std::string command_code_bytes; 28629 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28630 if (rc != TPM_RC_SUCCESS) { 28631 return rc; 28632 } 28633 std::string flush_handle_bytes; 28634 rc = Serialize_TPMI_DH_CONTEXT(flush_handle, &flush_handle_bytes); 28635 if (rc != TPM_RC_SUCCESS) { 28636 return rc; 28637 } 28638 std::unique_ptr<crypto::SecureHash> hash( 28639 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28640 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28641 hash->Update(flush_handle_bytes.data(), flush_handle_bytes.size()); 28642 parameter_section_bytes += flush_handle_bytes; 28643 command_size += flush_handle_bytes.size(); 28644 std::string command_hash(32, 0); 28645 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28646 std::string authorization_section_bytes; 28647 std::string authorization_size_bytes; 28648 if (authorization_delegate) { 28649 if (!authorization_delegate->GetCommandAuthorization( 28650 command_hash, is_command_parameter_encryption_possible, 28651 is_response_parameter_encryption_possible, 28652 &authorization_section_bytes)) { 28653 return TRUNKS_RC_AUTHORIZATION_FAILED; 28654 } 28655 if (!authorization_section_bytes.empty()) { 28656 tag = TPM_ST_SESSIONS; 28657 std::string tmp; 28658 rc = Serialize_UINT32(authorization_section_bytes.size(), 28659 &authorization_size_bytes); 28660 if (rc != TPM_RC_SUCCESS) { 28661 return rc; 28662 } 28663 command_size += 28664 authorization_size_bytes.size() + authorization_section_bytes.size(); 28665 } 28666 } 28667 std::string tag_bytes; 28668 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 28669 if (rc != TPM_RC_SUCCESS) { 28670 return rc; 28671 } 28672 std::string command_size_bytes; 28673 rc = Serialize_UINT32(command_size, &command_size_bytes); 28674 if (rc != TPM_RC_SUCCESS) { 28675 return rc; 28676 } 28677 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 28678 handle_section_bytes + authorization_size_bytes + 28679 authorization_section_bytes + parameter_section_bytes; 28680 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28681 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28682 serialized_command->size()); 28683 return TPM_RC_SUCCESS; 28684 } 28685 28686 TPM_RC Tpm::ParseResponse_FlushContext( 28687 const std::string& response, 28688 AuthorizationDelegate* authorization_delegate) { 28689 VLOG(3) << __func__; 28690 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28691 TPM_RC rc = TPM_RC_SUCCESS; 28692 std::string buffer(response); 28693 TPM_ST tag; 28694 std::string tag_bytes; 28695 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 28696 if (rc != TPM_RC_SUCCESS) { 28697 return rc; 28698 } 28699 UINT32 response_size; 28700 std::string response_size_bytes; 28701 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 28702 if (rc != TPM_RC_SUCCESS) { 28703 return rc; 28704 } 28705 TPM_RC response_code; 28706 std::string response_code_bytes; 28707 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 28708 if (rc != TPM_RC_SUCCESS) { 28709 return rc; 28710 } 28711 if (response_size != response.size()) { 28712 return TPM_RC_SIZE; 28713 } 28714 if (response_code != TPM_RC_SUCCESS) { 28715 return response_code; 28716 } 28717 TPM_CC command_code = TPM_CC_FlushContext; 28718 std::string command_code_bytes; 28719 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28720 if (rc != TPM_RC_SUCCESS) { 28721 return rc; 28722 } 28723 std::string authorization_section_bytes; 28724 if (tag == TPM_ST_SESSIONS) { 28725 UINT32 parameter_section_size = buffer.size(); 28726 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28727 if (rc != TPM_RC_SUCCESS) { 28728 return rc; 28729 } 28730 if (parameter_section_size > buffer.size()) { 28731 return TPM_RC_INSUFFICIENT; 28732 } 28733 authorization_section_bytes = buffer.substr(parameter_section_size); 28734 // Keep the parameter section in |buffer|. 28735 buffer.erase(parameter_section_size); 28736 } 28737 std::unique_ptr<crypto::SecureHash> hash( 28738 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28739 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 28740 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28741 hash->Update(buffer.data(), buffer.size()); 28742 std::string response_hash(32, 0); 28743 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28744 if (tag == TPM_ST_SESSIONS) { 28745 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28746 if (!authorization_delegate->CheckResponseAuthorization( 28747 response_hash, authorization_section_bytes)) { 28748 return TRUNKS_RC_AUTHORIZATION_FAILED; 28749 } 28750 } 28751 return TPM_RC_SUCCESS; 28752 } 28753 28754 void FlushContextErrorCallback(const Tpm::FlushContextResponse& callback, 28755 TPM_RC response_code) { 28756 VLOG(1) << __func__; 28757 callback.Run(response_code); 28758 } 28759 28760 void FlushContextResponseParser(const Tpm::FlushContextResponse& callback, 28761 AuthorizationDelegate* authorization_delegate, 28762 const std::string& response) { 28763 VLOG(1) << __func__; 28764 base::Callback<void(TPM_RC)> error_reporter = 28765 base::Bind(FlushContextErrorCallback, callback); 28766 TPM_RC rc = Tpm::ParseResponse_FlushContext(response, authorization_delegate); 28767 if (rc != TPM_RC_SUCCESS) { 28768 error_reporter.Run(rc); 28769 return; 28770 } 28771 callback.Run(rc); 28772 } 28773 28774 void Tpm::FlushContext(const TPMI_DH_CONTEXT& flush_handle, 28775 AuthorizationDelegate* authorization_delegate, 28776 const FlushContextResponse& callback) { 28777 VLOG(1) << __func__; 28778 base::Callback<void(TPM_RC)> error_reporter = 28779 base::Bind(FlushContextErrorCallback, callback); 28780 base::Callback<void(const std::string&)> parser = 28781 base::Bind(FlushContextResponseParser, callback, authorization_delegate); 28782 std::string command; 28783 TPM_RC rc = SerializeCommand_FlushContext(flush_handle, &command, 28784 authorization_delegate); 28785 if (rc != TPM_RC_SUCCESS) { 28786 error_reporter.Run(rc); 28787 return; 28788 } 28789 transceiver_->SendCommand(command, parser); 28790 } 28791 28792 TPM_RC Tpm::FlushContextSync(const TPMI_DH_CONTEXT& flush_handle, 28793 AuthorizationDelegate* authorization_delegate) { 28794 VLOG(1) << __func__; 28795 std::string command; 28796 TPM_RC rc = SerializeCommand_FlushContext(flush_handle, &command, 28797 authorization_delegate); 28798 if (rc != TPM_RC_SUCCESS) { 28799 return rc; 28800 } 28801 std::string response = transceiver_->SendCommandAndWait(command); 28802 rc = ParseResponse_FlushContext(response, authorization_delegate); 28803 return rc; 28804 } 28805 28806 TPM_RC Tpm::SerializeCommand_EvictControl( 28807 const TPMI_RH_PROVISION& auth, 28808 const std::string& auth_name, 28809 const TPMI_DH_OBJECT& object_handle, 28810 const std::string& object_handle_name, 28811 const TPMI_DH_PERSISTENT& persistent_handle, 28812 std::string* serialized_command, 28813 AuthorizationDelegate* authorization_delegate) { 28814 VLOG(3) << __func__; 28815 TPM_RC rc = TPM_RC_SUCCESS; 28816 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28817 UINT32 command_size = 10; // Header size. 28818 std::string handle_section_bytes; 28819 std::string parameter_section_bytes; 28820 TPM_CC command_code = TPM_CC_EvictControl; 28821 bool is_command_parameter_encryption_possible = false; 28822 bool is_response_parameter_encryption_possible = false; 28823 std::string command_code_bytes; 28824 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28825 if (rc != TPM_RC_SUCCESS) { 28826 return rc; 28827 } 28828 std::string auth_bytes; 28829 rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes); 28830 if (rc != TPM_RC_SUCCESS) { 28831 return rc; 28832 } 28833 std::string object_handle_bytes; 28834 rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes); 28835 if (rc != TPM_RC_SUCCESS) { 28836 return rc; 28837 } 28838 std::string persistent_handle_bytes; 28839 rc = 28840 Serialize_TPMI_DH_PERSISTENT(persistent_handle, &persistent_handle_bytes); 28841 if (rc != TPM_RC_SUCCESS) { 28842 return rc; 28843 } 28844 std::unique_ptr<crypto::SecureHash> hash( 28845 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28846 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28847 hash->Update(auth_name.data(), auth_name.size()); 28848 handle_section_bytes += auth_bytes; 28849 command_size += auth_bytes.size(); 28850 hash->Update(object_handle_name.data(), object_handle_name.size()); 28851 handle_section_bytes += object_handle_bytes; 28852 command_size += object_handle_bytes.size(); 28853 hash->Update(persistent_handle_bytes.data(), persistent_handle_bytes.size()); 28854 parameter_section_bytes += persistent_handle_bytes; 28855 command_size += persistent_handle_bytes.size(); 28856 std::string command_hash(32, 0); 28857 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28858 std::string authorization_section_bytes; 28859 std::string authorization_size_bytes; 28860 if (authorization_delegate) { 28861 if (!authorization_delegate->GetCommandAuthorization( 28862 command_hash, is_command_parameter_encryption_possible, 28863 is_response_parameter_encryption_possible, 28864 &authorization_section_bytes)) { 28865 return TRUNKS_RC_AUTHORIZATION_FAILED; 28866 } 28867 if (!authorization_section_bytes.empty()) { 28868 tag = TPM_ST_SESSIONS; 28869 std::string tmp; 28870 rc = Serialize_UINT32(authorization_section_bytes.size(), 28871 &authorization_size_bytes); 28872 if (rc != TPM_RC_SUCCESS) { 28873 return rc; 28874 } 28875 command_size += 28876 authorization_size_bytes.size() + authorization_section_bytes.size(); 28877 } 28878 } 28879 std::string tag_bytes; 28880 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 28881 if (rc != TPM_RC_SUCCESS) { 28882 return rc; 28883 } 28884 std::string command_size_bytes; 28885 rc = Serialize_UINT32(command_size, &command_size_bytes); 28886 if (rc != TPM_RC_SUCCESS) { 28887 return rc; 28888 } 28889 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 28890 handle_section_bytes + authorization_size_bytes + 28891 authorization_section_bytes + parameter_section_bytes; 28892 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28893 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28894 serialized_command->size()); 28895 return TPM_RC_SUCCESS; 28896 } 28897 28898 TPM_RC Tpm::ParseResponse_EvictControl( 28899 const std::string& response, 28900 AuthorizationDelegate* authorization_delegate) { 28901 VLOG(3) << __func__; 28902 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28903 TPM_RC rc = TPM_RC_SUCCESS; 28904 std::string buffer(response); 28905 TPM_ST tag; 28906 std::string tag_bytes; 28907 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 28908 if (rc != TPM_RC_SUCCESS) { 28909 return rc; 28910 } 28911 UINT32 response_size; 28912 std::string response_size_bytes; 28913 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 28914 if (rc != TPM_RC_SUCCESS) { 28915 return rc; 28916 } 28917 TPM_RC response_code; 28918 std::string response_code_bytes; 28919 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 28920 if (rc != TPM_RC_SUCCESS) { 28921 return rc; 28922 } 28923 if (response_size != response.size()) { 28924 return TPM_RC_SIZE; 28925 } 28926 if (response_code != TPM_RC_SUCCESS) { 28927 return response_code; 28928 } 28929 TPM_CC command_code = TPM_CC_EvictControl; 28930 std::string command_code_bytes; 28931 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 28932 if (rc != TPM_RC_SUCCESS) { 28933 return rc; 28934 } 28935 std::string authorization_section_bytes; 28936 if (tag == TPM_ST_SESSIONS) { 28937 UINT32 parameter_section_size = buffer.size(); 28938 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28939 if (rc != TPM_RC_SUCCESS) { 28940 return rc; 28941 } 28942 if (parameter_section_size > buffer.size()) { 28943 return TPM_RC_INSUFFICIENT; 28944 } 28945 authorization_section_bytes = buffer.substr(parameter_section_size); 28946 // Keep the parameter section in |buffer|. 28947 buffer.erase(parameter_section_size); 28948 } 28949 std::unique_ptr<crypto::SecureHash> hash( 28950 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 28951 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 28952 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 28953 hash->Update(buffer.data(), buffer.size()); 28954 std::string response_hash(32, 0); 28955 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28956 if (tag == TPM_ST_SESSIONS) { 28957 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28958 if (!authorization_delegate->CheckResponseAuthorization( 28959 response_hash, authorization_section_bytes)) { 28960 return TRUNKS_RC_AUTHORIZATION_FAILED; 28961 } 28962 } 28963 return TPM_RC_SUCCESS; 28964 } 28965 28966 void EvictControlErrorCallback(const Tpm::EvictControlResponse& callback, 28967 TPM_RC response_code) { 28968 VLOG(1) << __func__; 28969 callback.Run(response_code); 28970 } 28971 28972 void EvictControlResponseParser(const Tpm::EvictControlResponse& callback, 28973 AuthorizationDelegate* authorization_delegate, 28974 const std::string& response) { 28975 VLOG(1) << __func__; 28976 base::Callback<void(TPM_RC)> error_reporter = 28977 base::Bind(EvictControlErrorCallback, callback); 28978 TPM_RC rc = Tpm::ParseResponse_EvictControl(response, authorization_delegate); 28979 if (rc != TPM_RC_SUCCESS) { 28980 error_reporter.Run(rc); 28981 return; 28982 } 28983 callback.Run(rc); 28984 } 28985 28986 void Tpm::EvictControl(const TPMI_RH_PROVISION& auth, 28987 const std::string& auth_name, 28988 const TPMI_DH_OBJECT& object_handle, 28989 const std::string& object_handle_name, 28990 const TPMI_DH_PERSISTENT& persistent_handle, 28991 AuthorizationDelegate* authorization_delegate, 28992 const EvictControlResponse& callback) { 28993 VLOG(1) << __func__; 28994 base::Callback<void(TPM_RC)> error_reporter = 28995 base::Bind(EvictControlErrorCallback, callback); 28996 base::Callback<void(const std::string&)> parser = 28997 base::Bind(EvictControlResponseParser, callback, authorization_delegate); 28998 std::string command; 28999 TPM_RC rc = SerializeCommand_EvictControl( 29000 auth, auth_name, object_handle, object_handle_name, persistent_handle, 29001 &command, authorization_delegate); 29002 if (rc != TPM_RC_SUCCESS) { 29003 error_reporter.Run(rc); 29004 return; 29005 } 29006 transceiver_->SendCommand(command, parser); 29007 } 29008 29009 TPM_RC Tpm::EvictControlSync(const TPMI_RH_PROVISION& auth, 29010 const std::string& auth_name, 29011 const TPMI_DH_OBJECT& object_handle, 29012 const std::string& object_handle_name, 29013 const TPMI_DH_PERSISTENT& persistent_handle, 29014 AuthorizationDelegate* authorization_delegate) { 29015 VLOG(1) << __func__; 29016 std::string command; 29017 TPM_RC rc = SerializeCommand_EvictControl( 29018 auth, auth_name, object_handle, object_handle_name, persistent_handle, 29019 &command, authorization_delegate); 29020 if (rc != TPM_RC_SUCCESS) { 29021 return rc; 29022 } 29023 std::string response = transceiver_->SendCommandAndWait(command); 29024 rc = ParseResponse_EvictControl(response, authorization_delegate); 29025 return rc; 29026 } 29027 29028 TPM_RC Tpm::SerializeCommand_ReadClock( 29029 std::string* serialized_command, 29030 AuthorizationDelegate* authorization_delegate) { 29031 VLOG(3) << __func__; 29032 TPM_RC rc = TPM_RC_SUCCESS; 29033 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29034 UINT32 command_size = 10; // Header size. 29035 std::string handle_section_bytes; 29036 std::string parameter_section_bytes; 29037 TPM_CC command_code = TPM_CC_ReadClock; 29038 bool is_command_parameter_encryption_possible = false; 29039 bool is_response_parameter_encryption_possible = false; 29040 std::string command_code_bytes; 29041 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29042 if (rc != TPM_RC_SUCCESS) { 29043 return rc; 29044 } 29045 std::unique_ptr<crypto::SecureHash> hash( 29046 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29047 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29048 std::string command_hash(32, 0); 29049 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29050 std::string authorization_section_bytes; 29051 std::string authorization_size_bytes; 29052 if (authorization_delegate) { 29053 if (!authorization_delegate->GetCommandAuthorization( 29054 command_hash, is_command_parameter_encryption_possible, 29055 is_response_parameter_encryption_possible, 29056 &authorization_section_bytes)) { 29057 return TRUNKS_RC_AUTHORIZATION_FAILED; 29058 } 29059 if (!authorization_section_bytes.empty()) { 29060 tag = TPM_ST_SESSIONS; 29061 std::string tmp; 29062 rc = Serialize_UINT32(authorization_section_bytes.size(), 29063 &authorization_size_bytes); 29064 if (rc != TPM_RC_SUCCESS) { 29065 return rc; 29066 } 29067 command_size += 29068 authorization_size_bytes.size() + authorization_section_bytes.size(); 29069 } 29070 } 29071 std::string tag_bytes; 29072 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 29073 if (rc != TPM_RC_SUCCESS) { 29074 return rc; 29075 } 29076 std::string command_size_bytes; 29077 rc = Serialize_UINT32(command_size, &command_size_bytes); 29078 if (rc != TPM_RC_SUCCESS) { 29079 return rc; 29080 } 29081 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 29082 handle_section_bytes + authorization_size_bytes + 29083 authorization_section_bytes + parameter_section_bytes; 29084 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29085 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29086 serialized_command->size()); 29087 return TPM_RC_SUCCESS; 29088 } 29089 29090 TPM_RC Tpm::ParseResponse_ReadClock( 29091 const std::string& response, 29092 TPMS_TIME_INFO* current_time, 29093 AuthorizationDelegate* authorization_delegate) { 29094 VLOG(3) << __func__; 29095 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29096 TPM_RC rc = TPM_RC_SUCCESS; 29097 std::string buffer(response); 29098 TPM_ST tag; 29099 std::string tag_bytes; 29100 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 29101 if (rc != TPM_RC_SUCCESS) { 29102 return rc; 29103 } 29104 UINT32 response_size; 29105 std::string response_size_bytes; 29106 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 29107 if (rc != TPM_RC_SUCCESS) { 29108 return rc; 29109 } 29110 TPM_RC response_code; 29111 std::string response_code_bytes; 29112 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 29113 if (rc != TPM_RC_SUCCESS) { 29114 return rc; 29115 } 29116 if (response_size != response.size()) { 29117 return TPM_RC_SIZE; 29118 } 29119 if (response_code != TPM_RC_SUCCESS) { 29120 return response_code; 29121 } 29122 TPM_CC command_code = TPM_CC_ReadClock; 29123 std::string command_code_bytes; 29124 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29125 if (rc != TPM_RC_SUCCESS) { 29126 return rc; 29127 } 29128 std::string authorization_section_bytes; 29129 if (tag == TPM_ST_SESSIONS) { 29130 UINT32 parameter_section_size = buffer.size(); 29131 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29132 if (rc != TPM_RC_SUCCESS) { 29133 return rc; 29134 } 29135 if (parameter_section_size > buffer.size()) { 29136 return TPM_RC_INSUFFICIENT; 29137 } 29138 authorization_section_bytes = buffer.substr(parameter_section_size); 29139 // Keep the parameter section in |buffer|. 29140 buffer.erase(parameter_section_size); 29141 } 29142 std::unique_ptr<crypto::SecureHash> hash( 29143 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29144 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 29145 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29146 hash->Update(buffer.data(), buffer.size()); 29147 std::string response_hash(32, 0); 29148 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29149 if (tag == TPM_ST_SESSIONS) { 29150 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29151 if (!authorization_delegate->CheckResponseAuthorization( 29152 response_hash, authorization_section_bytes)) { 29153 return TRUNKS_RC_AUTHORIZATION_FAILED; 29154 } 29155 } 29156 std::string current_time_bytes; 29157 rc = Parse_TPMS_TIME_INFO(&buffer, current_time, ¤t_time_bytes); 29158 if (rc != TPM_RC_SUCCESS) { 29159 return rc; 29160 } 29161 return TPM_RC_SUCCESS; 29162 } 29163 29164 void ReadClockErrorCallback(const Tpm::ReadClockResponse& callback, 29165 TPM_RC response_code) { 29166 VLOG(1) << __func__; 29167 callback.Run(response_code, TPMS_TIME_INFO()); 29168 } 29169 29170 void ReadClockResponseParser(const Tpm::ReadClockResponse& callback, 29171 AuthorizationDelegate* authorization_delegate, 29172 const std::string& response) { 29173 VLOG(1) << __func__; 29174 base::Callback<void(TPM_RC)> error_reporter = 29175 base::Bind(ReadClockErrorCallback, callback); 29176 TPMS_TIME_INFO current_time; 29177 TPM_RC rc = Tpm::ParseResponse_ReadClock(response, ¤t_time, 29178 authorization_delegate); 29179 if (rc != TPM_RC_SUCCESS) { 29180 error_reporter.Run(rc); 29181 return; 29182 } 29183 callback.Run(rc, current_time); 29184 } 29185 29186 void Tpm::ReadClock(AuthorizationDelegate* authorization_delegate, 29187 const ReadClockResponse& callback) { 29188 VLOG(1) << __func__; 29189 base::Callback<void(TPM_RC)> error_reporter = 29190 base::Bind(ReadClockErrorCallback, callback); 29191 base::Callback<void(const std::string&)> parser = 29192 base::Bind(ReadClockResponseParser, callback, authorization_delegate); 29193 std::string command; 29194 TPM_RC rc = SerializeCommand_ReadClock(&command, authorization_delegate); 29195 if (rc != TPM_RC_SUCCESS) { 29196 error_reporter.Run(rc); 29197 return; 29198 } 29199 transceiver_->SendCommand(command, parser); 29200 } 29201 29202 TPM_RC Tpm::ReadClockSync(TPMS_TIME_INFO* current_time, 29203 AuthorizationDelegate* authorization_delegate) { 29204 VLOG(1) << __func__; 29205 std::string command; 29206 TPM_RC rc = SerializeCommand_ReadClock(&command, authorization_delegate); 29207 if (rc != TPM_RC_SUCCESS) { 29208 return rc; 29209 } 29210 std::string response = transceiver_->SendCommandAndWait(command); 29211 rc = ParseResponse_ReadClock(response, current_time, authorization_delegate); 29212 return rc; 29213 } 29214 29215 TPM_RC Tpm::SerializeCommand_ClockSet( 29216 const TPMI_RH_PROVISION& auth, 29217 const std::string& auth_name, 29218 const UINT64& new_time, 29219 std::string* serialized_command, 29220 AuthorizationDelegate* authorization_delegate) { 29221 VLOG(3) << __func__; 29222 TPM_RC rc = TPM_RC_SUCCESS; 29223 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29224 UINT32 command_size = 10; // Header size. 29225 std::string handle_section_bytes; 29226 std::string parameter_section_bytes; 29227 TPM_CC command_code = TPM_CC_ClockSet; 29228 bool is_command_parameter_encryption_possible = false; 29229 bool is_response_parameter_encryption_possible = false; 29230 std::string command_code_bytes; 29231 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29232 if (rc != TPM_RC_SUCCESS) { 29233 return rc; 29234 } 29235 std::string auth_bytes; 29236 rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes); 29237 if (rc != TPM_RC_SUCCESS) { 29238 return rc; 29239 } 29240 std::string new_time_bytes; 29241 rc = Serialize_UINT64(new_time, &new_time_bytes); 29242 if (rc != TPM_RC_SUCCESS) { 29243 return rc; 29244 } 29245 std::unique_ptr<crypto::SecureHash> hash( 29246 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29247 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29248 hash->Update(auth_name.data(), auth_name.size()); 29249 handle_section_bytes += auth_bytes; 29250 command_size += auth_bytes.size(); 29251 hash->Update(new_time_bytes.data(), new_time_bytes.size()); 29252 parameter_section_bytes += new_time_bytes; 29253 command_size += new_time_bytes.size(); 29254 std::string command_hash(32, 0); 29255 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29256 std::string authorization_section_bytes; 29257 std::string authorization_size_bytes; 29258 if (authorization_delegate) { 29259 if (!authorization_delegate->GetCommandAuthorization( 29260 command_hash, is_command_parameter_encryption_possible, 29261 is_response_parameter_encryption_possible, 29262 &authorization_section_bytes)) { 29263 return TRUNKS_RC_AUTHORIZATION_FAILED; 29264 } 29265 if (!authorization_section_bytes.empty()) { 29266 tag = TPM_ST_SESSIONS; 29267 std::string tmp; 29268 rc = Serialize_UINT32(authorization_section_bytes.size(), 29269 &authorization_size_bytes); 29270 if (rc != TPM_RC_SUCCESS) { 29271 return rc; 29272 } 29273 command_size += 29274 authorization_size_bytes.size() + authorization_section_bytes.size(); 29275 } 29276 } 29277 std::string tag_bytes; 29278 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 29279 if (rc != TPM_RC_SUCCESS) { 29280 return rc; 29281 } 29282 std::string command_size_bytes; 29283 rc = Serialize_UINT32(command_size, &command_size_bytes); 29284 if (rc != TPM_RC_SUCCESS) { 29285 return rc; 29286 } 29287 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 29288 handle_section_bytes + authorization_size_bytes + 29289 authorization_section_bytes + parameter_section_bytes; 29290 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29291 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29292 serialized_command->size()); 29293 return TPM_RC_SUCCESS; 29294 } 29295 29296 TPM_RC Tpm::ParseResponse_ClockSet( 29297 const std::string& response, 29298 AuthorizationDelegate* authorization_delegate) { 29299 VLOG(3) << __func__; 29300 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29301 TPM_RC rc = TPM_RC_SUCCESS; 29302 std::string buffer(response); 29303 TPM_ST tag; 29304 std::string tag_bytes; 29305 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 29306 if (rc != TPM_RC_SUCCESS) { 29307 return rc; 29308 } 29309 UINT32 response_size; 29310 std::string response_size_bytes; 29311 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 29312 if (rc != TPM_RC_SUCCESS) { 29313 return rc; 29314 } 29315 TPM_RC response_code; 29316 std::string response_code_bytes; 29317 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 29318 if (rc != TPM_RC_SUCCESS) { 29319 return rc; 29320 } 29321 if (response_size != response.size()) { 29322 return TPM_RC_SIZE; 29323 } 29324 if (response_code != TPM_RC_SUCCESS) { 29325 return response_code; 29326 } 29327 TPM_CC command_code = TPM_CC_ClockSet; 29328 std::string command_code_bytes; 29329 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29330 if (rc != TPM_RC_SUCCESS) { 29331 return rc; 29332 } 29333 std::string authorization_section_bytes; 29334 if (tag == TPM_ST_SESSIONS) { 29335 UINT32 parameter_section_size = buffer.size(); 29336 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29337 if (rc != TPM_RC_SUCCESS) { 29338 return rc; 29339 } 29340 if (parameter_section_size > buffer.size()) { 29341 return TPM_RC_INSUFFICIENT; 29342 } 29343 authorization_section_bytes = buffer.substr(parameter_section_size); 29344 // Keep the parameter section in |buffer|. 29345 buffer.erase(parameter_section_size); 29346 } 29347 std::unique_ptr<crypto::SecureHash> hash( 29348 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29349 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 29350 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29351 hash->Update(buffer.data(), buffer.size()); 29352 std::string response_hash(32, 0); 29353 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29354 if (tag == TPM_ST_SESSIONS) { 29355 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29356 if (!authorization_delegate->CheckResponseAuthorization( 29357 response_hash, authorization_section_bytes)) { 29358 return TRUNKS_RC_AUTHORIZATION_FAILED; 29359 } 29360 } 29361 return TPM_RC_SUCCESS; 29362 } 29363 29364 void ClockSetErrorCallback(const Tpm::ClockSetResponse& callback, 29365 TPM_RC response_code) { 29366 VLOG(1) << __func__; 29367 callback.Run(response_code); 29368 } 29369 29370 void ClockSetResponseParser(const Tpm::ClockSetResponse& callback, 29371 AuthorizationDelegate* authorization_delegate, 29372 const std::string& response) { 29373 VLOG(1) << __func__; 29374 base::Callback<void(TPM_RC)> error_reporter = 29375 base::Bind(ClockSetErrorCallback, callback); 29376 TPM_RC rc = Tpm::ParseResponse_ClockSet(response, authorization_delegate); 29377 if (rc != TPM_RC_SUCCESS) { 29378 error_reporter.Run(rc); 29379 return; 29380 } 29381 callback.Run(rc); 29382 } 29383 29384 void Tpm::ClockSet(const TPMI_RH_PROVISION& auth, 29385 const std::string& auth_name, 29386 const UINT64& new_time, 29387 AuthorizationDelegate* authorization_delegate, 29388 const ClockSetResponse& callback) { 29389 VLOG(1) << __func__; 29390 base::Callback<void(TPM_RC)> error_reporter = 29391 base::Bind(ClockSetErrorCallback, callback); 29392 base::Callback<void(const std::string&)> parser = 29393 base::Bind(ClockSetResponseParser, callback, authorization_delegate); 29394 std::string command; 29395 TPM_RC rc = SerializeCommand_ClockSet(auth, auth_name, new_time, &command, 29396 authorization_delegate); 29397 if (rc != TPM_RC_SUCCESS) { 29398 error_reporter.Run(rc); 29399 return; 29400 } 29401 transceiver_->SendCommand(command, parser); 29402 } 29403 29404 TPM_RC Tpm::ClockSetSync(const TPMI_RH_PROVISION& auth, 29405 const std::string& auth_name, 29406 const UINT64& new_time, 29407 AuthorizationDelegate* authorization_delegate) { 29408 VLOG(1) << __func__; 29409 std::string command; 29410 TPM_RC rc = SerializeCommand_ClockSet(auth, auth_name, new_time, &command, 29411 authorization_delegate); 29412 if (rc != TPM_RC_SUCCESS) { 29413 return rc; 29414 } 29415 std::string response = transceiver_->SendCommandAndWait(command); 29416 rc = ParseResponse_ClockSet(response, authorization_delegate); 29417 return rc; 29418 } 29419 29420 TPM_RC Tpm::SerializeCommand_ClockRateAdjust( 29421 const TPMI_RH_PROVISION& auth, 29422 const std::string& auth_name, 29423 const TPM_CLOCK_ADJUST& rate_adjust, 29424 std::string* serialized_command, 29425 AuthorizationDelegate* authorization_delegate) { 29426 VLOG(3) << __func__; 29427 TPM_RC rc = TPM_RC_SUCCESS; 29428 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29429 UINT32 command_size = 10; // Header size. 29430 std::string handle_section_bytes; 29431 std::string parameter_section_bytes; 29432 TPM_CC command_code = TPM_CC_ClockRateAdjust; 29433 bool is_command_parameter_encryption_possible = false; 29434 bool is_response_parameter_encryption_possible = false; 29435 std::string command_code_bytes; 29436 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29437 if (rc != TPM_RC_SUCCESS) { 29438 return rc; 29439 } 29440 std::string auth_bytes; 29441 rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes); 29442 if (rc != TPM_RC_SUCCESS) { 29443 return rc; 29444 } 29445 std::string rate_adjust_bytes; 29446 rc = Serialize_TPM_CLOCK_ADJUST(rate_adjust, &rate_adjust_bytes); 29447 if (rc != TPM_RC_SUCCESS) { 29448 return rc; 29449 } 29450 std::unique_ptr<crypto::SecureHash> hash( 29451 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29452 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29453 hash->Update(auth_name.data(), auth_name.size()); 29454 handle_section_bytes += auth_bytes; 29455 command_size += auth_bytes.size(); 29456 hash->Update(rate_adjust_bytes.data(), rate_adjust_bytes.size()); 29457 parameter_section_bytes += rate_adjust_bytes; 29458 command_size += rate_adjust_bytes.size(); 29459 std::string command_hash(32, 0); 29460 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29461 std::string authorization_section_bytes; 29462 std::string authorization_size_bytes; 29463 if (authorization_delegate) { 29464 if (!authorization_delegate->GetCommandAuthorization( 29465 command_hash, is_command_parameter_encryption_possible, 29466 is_response_parameter_encryption_possible, 29467 &authorization_section_bytes)) { 29468 return TRUNKS_RC_AUTHORIZATION_FAILED; 29469 } 29470 if (!authorization_section_bytes.empty()) { 29471 tag = TPM_ST_SESSIONS; 29472 std::string tmp; 29473 rc = Serialize_UINT32(authorization_section_bytes.size(), 29474 &authorization_size_bytes); 29475 if (rc != TPM_RC_SUCCESS) { 29476 return rc; 29477 } 29478 command_size += 29479 authorization_size_bytes.size() + authorization_section_bytes.size(); 29480 } 29481 } 29482 std::string tag_bytes; 29483 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 29484 if (rc != TPM_RC_SUCCESS) { 29485 return rc; 29486 } 29487 std::string command_size_bytes; 29488 rc = Serialize_UINT32(command_size, &command_size_bytes); 29489 if (rc != TPM_RC_SUCCESS) { 29490 return rc; 29491 } 29492 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 29493 handle_section_bytes + authorization_size_bytes + 29494 authorization_section_bytes + parameter_section_bytes; 29495 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29496 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29497 serialized_command->size()); 29498 return TPM_RC_SUCCESS; 29499 } 29500 29501 TPM_RC Tpm::ParseResponse_ClockRateAdjust( 29502 const std::string& response, 29503 AuthorizationDelegate* authorization_delegate) { 29504 VLOG(3) << __func__; 29505 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29506 TPM_RC rc = TPM_RC_SUCCESS; 29507 std::string buffer(response); 29508 TPM_ST tag; 29509 std::string tag_bytes; 29510 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 29511 if (rc != TPM_RC_SUCCESS) { 29512 return rc; 29513 } 29514 UINT32 response_size; 29515 std::string response_size_bytes; 29516 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 29517 if (rc != TPM_RC_SUCCESS) { 29518 return rc; 29519 } 29520 TPM_RC response_code; 29521 std::string response_code_bytes; 29522 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 29523 if (rc != TPM_RC_SUCCESS) { 29524 return rc; 29525 } 29526 if (response_size != response.size()) { 29527 return TPM_RC_SIZE; 29528 } 29529 if (response_code != TPM_RC_SUCCESS) { 29530 return response_code; 29531 } 29532 TPM_CC command_code = TPM_CC_ClockRateAdjust; 29533 std::string command_code_bytes; 29534 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29535 if (rc != TPM_RC_SUCCESS) { 29536 return rc; 29537 } 29538 std::string authorization_section_bytes; 29539 if (tag == TPM_ST_SESSIONS) { 29540 UINT32 parameter_section_size = buffer.size(); 29541 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29542 if (rc != TPM_RC_SUCCESS) { 29543 return rc; 29544 } 29545 if (parameter_section_size > buffer.size()) { 29546 return TPM_RC_INSUFFICIENT; 29547 } 29548 authorization_section_bytes = buffer.substr(parameter_section_size); 29549 // Keep the parameter section in |buffer|. 29550 buffer.erase(parameter_section_size); 29551 } 29552 std::unique_ptr<crypto::SecureHash> hash( 29553 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29554 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 29555 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29556 hash->Update(buffer.data(), buffer.size()); 29557 std::string response_hash(32, 0); 29558 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29559 if (tag == TPM_ST_SESSIONS) { 29560 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29561 if (!authorization_delegate->CheckResponseAuthorization( 29562 response_hash, authorization_section_bytes)) { 29563 return TRUNKS_RC_AUTHORIZATION_FAILED; 29564 } 29565 } 29566 return TPM_RC_SUCCESS; 29567 } 29568 29569 void ClockRateAdjustErrorCallback(const Tpm::ClockRateAdjustResponse& callback, 29570 TPM_RC response_code) { 29571 VLOG(1) << __func__; 29572 callback.Run(response_code); 29573 } 29574 29575 void ClockRateAdjustResponseParser( 29576 const Tpm::ClockRateAdjustResponse& callback, 29577 AuthorizationDelegate* authorization_delegate, 29578 const std::string& response) { 29579 VLOG(1) << __func__; 29580 base::Callback<void(TPM_RC)> error_reporter = 29581 base::Bind(ClockRateAdjustErrorCallback, callback); 29582 TPM_RC rc = 29583 Tpm::ParseResponse_ClockRateAdjust(response, authorization_delegate); 29584 if (rc != TPM_RC_SUCCESS) { 29585 error_reporter.Run(rc); 29586 return; 29587 } 29588 callback.Run(rc); 29589 } 29590 29591 void Tpm::ClockRateAdjust(const TPMI_RH_PROVISION& auth, 29592 const std::string& auth_name, 29593 const TPM_CLOCK_ADJUST& rate_adjust, 29594 AuthorizationDelegate* authorization_delegate, 29595 const ClockRateAdjustResponse& callback) { 29596 VLOG(1) << __func__; 29597 base::Callback<void(TPM_RC)> error_reporter = 29598 base::Bind(ClockRateAdjustErrorCallback, callback); 29599 base::Callback<void(const std::string&)> parser = base::Bind( 29600 ClockRateAdjustResponseParser, callback, authorization_delegate); 29601 std::string command; 29602 TPM_RC rc = SerializeCommand_ClockRateAdjust( 29603 auth, auth_name, rate_adjust, &command, authorization_delegate); 29604 if (rc != TPM_RC_SUCCESS) { 29605 error_reporter.Run(rc); 29606 return; 29607 } 29608 transceiver_->SendCommand(command, parser); 29609 } 29610 29611 TPM_RC Tpm::ClockRateAdjustSync(const TPMI_RH_PROVISION& auth, 29612 const std::string& auth_name, 29613 const TPM_CLOCK_ADJUST& rate_adjust, 29614 AuthorizationDelegate* authorization_delegate) { 29615 VLOG(1) << __func__; 29616 std::string command; 29617 TPM_RC rc = SerializeCommand_ClockRateAdjust( 29618 auth, auth_name, rate_adjust, &command, authorization_delegate); 29619 if (rc != TPM_RC_SUCCESS) { 29620 return rc; 29621 } 29622 std::string response = transceiver_->SendCommandAndWait(command); 29623 rc = ParseResponse_ClockRateAdjust(response, authorization_delegate); 29624 return rc; 29625 } 29626 29627 TPM_RC Tpm::SerializeCommand_GetCapability( 29628 const TPM_CAP& capability, 29629 const UINT32& property, 29630 const UINT32& property_count, 29631 std::string* serialized_command, 29632 AuthorizationDelegate* authorization_delegate) { 29633 VLOG(3) << __func__; 29634 TPM_RC rc = TPM_RC_SUCCESS; 29635 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29636 UINT32 command_size = 10; // Header size. 29637 std::string handle_section_bytes; 29638 std::string parameter_section_bytes; 29639 TPM_CC command_code = TPM_CC_GetCapability; 29640 bool is_command_parameter_encryption_possible = false; 29641 bool is_response_parameter_encryption_possible = false; 29642 std::string command_code_bytes; 29643 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29644 if (rc != TPM_RC_SUCCESS) { 29645 return rc; 29646 } 29647 std::string capability_bytes; 29648 rc = Serialize_TPM_CAP(capability, &capability_bytes); 29649 if (rc != TPM_RC_SUCCESS) { 29650 return rc; 29651 } 29652 std::string property_bytes; 29653 rc = Serialize_UINT32(property, &property_bytes); 29654 if (rc != TPM_RC_SUCCESS) { 29655 return rc; 29656 } 29657 std::string property_count_bytes; 29658 rc = Serialize_UINT32(property_count, &property_count_bytes); 29659 if (rc != TPM_RC_SUCCESS) { 29660 return rc; 29661 } 29662 std::unique_ptr<crypto::SecureHash> hash( 29663 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29664 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29665 hash->Update(capability_bytes.data(), capability_bytes.size()); 29666 parameter_section_bytes += capability_bytes; 29667 command_size += capability_bytes.size(); 29668 hash->Update(property_bytes.data(), property_bytes.size()); 29669 parameter_section_bytes += property_bytes; 29670 command_size += property_bytes.size(); 29671 hash->Update(property_count_bytes.data(), property_count_bytes.size()); 29672 parameter_section_bytes += property_count_bytes; 29673 command_size += property_count_bytes.size(); 29674 std::string command_hash(32, 0); 29675 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29676 std::string authorization_section_bytes; 29677 std::string authorization_size_bytes; 29678 if (authorization_delegate) { 29679 if (!authorization_delegate->GetCommandAuthorization( 29680 command_hash, is_command_parameter_encryption_possible, 29681 is_response_parameter_encryption_possible, 29682 &authorization_section_bytes)) { 29683 return TRUNKS_RC_AUTHORIZATION_FAILED; 29684 } 29685 if (!authorization_section_bytes.empty()) { 29686 tag = TPM_ST_SESSIONS; 29687 std::string tmp; 29688 rc = Serialize_UINT32(authorization_section_bytes.size(), 29689 &authorization_size_bytes); 29690 if (rc != TPM_RC_SUCCESS) { 29691 return rc; 29692 } 29693 command_size += 29694 authorization_size_bytes.size() + authorization_section_bytes.size(); 29695 } 29696 } 29697 std::string tag_bytes; 29698 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 29699 if (rc != TPM_RC_SUCCESS) { 29700 return rc; 29701 } 29702 std::string command_size_bytes; 29703 rc = Serialize_UINT32(command_size, &command_size_bytes); 29704 if (rc != TPM_RC_SUCCESS) { 29705 return rc; 29706 } 29707 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 29708 handle_section_bytes + authorization_size_bytes + 29709 authorization_section_bytes + parameter_section_bytes; 29710 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29711 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29712 serialized_command->size()); 29713 return TPM_RC_SUCCESS; 29714 } 29715 29716 TPM_RC Tpm::ParseResponse_GetCapability( 29717 const std::string& response, 29718 TPMI_YES_NO* more_data, 29719 TPMS_CAPABILITY_DATA* capability_data, 29720 AuthorizationDelegate* authorization_delegate) { 29721 VLOG(3) << __func__; 29722 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29723 TPM_RC rc = TPM_RC_SUCCESS; 29724 std::string buffer(response); 29725 TPM_ST tag; 29726 std::string tag_bytes; 29727 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 29728 if (rc != TPM_RC_SUCCESS) { 29729 return rc; 29730 } 29731 UINT32 response_size; 29732 std::string response_size_bytes; 29733 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 29734 if (rc != TPM_RC_SUCCESS) { 29735 return rc; 29736 } 29737 TPM_RC response_code; 29738 std::string response_code_bytes; 29739 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 29740 if (rc != TPM_RC_SUCCESS) { 29741 return rc; 29742 } 29743 if (response_size != response.size()) { 29744 return TPM_RC_SIZE; 29745 } 29746 if (response_code != TPM_RC_SUCCESS) { 29747 return response_code; 29748 } 29749 TPM_CC command_code = TPM_CC_GetCapability; 29750 std::string command_code_bytes; 29751 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29752 if (rc != TPM_RC_SUCCESS) { 29753 return rc; 29754 } 29755 std::string authorization_section_bytes; 29756 if (tag == TPM_ST_SESSIONS) { 29757 UINT32 parameter_section_size = buffer.size(); 29758 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29759 if (rc != TPM_RC_SUCCESS) { 29760 return rc; 29761 } 29762 if (parameter_section_size > buffer.size()) { 29763 return TPM_RC_INSUFFICIENT; 29764 } 29765 authorization_section_bytes = buffer.substr(parameter_section_size); 29766 // Keep the parameter section in |buffer|. 29767 buffer.erase(parameter_section_size); 29768 } 29769 std::unique_ptr<crypto::SecureHash> hash( 29770 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29771 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 29772 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29773 hash->Update(buffer.data(), buffer.size()); 29774 std::string response_hash(32, 0); 29775 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29776 if (tag == TPM_ST_SESSIONS) { 29777 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29778 if (!authorization_delegate->CheckResponseAuthorization( 29779 response_hash, authorization_section_bytes)) { 29780 return TRUNKS_RC_AUTHORIZATION_FAILED; 29781 } 29782 } 29783 std::string more_data_bytes; 29784 rc = Parse_TPMI_YES_NO(&buffer, more_data, &more_data_bytes); 29785 if (rc != TPM_RC_SUCCESS) { 29786 return rc; 29787 } 29788 std::string capability_data_bytes; 29789 rc = Parse_TPMS_CAPABILITY_DATA(&buffer, capability_data, 29790 &capability_data_bytes); 29791 if (rc != TPM_RC_SUCCESS) { 29792 return rc; 29793 } 29794 return TPM_RC_SUCCESS; 29795 } 29796 29797 void GetCapabilityErrorCallback(const Tpm::GetCapabilityResponse& callback, 29798 TPM_RC response_code) { 29799 VLOG(1) << __func__; 29800 callback.Run(response_code, TPMI_YES_NO(), TPMS_CAPABILITY_DATA()); 29801 } 29802 29803 void GetCapabilityResponseParser(const Tpm::GetCapabilityResponse& callback, 29804 AuthorizationDelegate* authorization_delegate, 29805 const std::string& response) { 29806 VLOG(1) << __func__; 29807 base::Callback<void(TPM_RC)> error_reporter = 29808 base::Bind(GetCapabilityErrorCallback, callback); 29809 TPMI_YES_NO more_data; 29810 TPMS_CAPABILITY_DATA capability_data; 29811 TPM_RC rc = Tpm::ParseResponse_GetCapability( 29812 response, &more_data, &capability_data, authorization_delegate); 29813 if (rc != TPM_RC_SUCCESS) { 29814 error_reporter.Run(rc); 29815 return; 29816 } 29817 callback.Run(rc, more_data, capability_data); 29818 } 29819 29820 void Tpm::GetCapability(const TPM_CAP& capability, 29821 const UINT32& property, 29822 const UINT32& property_count, 29823 AuthorizationDelegate* authorization_delegate, 29824 const GetCapabilityResponse& callback) { 29825 VLOG(1) << __func__; 29826 base::Callback<void(TPM_RC)> error_reporter = 29827 base::Bind(GetCapabilityErrorCallback, callback); 29828 base::Callback<void(const std::string&)> parser = 29829 base::Bind(GetCapabilityResponseParser, callback, authorization_delegate); 29830 std::string command; 29831 TPM_RC rc = SerializeCommand_GetCapability( 29832 capability, property, property_count, &command, authorization_delegate); 29833 if (rc != TPM_RC_SUCCESS) { 29834 error_reporter.Run(rc); 29835 return; 29836 } 29837 transceiver_->SendCommand(command, parser); 29838 } 29839 29840 TPM_RC Tpm::GetCapabilitySync(const TPM_CAP& capability, 29841 const UINT32& property, 29842 const UINT32& property_count, 29843 TPMI_YES_NO* more_data, 29844 TPMS_CAPABILITY_DATA* capability_data, 29845 AuthorizationDelegate* authorization_delegate) { 29846 VLOG(1) << __func__; 29847 std::string command; 29848 TPM_RC rc = SerializeCommand_GetCapability( 29849 capability, property, property_count, &command, authorization_delegate); 29850 if (rc != TPM_RC_SUCCESS) { 29851 return rc; 29852 } 29853 std::string response = transceiver_->SendCommandAndWait(command); 29854 rc = ParseResponse_GetCapability(response, more_data, capability_data, 29855 authorization_delegate); 29856 return rc; 29857 } 29858 29859 TPM_RC Tpm::SerializeCommand_TestParms( 29860 const TPMT_PUBLIC_PARMS& parameters, 29861 std::string* serialized_command, 29862 AuthorizationDelegate* authorization_delegate) { 29863 VLOG(3) << __func__; 29864 TPM_RC rc = TPM_RC_SUCCESS; 29865 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29866 UINT32 command_size = 10; // Header size. 29867 std::string handle_section_bytes; 29868 std::string parameter_section_bytes; 29869 TPM_CC command_code = TPM_CC_TestParms; 29870 bool is_command_parameter_encryption_possible = false; 29871 bool is_response_parameter_encryption_possible = false; 29872 std::string command_code_bytes; 29873 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29874 if (rc != TPM_RC_SUCCESS) { 29875 return rc; 29876 } 29877 std::string parameters_bytes; 29878 rc = Serialize_TPMT_PUBLIC_PARMS(parameters, ¶meters_bytes); 29879 if (rc != TPM_RC_SUCCESS) { 29880 return rc; 29881 } 29882 std::unique_ptr<crypto::SecureHash> hash( 29883 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29884 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29885 hash->Update(parameters_bytes.data(), parameters_bytes.size()); 29886 parameter_section_bytes += parameters_bytes; 29887 command_size += parameters_bytes.size(); 29888 std::string command_hash(32, 0); 29889 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29890 std::string authorization_section_bytes; 29891 std::string authorization_size_bytes; 29892 if (authorization_delegate) { 29893 if (!authorization_delegate->GetCommandAuthorization( 29894 command_hash, is_command_parameter_encryption_possible, 29895 is_response_parameter_encryption_possible, 29896 &authorization_section_bytes)) { 29897 return TRUNKS_RC_AUTHORIZATION_FAILED; 29898 } 29899 if (!authorization_section_bytes.empty()) { 29900 tag = TPM_ST_SESSIONS; 29901 std::string tmp; 29902 rc = Serialize_UINT32(authorization_section_bytes.size(), 29903 &authorization_size_bytes); 29904 if (rc != TPM_RC_SUCCESS) { 29905 return rc; 29906 } 29907 command_size += 29908 authorization_size_bytes.size() + authorization_section_bytes.size(); 29909 } 29910 } 29911 std::string tag_bytes; 29912 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 29913 if (rc != TPM_RC_SUCCESS) { 29914 return rc; 29915 } 29916 std::string command_size_bytes; 29917 rc = Serialize_UINT32(command_size, &command_size_bytes); 29918 if (rc != TPM_RC_SUCCESS) { 29919 return rc; 29920 } 29921 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 29922 handle_section_bytes + authorization_size_bytes + 29923 authorization_section_bytes + parameter_section_bytes; 29924 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29925 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29926 serialized_command->size()); 29927 return TPM_RC_SUCCESS; 29928 } 29929 29930 TPM_RC Tpm::ParseResponse_TestParms( 29931 const std::string& response, 29932 AuthorizationDelegate* authorization_delegate) { 29933 VLOG(3) << __func__; 29934 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29935 TPM_RC rc = TPM_RC_SUCCESS; 29936 std::string buffer(response); 29937 TPM_ST tag; 29938 std::string tag_bytes; 29939 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 29940 if (rc != TPM_RC_SUCCESS) { 29941 return rc; 29942 } 29943 UINT32 response_size; 29944 std::string response_size_bytes; 29945 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 29946 if (rc != TPM_RC_SUCCESS) { 29947 return rc; 29948 } 29949 TPM_RC response_code; 29950 std::string response_code_bytes; 29951 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 29952 if (rc != TPM_RC_SUCCESS) { 29953 return rc; 29954 } 29955 if (response_size != response.size()) { 29956 return TPM_RC_SIZE; 29957 } 29958 if (response_code != TPM_RC_SUCCESS) { 29959 return response_code; 29960 } 29961 TPM_CC command_code = TPM_CC_TestParms; 29962 std::string command_code_bytes; 29963 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 29964 if (rc != TPM_RC_SUCCESS) { 29965 return rc; 29966 } 29967 std::string authorization_section_bytes; 29968 if (tag == TPM_ST_SESSIONS) { 29969 UINT32 parameter_section_size = buffer.size(); 29970 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29971 if (rc != TPM_RC_SUCCESS) { 29972 return rc; 29973 } 29974 if (parameter_section_size > buffer.size()) { 29975 return TPM_RC_INSUFFICIENT; 29976 } 29977 authorization_section_bytes = buffer.substr(parameter_section_size); 29978 // Keep the parameter section in |buffer|. 29979 buffer.erase(parameter_section_size); 29980 } 29981 std::unique_ptr<crypto::SecureHash> hash( 29982 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 29983 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 29984 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 29985 hash->Update(buffer.data(), buffer.size()); 29986 std::string response_hash(32, 0); 29987 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29988 if (tag == TPM_ST_SESSIONS) { 29989 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29990 if (!authorization_delegate->CheckResponseAuthorization( 29991 response_hash, authorization_section_bytes)) { 29992 return TRUNKS_RC_AUTHORIZATION_FAILED; 29993 } 29994 } 29995 return TPM_RC_SUCCESS; 29996 } 29997 29998 void TestParmsErrorCallback(const Tpm::TestParmsResponse& callback, 29999 TPM_RC response_code) { 30000 VLOG(1) << __func__; 30001 callback.Run(response_code); 30002 } 30003 30004 void TestParmsResponseParser(const Tpm::TestParmsResponse& callback, 30005 AuthorizationDelegate* authorization_delegate, 30006 const std::string& response) { 30007 VLOG(1) << __func__; 30008 base::Callback<void(TPM_RC)> error_reporter = 30009 base::Bind(TestParmsErrorCallback, callback); 30010 TPM_RC rc = Tpm::ParseResponse_TestParms(response, authorization_delegate); 30011 if (rc != TPM_RC_SUCCESS) { 30012 error_reporter.Run(rc); 30013 return; 30014 } 30015 callback.Run(rc); 30016 } 30017 30018 void Tpm::TestParms(const TPMT_PUBLIC_PARMS& parameters, 30019 AuthorizationDelegate* authorization_delegate, 30020 const TestParmsResponse& callback) { 30021 VLOG(1) << __func__; 30022 base::Callback<void(TPM_RC)> error_reporter = 30023 base::Bind(TestParmsErrorCallback, callback); 30024 base::Callback<void(const std::string&)> parser = 30025 base::Bind(TestParmsResponseParser, callback, authorization_delegate); 30026 std::string command; 30027 TPM_RC rc = 30028 SerializeCommand_TestParms(parameters, &command, authorization_delegate); 30029 if (rc != TPM_RC_SUCCESS) { 30030 error_reporter.Run(rc); 30031 return; 30032 } 30033 transceiver_->SendCommand(command, parser); 30034 } 30035 30036 TPM_RC Tpm::TestParmsSync(const TPMT_PUBLIC_PARMS& parameters, 30037 AuthorizationDelegate* authorization_delegate) { 30038 VLOG(1) << __func__; 30039 std::string command; 30040 TPM_RC rc = 30041 SerializeCommand_TestParms(parameters, &command, authorization_delegate); 30042 if (rc != TPM_RC_SUCCESS) { 30043 return rc; 30044 } 30045 std::string response = transceiver_->SendCommandAndWait(command); 30046 rc = ParseResponse_TestParms(response, authorization_delegate); 30047 return rc; 30048 } 30049 30050 TPM_RC Tpm::SerializeCommand_NV_DefineSpace( 30051 const TPMI_RH_PROVISION& auth_handle, 30052 const std::string& auth_handle_name, 30053 const TPM2B_AUTH& auth, 30054 const TPM2B_NV_PUBLIC& public_info, 30055 std::string* serialized_command, 30056 AuthorizationDelegate* authorization_delegate) { 30057 VLOG(3) << __func__; 30058 TPM_RC rc = TPM_RC_SUCCESS; 30059 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30060 UINT32 command_size = 10; // Header size. 30061 std::string handle_section_bytes; 30062 std::string parameter_section_bytes; 30063 TPM_CC command_code = TPM_CC_NV_DefineSpace; 30064 bool is_command_parameter_encryption_possible = true; 30065 bool is_response_parameter_encryption_possible = false; 30066 std::string command_code_bytes; 30067 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30068 if (rc != TPM_RC_SUCCESS) { 30069 return rc; 30070 } 30071 std::string auth_handle_bytes; 30072 rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes); 30073 if (rc != TPM_RC_SUCCESS) { 30074 return rc; 30075 } 30076 std::string auth_bytes; 30077 rc = Serialize_TPM2B_AUTH(auth, &auth_bytes); 30078 if (rc != TPM_RC_SUCCESS) { 30079 return rc; 30080 } 30081 std::string public_info_bytes; 30082 rc = Serialize_TPM2B_NV_PUBLIC(public_info, &public_info_bytes); 30083 if (rc != TPM_RC_SUCCESS) { 30084 return rc; 30085 } 30086 if (authorization_delegate) { 30087 // Encrypt just the parameter data, not the size. 30088 std::string tmp = auth_bytes.substr(2); 30089 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 30090 return TRUNKS_RC_ENCRYPTION_FAILED; 30091 } 30092 auth_bytes.replace(2, std::string::npos, tmp); 30093 } 30094 std::unique_ptr<crypto::SecureHash> hash( 30095 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30096 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30097 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 30098 handle_section_bytes += auth_handle_bytes; 30099 command_size += auth_handle_bytes.size(); 30100 hash->Update(auth_bytes.data(), auth_bytes.size()); 30101 parameter_section_bytes += auth_bytes; 30102 command_size += auth_bytes.size(); 30103 hash->Update(public_info_bytes.data(), public_info_bytes.size()); 30104 parameter_section_bytes += public_info_bytes; 30105 command_size += public_info_bytes.size(); 30106 std::string command_hash(32, 0); 30107 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30108 std::string authorization_section_bytes; 30109 std::string authorization_size_bytes; 30110 if (authorization_delegate) { 30111 if (!authorization_delegate->GetCommandAuthorization( 30112 command_hash, is_command_parameter_encryption_possible, 30113 is_response_parameter_encryption_possible, 30114 &authorization_section_bytes)) { 30115 return TRUNKS_RC_AUTHORIZATION_FAILED; 30116 } 30117 if (!authorization_section_bytes.empty()) { 30118 tag = TPM_ST_SESSIONS; 30119 std::string tmp; 30120 rc = Serialize_UINT32(authorization_section_bytes.size(), 30121 &authorization_size_bytes); 30122 if (rc != TPM_RC_SUCCESS) { 30123 return rc; 30124 } 30125 command_size += 30126 authorization_size_bytes.size() + authorization_section_bytes.size(); 30127 } 30128 } 30129 std::string tag_bytes; 30130 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 30131 if (rc != TPM_RC_SUCCESS) { 30132 return rc; 30133 } 30134 std::string command_size_bytes; 30135 rc = Serialize_UINT32(command_size, &command_size_bytes); 30136 if (rc != TPM_RC_SUCCESS) { 30137 return rc; 30138 } 30139 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 30140 handle_section_bytes + authorization_size_bytes + 30141 authorization_section_bytes + parameter_section_bytes; 30142 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30143 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30144 serialized_command->size()); 30145 return TPM_RC_SUCCESS; 30146 } 30147 30148 TPM_RC Tpm::ParseResponse_NV_DefineSpace( 30149 const std::string& response, 30150 AuthorizationDelegate* authorization_delegate) { 30151 VLOG(3) << __func__; 30152 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30153 TPM_RC rc = TPM_RC_SUCCESS; 30154 std::string buffer(response); 30155 TPM_ST tag; 30156 std::string tag_bytes; 30157 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 30158 if (rc != TPM_RC_SUCCESS) { 30159 return rc; 30160 } 30161 UINT32 response_size; 30162 std::string response_size_bytes; 30163 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 30164 if (rc != TPM_RC_SUCCESS) { 30165 return rc; 30166 } 30167 TPM_RC response_code; 30168 std::string response_code_bytes; 30169 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 30170 if (rc != TPM_RC_SUCCESS) { 30171 return rc; 30172 } 30173 if (response_size != response.size()) { 30174 return TPM_RC_SIZE; 30175 } 30176 if (response_code != TPM_RC_SUCCESS) { 30177 return response_code; 30178 } 30179 TPM_CC command_code = TPM_CC_NV_DefineSpace; 30180 std::string command_code_bytes; 30181 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30182 if (rc != TPM_RC_SUCCESS) { 30183 return rc; 30184 } 30185 std::string authorization_section_bytes; 30186 if (tag == TPM_ST_SESSIONS) { 30187 UINT32 parameter_section_size = buffer.size(); 30188 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30189 if (rc != TPM_RC_SUCCESS) { 30190 return rc; 30191 } 30192 if (parameter_section_size > buffer.size()) { 30193 return TPM_RC_INSUFFICIENT; 30194 } 30195 authorization_section_bytes = buffer.substr(parameter_section_size); 30196 // Keep the parameter section in |buffer|. 30197 buffer.erase(parameter_section_size); 30198 } 30199 std::unique_ptr<crypto::SecureHash> hash( 30200 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30201 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 30202 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30203 hash->Update(buffer.data(), buffer.size()); 30204 std::string response_hash(32, 0); 30205 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30206 if (tag == TPM_ST_SESSIONS) { 30207 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30208 if (!authorization_delegate->CheckResponseAuthorization( 30209 response_hash, authorization_section_bytes)) { 30210 return TRUNKS_RC_AUTHORIZATION_FAILED; 30211 } 30212 } 30213 return TPM_RC_SUCCESS; 30214 } 30215 30216 void NV_DefineSpaceErrorCallback(const Tpm::NV_DefineSpaceResponse& callback, 30217 TPM_RC response_code) { 30218 VLOG(1) << __func__; 30219 callback.Run(response_code); 30220 } 30221 30222 void NV_DefineSpaceResponseParser(const Tpm::NV_DefineSpaceResponse& callback, 30223 AuthorizationDelegate* authorization_delegate, 30224 const std::string& response) { 30225 VLOG(1) << __func__; 30226 base::Callback<void(TPM_RC)> error_reporter = 30227 base::Bind(NV_DefineSpaceErrorCallback, callback); 30228 TPM_RC rc = 30229 Tpm::ParseResponse_NV_DefineSpace(response, authorization_delegate); 30230 if (rc != TPM_RC_SUCCESS) { 30231 error_reporter.Run(rc); 30232 return; 30233 } 30234 callback.Run(rc); 30235 } 30236 30237 void Tpm::NV_DefineSpace(const TPMI_RH_PROVISION& auth_handle, 30238 const std::string& auth_handle_name, 30239 const TPM2B_AUTH& auth, 30240 const TPM2B_NV_PUBLIC& public_info, 30241 AuthorizationDelegate* authorization_delegate, 30242 const NV_DefineSpaceResponse& callback) { 30243 VLOG(1) << __func__; 30244 base::Callback<void(TPM_RC)> error_reporter = 30245 base::Bind(NV_DefineSpaceErrorCallback, callback); 30246 base::Callback<void(const std::string&)> parser = base::Bind( 30247 NV_DefineSpaceResponseParser, callback, authorization_delegate); 30248 std::string command; 30249 TPM_RC rc = SerializeCommand_NV_DefineSpace(auth_handle, auth_handle_name, 30250 auth, public_info, &command, 30251 authorization_delegate); 30252 if (rc != TPM_RC_SUCCESS) { 30253 error_reporter.Run(rc); 30254 return; 30255 } 30256 transceiver_->SendCommand(command, parser); 30257 } 30258 30259 TPM_RC Tpm::NV_DefineSpaceSync(const TPMI_RH_PROVISION& auth_handle, 30260 const std::string& auth_handle_name, 30261 const TPM2B_AUTH& auth, 30262 const TPM2B_NV_PUBLIC& public_info, 30263 AuthorizationDelegate* authorization_delegate) { 30264 VLOG(1) << __func__; 30265 std::string command; 30266 TPM_RC rc = SerializeCommand_NV_DefineSpace(auth_handle, auth_handle_name, 30267 auth, public_info, &command, 30268 authorization_delegate); 30269 if (rc != TPM_RC_SUCCESS) { 30270 return rc; 30271 } 30272 std::string response = transceiver_->SendCommandAndWait(command); 30273 rc = ParseResponse_NV_DefineSpace(response, authorization_delegate); 30274 return rc; 30275 } 30276 30277 TPM_RC Tpm::SerializeCommand_NV_UndefineSpace( 30278 const TPMI_RH_PROVISION& auth_handle, 30279 const std::string& auth_handle_name, 30280 const TPMI_RH_NV_INDEX& nv_index, 30281 const std::string& nv_index_name, 30282 std::string* serialized_command, 30283 AuthorizationDelegate* authorization_delegate) { 30284 VLOG(3) << __func__; 30285 TPM_RC rc = TPM_RC_SUCCESS; 30286 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30287 UINT32 command_size = 10; // Header size. 30288 std::string handle_section_bytes; 30289 std::string parameter_section_bytes; 30290 TPM_CC command_code = TPM_CC_NV_UndefineSpace; 30291 bool is_command_parameter_encryption_possible = false; 30292 bool is_response_parameter_encryption_possible = false; 30293 std::string command_code_bytes; 30294 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30295 if (rc != TPM_RC_SUCCESS) { 30296 return rc; 30297 } 30298 std::string auth_handle_bytes; 30299 rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes); 30300 if (rc != TPM_RC_SUCCESS) { 30301 return rc; 30302 } 30303 std::string nv_index_bytes; 30304 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 30305 if (rc != TPM_RC_SUCCESS) { 30306 return rc; 30307 } 30308 std::unique_ptr<crypto::SecureHash> hash( 30309 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30310 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30311 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 30312 handle_section_bytes += auth_handle_bytes; 30313 command_size += auth_handle_bytes.size(); 30314 hash->Update(nv_index_name.data(), nv_index_name.size()); 30315 handle_section_bytes += nv_index_bytes; 30316 command_size += nv_index_bytes.size(); 30317 std::string command_hash(32, 0); 30318 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30319 std::string authorization_section_bytes; 30320 std::string authorization_size_bytes; 30321 if (authorization_delegate) { 30322 if (!authorization_delegate->GetCommandAuthorization( 30323 command_hash, is_command_parameter_encryption_possible, 30324 is_response_parameter_encryption_possible, 30325 &authorization_section_bytes)) { 30326 return TRUNKS_RC_AUTHORIZATION_FAILED; 30327 } 30328 if (!authorization_section_bytes.empty()) { 30329 tag = TPM_ST_SESSIONS; 30330 std::string tmp; 30331 rc = Serialize_UINT32(authorization_section_bytes.size(), 30332 &authorization_size_bytes); 30333 if (rc != TPM_RC_SUCCESS) { 30334 return rc; 30335 } 30336 command_size += 30337 authorization_size_bytes.size() + authorization_section_bytes.size(); 30338 } 30339 } 30340 std::string tag_bytes; 30341 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 30342 if (rc != TPM_RC_SUCCESS) { 30343 return rc; 30344 } 30345 std::string command_size_bytes; 30346 rc = Serialize_UINT32(command_size, &command_size_bytes); 30347 if (rc != TPM_RC_SUCCESS) { 30348 return rc; 30349 } 30350 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 30351 handle_section_bytes + authorization_size_bytes + 30352 authorization_section_bytes + parameter_section_bytes; 30353 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30354 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30355 serialized_command->size()); 30356 return TPM_RC_SUCCESS; 30357 } 30358 30359 TPM_RC Tpm::ParseResponse_NV_UndefineSpace( 30360 const std::string& response, 30361 AuthorizationDelegate* authorization_delegate) { 30362 VLOG(3) << __func__; 30363 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30364 TPM_RC rc = TPM_RC_SUCCESS; 30365 std::string buffer(response); 30366 TPM_ST tag; 30367 std::string tag_bytes; 30368 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 30369 if (rc != TPM_RC_SUCCESS) { 30370 return rc; 30371 } 30372 UINT32 response_size; 30373 std::string response_size_bytes; 30374 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 30375 if (rc != TPM_RC_SUCCESS) { 30376 return rc; 30377 } 30378 TPM_RC response_code; 30379 std::string response_code_bytes; 30380 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 30381 if (rc != TPM_RC_SUCCESS) { 30382 return rc; 30383 } 30384 if (response_size != response.size()) { 30385 return TPM_RC_SIZE; 30386 } 30387 if (response_code != TPM_RC_SUCCESS) { 30388 return response_code; 30389 } 30390 TPM_CC command_code = TPM_CC_NV_UndefineSpace; 30391 std::string command_code_bytes; 30392 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30393 if (rc != TPM_RC_SUCCESS) { 30394 return rc; 30395 } 30396 std::string authorization_section_bytes; 30397 if (tag == TPM_ST_SESSIONS) { 30398 UINT32 parameter_section_size = buffer.size(); 30399 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30400 if (rc != TPM_RC_SUCCESS) { 30401 return rc; 30402 } 30403 if (parameter_section_size > buffer.size()) { 30404 return TPM_RC_INSUFFICIENT; 30405 } 30406 authorization_section_bytes = buffer.substr(parameter_section_size); 30407 // Keep the parameter section in |buffer|. 30408 buffer.erase(parameter_section_size); 30409 } 30410 std::unique_ptr<crypto::SecureHash> hash( 30411 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30412 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 30413 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30414 hash->Update(buffer.data(), buffer.size()); 30415 std::string response_hash(32, 0); 30416 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30417 if (tag == TPM_ST_SESSIONS) { 30418 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30419 if (!authorization_delegate->CheckResponseAuthorization( 30420 response_hash, authorization_section_bytes)) { 30421 return TRUNKS_RC_AUTHORIZATION_FAILED; 30422 } 30423 } 30424 return TPM_RC_SUCCESS; 30425 } 30426 30427 void NV_UndefineSpaceErrorCallback( 30428 const Tpm::NV_UndefineSpaceResponse& callback, 30429 TPM_RC response_code) { 30430 VLOG(1) << __func__; 30431 callback.Run(response_code); 30432 } 30433 30434 void NV_UndefineSpaceResponseParser( 30435 const Tpm::NV_UndefineSpaceResponse& callback, 30436 AuthorizationDelegate* authorization_delegate, 30437 const std::string& response) { 30438 VLOG(1) << __func__; 30439 base::Callback<void(TPM_RC)> error_reporter = 30440 base::Bind(NV_UndefineSpaceErrorCallback, callback); 30441 TPM_RC rc = 30442 Tpm::ParseResponse_NV_UndefineSpace(response, authorization_delegate); 30443 if (rc != TPM_RC_SUCCESS) { 30444 error_reporter.Run(rc); 30445 return; 30446 } 30447 callback.Run(rc); 30448 } 30449 30450 void Tpm::NV_UndefineSpace(const TPMI_RH_PROVISION& auth_handle, 30451 const std::string& auth_handle_name, 30452 const TPMI_RH_NV_INDEX& nv_index, 30453 const std::string& nv_index_name, 30454 AuthorizationDelegate* authorization_delegate, 30455 const NV_UndefineSpaceResponse& callback) { 30456 VLOG(1) << __func__; 30457 base::Callback<void(TPM_RC)> error_reporter = 30458 base::Bind(NV_UndefineSpaceErrorCallback, callback); 30459 base::Callback<void(const std::string&)> parser = base::Bind( 30460 NV_UndefineSpaceResponseParser, callback, authorization_delegate); 30461 std::string command; 30462 TPM_RC rc = SerializeCommand_NV_UndefineSpace( 30463 auth_handle, auth_handle_name, nv_index, nv_index_name, &command, 30464 authorization_delegate); 30465 if (rc != TPM_RC_SUCCESS) { 30466 error_reporter.Run(rc); 30467 return; 30468 } 30469 transceiver_->SendCommand(command, parser); 30470 } 30471 30472 TPM_RC Tpm::NV_UndefineSpaceSync( 30473 const TPMI_RH_PROVISION& auth_handle, 30474 const std::string& auth_handle_name, 30475 const TPMI_RH_NV_INDEX& nv_index, 30476 const std::string& nv_index_name, 30477 AuthorizationDelegate* authorization_delegate) { 30478 VLOG(1) << __func__; 30479 std::string command; 30480 TPM_RC rc = SerializeCommand_NV_UndefineSpace( 30481 auth_handle, auth_handle_name, nv_index, nv_index_name, &command, 30482 authorization_delegate); 30483 if (rc != TPM_RC_SUCCESS) { 30484 return rc; 30485 } 30486 std::string response = transceiver_->SendCommandAndWait(command); 30487 rc = ParseResponse_NV_UndefineSpace(response, authorization_delegate); 30488 return rc; 30489 } 30490 30491 TPM_RC Tpm::SerializeCommand_NV_UndefineSpaceSpecial( 30492 const TPMI_RH_NV_INDEX& nv_index, 30493 const std::string& nv_index_name, 30494 const TPMI_RH_PLATFORM& platform, 30495 const std::string& platform_name, 30496 std::string* serialized_command, 30497 AuthorizationDelegate* authorization_delegate) { 30498 VLOG(3) << __func__; 30499 TPM_RC rc = TPM_RC_SUCCESS; 30500 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30501 UINT32 command_size = 10; // Header size. 30502 std::string handle_section_bytes; 30503 std::string parameter_section_bytes; 30504 TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial; 30505 bool is_command_parameter_encryption_possible = false; 30506 bool is_response_parameter_encryption_possible = false; 30507 std::string command_code_bytes; 30508 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30509 if (rc != TPM_RC_SUCCESS) { 30510 return rc; 30511 } 30512 std::string nv_index_bytes; 30513 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 30514 if (rc != TPM_RC_SUCCESS) { 30515 return rc; 30516 } 30517 std::string platform_bytes; 30518 rc = Serialize_TPMI_RH_PLATFORM(platform, &platform_bytes); 30519 if (rc != TPM_RC_SUCCESS) { 30520 return rc; 30521 } 30522 std::unique_ptr<crypto::SecureHash> hash( 30523 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30524 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30525 hash->Update(nv_index_name.data(), nv_index_name.size()); 30526 handle_section_bytes += nv_index_bytes; 30527 command_size += nv_index_bytes.size(); 30528 hash->Update(platform_name.data(), platform_name.size()); 30529 handle_section_bytes += platform_bytes; 30530 command_size += platform_bytes.size(); 30531 std::string command_hash(32, 0); 30532 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30533 std::string authorization_section_bytes; 30534 std::string authorization_size_bytes; 30535 if (authorization_delegate) { 30536 if (!authorization_delegate->GetCommandAuthorization( 30537 command_hash, is_command_parameter_encryption_possible, 30538 is_response_parameter_encryption_possible, 30539 &authorization_section_bytes)) { 30540 return TRUNKS_RC_AUTHORIZATION_FAILED; 30541 } 30542 if (!authorization_section_bytes.empty()) { 30543 tag = TPM_ST_SESSIONS; 30544 std::string tmp; 30545 rc = Serialize_UINT32(authorization_section_bytes.size(), 30546 &authorization_size_bytes); 30547 if (rc != TPM_RC_SUCCESS) { 30548 return rc; 30549 } 30550 command_size += 30551 authorization_size_bytes.size() + authorization_section_bytes.size(); 30552 } 30553 } 30554 std::string tag_bytes; 30555 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 30556 if (rc != TPM_RC_SUCCESS) { 30557 return rc; 30558 } 30559 std::string command_size_bytes; 30560 rc = Serialize_UINT32(command_size, &command_size_bytes); 30561 if (rc != TPM_RC_SUCCESS) { 30562 return rc; 30563 } 30564 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 30565 handle_section_bytes + authorization_size_bytes + 30566 authorization_section_bytes + parameter_section_bytes; 30567 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30568 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30569 serialized_command->size()); 30570 return TPM_RC_SUCCESS; 30571 } 30572 30573 TPM_RC Tpm::ParseResponse_NV_UndefineSpaceSpecial( 30574 const std::string& response, 30575 AuthorizationDelegate* authorization_delegate) { 30576 VLOG(3) << __func__; 30577 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30578 TPM_RC rc = TPM_RC_SUCCESS; 30579 std::string buffer(response); 30580 TPM_ST tag; 30581 std::string tag_bytes; 30582 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 30583 if (rc != TPM_RC_SUCCESS) { 30584 return rc; 30585 } 30586 UINT32 response_size; 30587 std::string response_size_bytes; 30588 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 30589 if (rc != TPM_RC_SUCCESS) { 30590 return rc; 30591 } 30592 TPM_RC response_code; 30593 std::string response_code_bytes; 30594 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 30595 if (rc != TPM_RC_SUCCESS) { 30596 return rc; 30597 } 30598 if (response_size != response.size()) { 30599 return TPM_RC_SIZE; 30600 } 30601 if (response_code != TPM_RC_SUCCESS) { 30602 return response_code; 30603 } 30604 TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial; 30605 std::string command_code_bytes; 30606 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30607 if (rc != TPM_RC_SUCCESS) { 30608 return rc; 30609 } 30610 std::string authorization_section_bytes; 30611 if (tag == TPM_ST_SESSIONS) { 30612 UINT32 parameter_section_size = buffer.size(); 30613 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30614 if (rc != TPM_RC_SUCCESS) { 30615 return rc; 30616 } 30617 if (parameter_section_size > buffer.size()) { 30618 return TPM_RC_INSUFFICIENT; 30619 } 30620 authorization_section_bytes = buffer.substr(parameter_section_size); 30621 // Keep the parameter section in |buffer|. 30622 buffer.erase(parameter_section_size); 30623 } 30624 std::unique_ptr<crypto::SecureHash> hash( 30625 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30626 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 30627 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30628 hash->Update(buffer.data(), buffer.size()); 30629 std::string response_hash(32, 0); 30630 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30631 if (tag == TPM_ST_SESSIONS) { 30632 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30633 if (!authorization_delegate->CheckResponseAuthorization( 30634 response_hash, authorization_section_bytes)) { 30635 return TRUNKS_RC_AUTHORIZATION_FAILED; 30636 } 30637 } 30638 return TPM_RC_SUCCESS; 30639 } 30640 30641 void NV_UndefineSpaceSpecialErrorCallback( 30642 const Tpm::NV_UndefineSpaceSpecialResponse& callback, 30643 TPM_RC response_code) { 30644 VLOG(1) << __func__; 30645 callback.Run(response_code); 30646 } 30647 30648 void NV_UndefineSpaceSpecialResponseParser( 30649 const Tpm::NV_UndefineSpaceSpecialResponse& callback, 30650 AuthorizationDelegate* authorization_delegate, 30651 const std::string& response) { 30652 VLOG(1) << __func__; 30653 base::Callback<void(TPM_RC)> error_reporter = 30654 base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback); 30655 TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpaceSpecial( 30656 response, authorization_delegate); 30657 if (rc != TPM_RC_SUCCESS) { 30658 error_reporter.Run(rc); 30659 return; 30660 } 30661 callback.Run(rc); 30662 } 30663 30664 void Tpm::NV_UndefineSpaceSpecial( 30665 const TPMI_RH_NV_INDEX& nv_index, 30666 const std::string& nv_index_name, 30667 const TPMI_RH_PLATFORM& platform, 30668 const std::string& platform_name, 30669 AuthorizationDelegate* authorization_delegate, 30670 const NV_UndefineSpaceSpecialResponse& callback) { 30671 VLOG(1) << __func__; 30672 base::Callback<void(TPM_RC)> error_reporter = 30673 base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback); 30674 base::Callback<void(const std::string&)> parser = base::Bind( 30675 NV_UndefineSpaceSpecialResponseParser, callback, authorization_delegate); 30676 std::string command; 30677 TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial( 30678 nv_index, nv_index_name, platform, platform_name, &command, 30679 authorization_delegate); 30680 if (rc != TPM_RC_SUCCESS) { 30681 error_reporter.Run(rc); 30682 return; 30683 } 30684 transceiver_->SendCommand(command, parser); 30685 } 30686 30687 TPM_RC Tpm::NV_UndefineSpaceSpecialSync( 30688 const TPMI_RH_NV_INDEX& nv_index, 30689 const std::string& nv_index_name, 30690 const TPMI_RH_PLATFORM& platform, 30691 const std::string& platform_name, 30692 AuthorizationDelegate* authorization_delegate) { 30693 VLOG(1) << __func__; 30694 std::string command; 30695 TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial( 30696 nv_index, nv_index_name, platform, platform_name, &command, 30697 authorization_delegate); 30698 if (rc != TPM_RC_SUCCESS) { 30699 return rc; 30700 } 30701 std::string response = transceiver_->SendCommandAndWait(command); 30702 rc = ParseResponse_NV_UndefineSpaceSpecial(response, authorization_delegate); 30703 return rc; 30704 } 30705 30706 TPM_RC Tpm::SerializeCommand_NV_ReadPublic( 30707 const TPMI_RH_NV_INDEX& nv_index, 30708 const std::string& nv_index_name, 30709 std::string* serialized_command, 30710 AuthorizationDelegate* authorization_delegate) { 30711 VLOG(3) << __func__; 30712 TPM_RC rc = TPM_RC_SUCCESS; 30713 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30714 UINT32 command_size = 10; // Header size. 30715 std::string handle_section_bytes; 30716 std::string parameter_section_bytes; 30717 TPM_CC command_code = TPM_CC_NV_ReadPublic; 30718 bool is_command_parameter_encryption_possible = false; 30719 bool is_response_parameter_encryption_possible = true; 30720 std::string command_code_bytes; 30721 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30722 if (rc != TPM_RC_SUCCESS) { 30723 return rc; 30724 } 30725 std::string nv_index_bytes; 30726 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 30727 if (rc != TPM_RC_SUCCESS) { 30728 return rc; 30729 } 30730 std::unique_ptr<crypto::SecureHash> hash( 30731 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30732 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30733 hash->Update(nv_index_name.data(), nv_index_name.size()); 30734 handle_section_bytes += nv_index_bytes; 30735 command_size += nv_index_bytes.size(); 30736 std::string command_hash(32, 0); 30737 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30738 std::string authorization_section_bytes; 30739 std::string authorization_size_bytes; 30740 if (authorization_delegate) { 30741 if (!authorization_delegate->GetCommandAuthorization( 30742 command_hash, is_command_parameter_encryption_possible, 30743 is_response_parameter_encryption_possible, 30744 &authorization_section_bytes)) { 30745 return TRUNKS_RC_AUTHORIZATION_FAILED; 30746 } 30747 if (!authorization_section_bytes.empty()) { 30748 tag = TPM_ST_SESSIONS; 30749 std::string tmp; 30750 rc = Serialize_UINT32(authorization_section_bytes.size(), 30751 &authorization_size_bytes); 30752 if (rc != TPM_RC_SUCCESS) { 30753 return rc; 30754 } 30755 command_size += 30756 authorization_size_bytes.size() + authorization_section_bytes.size(); 30757 } 30758 } 30759 std::string tag_bytes; 30760 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 30761 if (rc != TPM_RC_SUCCESS) { 30762 return rc; 30763 } 30764 std::string command_size_bytes; 30765 rc = Serialize_UINT32(command_size, &command_size_bytes); 30766 if (rc != TPM_RC_SUCCESS) { 30767 return rc; 30768 } 30769 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 30770 handle_section_bytes + authorization_size_bytes + 30771 authorization_section_bytes + parameter_section_bytes; 30772 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30773 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30774 serialized_command->size()); 30775 return TPM_RC_SUCCESS; 30776 } 30777 30778 TPM_RC Tpm::ParseResponse_NV_ReadPublic( 30779 const std::string& response, 30780 TPM2B_NV_PUBLIC* nv_public, 30781 TPM2B_NAME* nv_name, 30782 AuthorizationDelegate* authorization_delegate) { 30783 VLOG(3) << __func__; 30784 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30785 TPM_RC rc = TPM_RC_SUCCESS; 30786 std::string buffer(response); 30787 TPM_ST tag; 30788 std::string tag_bytes; 30789 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 30790 if (rc != TPM_RC_SUCCESS) { 30791 return rc; 30792 } 30793 UINT32 response_size; 30794 std::string response_size_bytes; 30795 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 30796 if (rc != TPM_RC_SUCCESS) { 30797 return rc; 30798 } 30799 TPM_RC response_code; 30800 std::string response_code_bytes; 30801 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 30802 if (rc != TPM_RC_SUCCESS) { 30803 return rc; 30804 } 30805 if (response_size != response.size()) { 30806 return TPM_RC_SIZE; 30807 } 30808 if (response_code != TPM_RC_SUCCESS) { 30809 return response_code; 30810 } 30811 TPM_CC command_code = TPM_CC_NV_ReadPublic; 30812 std::string command_code_bytes; 30813 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30814 if (rc != TPM_RC_SUCCESS) { 30815 return rc; 30816 } 30817 std::string authorization_section_bytes; 30818 if (tag == TPM_ST_SESSIONS) { 30819 UINT32 parameter_section_size = buffer.size(); 30820 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30821 if (rc != TPM_RC_SUCCESS) { 30822 return rc; 30823 } 30824 if (parameter_section_size > buffer.size()) { 30825 return TPM_RC_INSUFFICIENT; 30826 } 30827 authorization_section_bytes = buffer.substr(parameter_section_size); 30828 // Keep the parameter section in |buffer|. 30829 buffer.erase(parameter_section_size); 30830 } 30831 std::unique_ptr<crypto::SecureHash> hash( 30832 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30833 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 30834 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30835 hash->Update(buffer.data(), buffer.size()); 30836 std::string response_hash(32, 0); 30837 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30838 if (tag == TPM_ST_SESSIONS) { 30839 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30840 if (!authorization_delegate->CheckResponseAuthorization( 30841 response_hash, authorization_section_bytes)) { 30842 return TRUNKS_RC_AUTHORIZATION_FAILED; 30843 } 30844 } 30845 std::string nv_public_bytes; 30846 rc = Parse_TPM2B_NV_PUBLIC(&buffer, nv_public, &nv_public_bytes); 30847 if (rc != TPM_RC_SUCCESS) { 30848 return rc; 30849 } 30850 std::string nv_name_bytes; 30851 rc = Parse_TPM2B_NAME(&buffer, nv_name, &nv_name_bytes); 30852 if (rc != TPM_RC_SUCCESS) { 30853 return rc; 30854 } 30855 if (tag == TPM_ST_SESSIONS) { 30856 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30857 // Decrypt just the parameter data, not the size. 30858 std::string tmp = nv_public_bytes.substr(2); 30859 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 30860 return TRUNKS_RC_ENCRYPTION_FAILED; 30861 } 30862 nv_public_bytes.replace(2, std::string::npos, tmp); 30863 rc = Parse_TPM2B_NV_PUBLIC(&nv_public_bytes, nv_public, nullptr); 30864 if (rc != TPM_RC_SUCCESS) { 30865 return rc; 30866 } 30867 } 30868 return TPM_RC_SUCCESS; 30869 } 30870 30871 void NV_ReadPublicErrorCallback(const Tpm::NV_ReadPublicResponse& callback, 30872 TPM_RC response_code) { 30873 VLOG(1) << __func__; 30874 callback.Run(response_code, TPM2B_NV_PUBLIC(), TPM2B_NAME()); 30875 } 30876 30877 void NV_ReadPublicResponseParser(const Tpm::NV_ReadPublicResponse& callback, 30878 AuthorizationDelegate* authorization_delegate, 30879 const std::string& response) { 30880 VLOG(1) << __func__; 30881 base::Callback<void(TPM_RC)> error_reporter = 30882 base::Bind(NV_ReadPublicErrorCallback, callback); 30883 TPM2B_NV_PUBLIC nv_public; 30884 TPM2B_NAME nv_name; 30885 TPM_RC rc = Tpm::ParseResponse_NV_ReadPublic(response, &nv_public, &nv_name, 30886 authorization_delegate); 30887 if (rc != TPM_RC_SUCCESS) { 30888 error_reporter.Run(rc); 30889 return; 30890 } 30891 callback.Run(rc, nv_public, nv_name); 30892 } 30893 30894 void Tpm::NV_ReadPublic(const TPMI_RH_NV_INDEX& nv_index, 30895 const std::string& nv_index_name, 30896 AuthorizationDelegate* authorization_delegate, 30897 const NV_ReadPublicResponse& callback) { 30898 VLOG(1) << __func__; 30899 base::Callback<void(TPM_RC)> error_reporter = 30900 base::Bind(NV_ReadPublicErrorCallback, callback); 30901 base::Callback<void(const std::string&)> parser = 30902 base::Bind(NV_ReadPublicResponseParser, callback, authorization_delegate); 30903 std::string command; 30904 TPM_RC rc = SerializeCommand_NV_ReadPublic(nv_index, nv_index_name, &command, 30905 authorization_delegate); 30906 if (rc != TPM_RC_SUCCESS) { 30907 error_reporter.Run(rc); 30908 return; 30909 } 30910 transceiver_->SendCommand(command, parser); 30911 } 30912 30913 TPM_RC Tpm::NV_ReadPublicSync(const TPMI_RH_NV_INDEX& nv_index, 30914 const std::string& nv_index_name, 30915 TPM2B_NV_PUBLIC* nv_public, 30916 TPM2B_NAME* nv_name, 30917 AuthorizationDelegate* authorization_delegate) { 30918 VLOG(1) << __func__; 30919 std::string command; 30920 TPM_RC rc = SerializeCommand_NV_ReadPublic(nv_index, nv_index_name, &command, 30921 authorization_delegate); 30922 if (rc != TPM_RC_SUCCESS) { 30923 return rc; 30924 } 30925 std::string response = transceiver_->SendCommandAndWait(command); 30926 rc = ParseResponse_NV_ReadPublic(response, nv_public, nv_name, 30927 authorization_delegate); 30928 return rc; 30929 } 30930 30931 TPM_RC Tpm::SerializeCommand_NV_Write( 30932 const TPMI_RH_NV_AUTH& auth_handle, 30933 const std::string& auth_handle_name, 30934 const TPMI_RH_NV_INDEX& nv_index, 30935 const std::string& nv_index_name, 30936 const TPM2B_MAX_NV_BUFFER& data, 30937 const UINT16& offset, 30938 std::string* serialized_command, 30939 AuthorizationDelegate* authorization_delegate) { 30940 VLOG(3) << __func__; 30941 TPM_RC rc = TPM_RC_SUCCESS; 30942 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30943 UINT32 command_size = 10; // Header size. 30944 std::string handle_section_bytes; 30945 std::string parameter_section_bytes; 30946 TPM_CC command_code = TPM_CC_NV_Write; 30947 bool is_command_parameter_encryption_possible = true; 30948 bool is_response_parameter_encryption_possible = false; 30949 std::string command_code_bytes; 30950 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 30951 if (rc != TPM_RC_SUCCESS) { 30952 return rc; 30953 } 30954 std::string auth_handle_bytes; 30955 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 30956 if (rc != TPM_RC_SUCCESS) { 30957 return rc; 30958 } 30959 std::string nv_index_bytes; 30960 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 30961 if (rc != TPM_RC_SUCCESS) { 30962 return rc; 30963 } 30964 std::string data_bytes; 30965 rc = Serialize_TPM2B_MAX_NV_BUFFER(data, &data_bytes); 30966 if (rc != TPM_RC_SUCCESS) { 30967 return rc; 30968 } 30969 std::string offset_bytes; 30970 rc = Serialize_UINT16(offset, &offset_bytes); 30971 if (rc != TPM_RC_SUCCESS) { 30972 return rc; 30973 } 30974 if (authorization_delegate) { 30975 // Encrypt just the parameter data, not the size. 30976 std::string tmp = data_bytes.substr(2); 30977 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 30978 return TRUNKS_RC_ENCRYPTION_FAILED; 30979 } 30980 data_bytes.replace(2, std::string::npos, tmp); 30981 } 30982 std::unique_ptr<crypto::SecureHash> hash( 30983 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 30984 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 30985 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 30986 handle_section_bytes += auth_handle_bytes; 30987 command_size += auth_handle_bytes.size(); 30988 hash->Update(nv_index_name.data(), nv_index_name.size()); 30989 handle_section_bytes += nv_index_bytes; 30990 command_size += nv_index_bytes.size(); 30991 hash->Update(data_bytes.data(), data_bytes.size()); 30992 parameter_section_bytes += data_bytes; 30993 command_size += data_bytes.size(); 30994 hash->Update(offset_bytes.data(), offset_bytes.size()); 30995 parameter_section_bytes += offset_bytes; 30996 command_size += offset_bytes.size(); 30997 std::string command_hash(32, 0); 30998 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30999 std::string authorization_section_bytes; 31000 std::string authorization_size_bytes; 31001 if (authorization_delegate) { 31002 if (!authorization_delegate->GetCommandAuthorization( 31003 command_hash, is_command_parameter_encryption_possible, 31004 is_response_parameter_encryption_possible, 31005 &authorization_section_bytes)) { 31006 return TRUNKS_RC_AUTHORIZATION_FAILED; 31007 } 31008 if (!authorization_section_bytes.empty()) { 31009 tag = TPM_ST_SESSIONS; 31010 std::string tmp; 31011 rc = Serialize_UINT32(authorization_section_bytes.size(), 31012 &authorization_size_bytes); 31013 if (rc != TPM_RC_SUCCESS) { 31014 return rc; 31015 } 31016 command_size += 31017 authorization_size_bytes.size() + authorization_section_bytes.size(); 31018 } 31019 } 31020 std::string tag_bytes; 31021 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 31022 if (rc != TPM_RC_SUCCESS) { 31023 return rc; 31024 } 31025 std::string command_size_bytes; 31026 rc = Serialize_UINT32(command_size, &command_size_bytes); 31027 if (rc != TPM_RC_SUCCESS) { 31028 return rc; 31029 } 31030 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 31031 handle_section_bytes + authorization_size_bytes + 31032 authorization_section_bytes + parameter_section_bytes; 31033 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31034 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31035 serialized_command->size()); 31036 return TPM_RC_SUCCESS; 31037 } 31038 31039 TPM_RC Tpm::ParseResponse_NV_Write( 31040 const std::string& response, 31041 AuthorizationDelegate* authorization_delegate) { 31042 VLOG(3) << __func__; 31043 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31044 TPM_RC rc = TPM_RC_SUCCESS; 31045 std::string buffer(response); 31046 TPM_ST tag; 31047 std::string tag_bytes; 31048 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 31049 if (rc != TPM_RC_SUCCESS) { 31050 return rc; 31051 } 31052 UINT32 response_size; 31053 std::string response_size_bytes; 31054 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 31055 if (rc != TPM_RC_SUCCESS) { 31056 return rc; 31057 } 31058 TPM_RC response_code; 31059 std::string response_code_bytes; 31060 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 31061 if (rc != TPM_RC_SUCCESS) { 31062 return rc; 31063 } 31064 if (response_size != response.size()) { 31065 return TPM_RC_SIZE; 31066 } 31067 if (response_code != TPM_RC_SUCCESS) { 31068 return response_code; 31069 } 31070 TPM_CC command_code = TPM_CC_NV_Write; 31071 std::string command_code_bytes; 31072 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31073 if (rc != TPM_RC_SUCCESS) { 31074 return rc; 31075 } 31076 std::string authorization_section_bytes; 31077 if (tag == TPM_ST_SESSIONS) { 31078 UINT32 parameter_section_size = buffer.size(); 31079 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31080 if (rc != TPM_RC_SUCCESS) { 31081 return rc; 31082 } 31083 if (parameter_section_size > buffer.size()) { 31084 return TPM_RC_INSUFFICIENT; 31085 } 31086 authorization_section_bytes = buffer.substr(parameter_section_size); 31087 // Keep the parameter section in |buffer|. 31088 buffer.erase(parameter_section_size); 31089 } 31090 std::unique_ptr<crypto::SecureHash> hash( 31091 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31092 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 31093 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31094 hash->Update(buffer.data(), buffer.size()); 31095 std::string response_hash(32, 0); 31096 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31097 if (tag == TPM_ST_SESSIONS) { 31098 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31099 if (!authorization_delegate->CheckResponseAuthorization( 31100 response_hash, authorization_section_bytes)) { 31101 return TRUNKS_RC_AUTHORIZATION_FAILED; 31102 } 31103 } 31104 return TPM_RC_SUCCESS; 31105 } 31106 31107 void NV_WriteErrorCallback(const Tpm::NV_WriteResponse& callback, 31108 TPM_RC response_code) { 31109 VLOG(1) << __func__; 31110 callback.Run(response_code); 31111 } 31112 31113 void NV_WriteResponseParser(const Tpm::NV_WriteResponse& callback, 31114 AuthorizationDelegate* authorization_delegate, 31115 const std::string& response) { 31116 VLOG(1) << __func__; 31117 base::Callback<void(TPM_RC)> error_reporter = 31118 base::Bind(NV_WriteErrorCallback, callback); 31119 TPM_RC rc = Tpm::ParseResponse_NV_Write(response, authorization_delegate); 31120 if (rc != TPM_RC_SUCCESS) { 31121 error_reporter.Run(rc); 31122 return; 31123 } 31124 callback.Run(rc); 31125 } 31126 31127 void Tpm::NV_Write(const TPMI_RH_NV_AUTH& auth_handle, 31128 const std::string& auth_handle_name, 31129 const TPMI_RH_NV_INDEX& nv_index, 31130 const std::string& nv_index_name, 31131 const TPM2B_MAX_NV_BUFFER& data, 31132 const UINT16& offset, 31133 AuthorizationDelegate* authorization_delegate, 31134 const NV_WriteResponse& callback) { 31135 VLOG(1) << __func__; 31136 base::Callback<void(TPM_RC)> error_reporter = 31137 base::Bind(NV_WriteErrorCallback, callback); 31138 base::Callback<void(const std::string&)> parser = 31139 base::Bind(NV_WriteResponseParser, callback, authorization_delegate); 31140 std::string command; 31141 TPM_RC rc = SerializeCommand_NV_Write(auth_handle, auth_handle_name, nv_index, 31142 nv_index_name, data, offset, &command, 31143 authorization_delegate); 31144 if (rc != TPM_RC_SUCCESS) { 31145 error_reporter.Run(rc); 31146 return; 31147 } 31148 transceiver_->SendCommand(command, parser); 31149 } 31150 31151 TPM_RC Tpm::NV_WriteSync(const TPMI_RH_NV_AUTH& auth_handle, 31152 const std::string& auth_handle_name, 31153 const TPMI_RH_NV_INDEX& nv_index, 31154 const std::string& nv_index_name, 31155 const TPM2B_MAX_NV_BUFFER& data, 31156 const UINT16& offset, 31157 AuthorizationDelegate* authorization_delegate) { 31158 VLOG(1) << __func__; 31159 std::string command; 31160 TPM_RC rc = SerializeCommand_NV_Write(auth_handle, auth_handle_name, nv_index, 31161 nv_index_name, data, offset, &command, 31162 authorization_delegate); 31163 if (rc != TPM_RC_SUCCESS) { 31164 return rc; 31165 } 31166 std::string response = transceiver_->SendCommandAndWait(command); 31167 rc = ParseResponse_NV_Write(response, authorization_delegate); 31168 return rc; 31169 } 31170 31171 TPM_RC Tpm::SerializeCommand_NV_Increment( 31172 const TPMI_RH_NV_AUTH& auth_handle, 31173 const std::string& auth_handle_name, 31174 const TPMI_RH_NV_INDEX& nv_index, 31175 const std::string& nv_index_name, 31176 std::string* serialized_command, 31177 AuthorizationDelegate* authorization_delegate) { 31178 VLOG(3) << __func__; 31179 TPM_RC rc = TPM_RC_SUCCESS; 31180 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31181 UINT32 command_size = 10; // Header size. 31182 std::string handle_section_bytes; 31183 std::string parameter_section_bytes; 31184 TPM_CC command_code = TPM_CC_NV_Increment; 31185 bool is_command_parameter_encryption_possible = false; 31186 bool is_response_parameter_encryption_possible = false; 31187 std::string command_code_bytes; 31188 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31189 if (rc != TPM_RC_SUCCESS) { 31190 return rc; 31191 } 31192 std::string auth_handle_bytes; 31193 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 31194 if (rc != TPM_RC_SUCCESS) { 31195 return rc; 31196 } 31197 std::string nv_index_bytes; 31198 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 31199 if (rc != TPM_RC_SUCCESS) { 31200 return rc; 31201 } 31202 std::unique_ptr<crypto::SecureHash> hash( 31203 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31204 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31205 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 31206 handle_section_bytes += auth_handle_bytes; 31207 command_size += auth_handle_bytes.size(); 31208 hash->Update(nv_index_name.data(), nv_index_name.size()); 31209 handle_section_bytes += nv_index_bytes; 31210 command_size += nv_index_bytes.size(); 31211 std::string command_hash(32, 0); 31212 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31213 std::string authorization_section_bytes; 31214 std::string authorization_size_bytes; 31215 if (authorization_delegate) { 31216 if (!authorization_delegate->GetCommandAuthorization( 31217 command_hash, is_command_parameter_encryption_possible, 31218 is_response_parameter_encryption_possible, 31219 &authorization_section_bytes)) { 31220 return TRUNKS_RC_AUTHORIZATION_FAILED; 31221 } 31222 if (!authorization_section_bytes.empty()) { 31223 tag = TPM_ST_SESSIONS; 31224 std::string tmp; 31225 rc = Serialize_UINT32(authorization_section_bytes.size(), 31226 &authorization_size_bytes); 31227 if (rc != TPM_RC_SUCCESS) { 31228 return rc; 31229 } 31230 command_size += 31231 authorization_size_bytes.size() + authorization_section_bytes.size(); 31232 } 31233 } 31234 std::string tag_bytes; 31235 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 31236 if (rc != TPM_RC_SUCCESS) { 31237 return rc; 31238 } 31239 std::string command_size_bytes; 31240 rc = Serialize_UINT32(command_size, &command_size_bytes); 31241 if (rc != TPM_RC_SUCCESS) { 31242 return rc; 31243 } 31244 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 31245 handle_section_bytes + authorization_size_bytes + 31246 authorization_section_bytes + parameter_section_bytes; 31247 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31248 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31249 serialized_command->size()); 31250 return TPM_RC_SUCCESS; 31251 } 31252 31253 TPM_RC Tpm::ParseResponse_NV_Increment( 31254 const std::string& response, 31255 AuthorizationDelegate* authorization_delegate) { 31256 VLOG(3) << __func__; 31257 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31258 TPM_RC rc = TPM_RC_SUCCESS; 31259 std::string buffer(response); 31260 TPM_ST tag; 31261 std::string tag_bytes; 31262 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 31263 if (rc != TPM_RC_SUCCESS) { 31264 return rc; 31265 } 31266 UINT32 response_size; 31267 std::string response_size_bytes; 31268 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 31269 if (rc != TPM_RC_SUCCESS) { 31270 return rc; 31271 } 31272 TPM_RC response_code; 31273 std::string response_code_bytes; 31274 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 31275 if (rc != TPM_RC_SUCCESS) { 31276 return rc; 31277 } 31278 if (response_size != response.size()) { 31279 return TPM_RC_SIZE; 31280 } 31281 if (response_code != TPM_RC_SUCCESS) { 31282 return response_code; 31283 } 31284 TPM_CC command_code = TPM_CC_NV_Increment; 31285 std::string command_code_bytes; 31286 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31287 if (rc != TPM_RC_SUCCESS) { 31288 return rc; 31289 } 31290 std::string authorization_section_bytes; 31291 if (tag == TPM_ST_SESSIONS) { 31292 UINT32 parameter_section_size = buffer.size(); 31293 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31294 if (rc != TPM_RC_SUCCESS) { 31295 return rc; 31296 } 31297 if (parameter_section_size > buffer.size()) { 31298 return TPM_RC_INSUFFICIENT; 31299 } 31300 authorization_section_bytes = buffer.substr(parameter_section_size); 31301 // Keep the parameter section in |buffer|. 31302 buffer.erase(parameter_section_size); 31303 } 31304 std::unique_ptr<crypto::SecureHash> hash( 31305 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31306 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 31307 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31308 hash->Update(buffer.data(), buffer.size()); 31309 std::string response_hash(32, 0); 31310 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31311 if (tag == TPM_ST_SESSIONS) { 31312 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31313 if (!authorization_delegate->CheckResponseAuthorization( 31314 response_hash, authorization_section_bytes)) { 31315 return TRUNKS_RC_AUTHORIZATION_FAILED; 31316 } 31317 } 31318 return TPM_RC_SUCCESS; 31319 } 31320 31321 void NV_IncrementErrorCallback(const Tpm::NV_IncrementResponse& callback, 31322 TPM_RC response_code) { 31323 VLOG(1) << __func__; 31324 callback.Run(response_code); 31325 } 31326 31327 void NV_IncrementResponseParser(const Tpm::NV_IncrementResponse& callback, 31328 AuthorizationDelegate* authorization_delegate, 31329 const std::string& response) { 31330 VLOG(1) << __func__; 31331 base::Callback<void(TPM_RC)> error_reporter = 31332 base::Bind(NV_IncrementErrorCallback, callback); 31333 TPM_RC rc = Tpm::ParseResponse_NV_Increment(response, authorization_delegate); 31334 if (rc != TPM_RC_SUCCESS) { 31335 error_reporter.Run(rc); 31336 return; 31337 } 31338 callback.Run(rc); 31339 } 31340 31341 void Tpm::NV_Increment(const TPMI_RH_NV_AUTH& auth_handle, 31342 const std::string& auth_handle_name, 31343 const TPMI_RH_NV_INDEX& nv_index, 31344 const std::string& nv_index_name, 31345 AuthorizationDelegate* authorization_delegate, 31346 const NV_IncrementResponse& callback) { 31347 VLOG(1) << __func__; 31348 base::Callback<void(TPM_RC)> error_reporter = 31349 base::Bind(NV_IncrementErrorCallback, callback); 31350 base::Callback<void(const std::string&)> parser = 31351 base::Bind(NV_IncrementResponseParser, callback, authorization_delegate); 31352 std::string command; 31353 TPM_RC rc = SerializeCommand_NV_Increment(auth_handle, auth_handle_name, 31354 nv_index, nv_index_name, &command, 31355 authorization_delegate); 31356 if (rc != TPM_RC_SUCCESS) { 31357 error_reporter.Run(rc); 31358 return; 31359 } 31360 transceiver_->SendCommand(command, parser); 31361 } 31362 31363 TPM_RC Tpm::NV_IncrementSync(const TPMI_RH_NV_AUTH& auth_handle, 31364 const std::string& auth_handle_name, 31365 const TPMI_RH_NV_INDEX& nv_index, 31366 const std::string& nv_index_name, 31367 AuthorizationDelegate* authorization_delegate) { 31368 VLOG(1) << __func__; 31369 std::string command; 31370 TPM_RC rc = SerializeCommand_NV_Increment(auth_handle, auth_handle_name, 31371 nv_index, nv_index_name, &command, 31372 authorization_delegate); 31373 if (rc != TPM_RC_SUCCESS) { 31374 return rc; 31375 } 31376 std::string response = transceiver_->SendCommandAndWait(command); 31377 rc = ParseResponse_NV_Increment(response, authorization_delegate); 31378 return rc; 31379 } 31380 31381 TPM_RC Tpm::SerializeCommand_NV_Extend( 31382 const TPMI_RH_NV_AUTH& auth_handle, 31383 const std::string& auth_handle_name, 31384 const TPMI_RH_NV_INDEX& nv_index, 31385 const std::string& nv_index_name, 31386 const TPM2B_MAX_NV_BUFFER& data, 31387 std::string* serialized_command, 31388 AuthorizationDelegate* authorization_delegate) { 31389 VLOG(3) << __func__; 31390 TPM_RC rc = TPM_RC_SUCCESS; 31391 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31392 UINT32 command_size = 10; // Header size. 31393 std::string handle_section_bytes; 31394 std::string parameter_section_bytes; 31395 TPM_CC command_code = TPM_CC_NV_Extend; 31396 bool is_command_parameter_encryption_possible = true; 31397 bool is_response_parameter_encryption_possible = false; 31398 std::string command_code_bytes; 31399 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31400 if (rc != TPM_RC_SUCCESS) { 31401 return rc; 31402 } 31403 std::string auth_handle_bytes; 31404 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 31405 if (rc != TPM_RC_SUCCESS) { 31406 return rc; 31407 } 31408 std::string nv_index_bytes; 31409 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 31410 if (rc != TPM_RC_SUCCESS) { 31411 return rc; 31412 } 31413 std::string data_bytes; 31414 rc = Serialize_TPM2B_MAX_NV_BUFFER(data, &data_bytes); 31415 if (rc != TPM_RC_SUCCESS) { 31416 return rc; 31417 } 31418 if (authorization_delegate) { 31419 // Encrypt just the parameter data, not the size. 31420 std::string tmp = data_bytes.substr(2); 31421 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 31422 return TRUNKS_RC_ENCRYPTION_FAILED; 31423 } 31424 data_bytes.replace(2, std::string::npos, tmp); 31425 } 31426 std::unique_ptr<crypto::SecureHash> hash( 31427 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31428 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31429 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 31430 handle_section_bytes += auth_handle_bytes; 31431 command_size += auth_handle_bytes.size(); 31432 hash->Update(nv_index_name.data(), nv_index_name.size()); 31433 handle_section_bytes += nv_index_bytes; 31434 command_size += nv_index_bytes.size(); 31435 hash->Update(data_bytes.data(), data_bytes.size()); 31436 parameter_section_bytes += data_bytes; 31437 command_size += data_bytes.size(); 31438 std::string command_hash(32, 0); 31439 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31440 std::string authorization_section_bytes; 31441 std::string authorization_size_bytes; 31442 if (authorization_delegate) { 31443 if (!authorization_delegate->GetCommandAuthorization( 31444 command_hash, is_command_parameter_encryption_possible, 31445 is_response_parameter_encryption_possible, 31446 &authorization_section_bytes)) { 31447 return TRUNKS_RC_AUTHORIZATION_FAILED; 31448 } 31449 if (!authorization_section_bytes.empty()) { 31450 tag = TPM_ST_SESSIONS; 31451 std::string tmp; 31452 rc = Serialize_UINT32(authorization_section_bytes.size(), 31453 &authorization_size_bytes); 31454 if (rc != TPM_RC_SUCCESS) { 31455 return rc; 31456 } 31457 command_size += 31458 authorization_size_bytes.size() + authorization_section_bytes.size(); 31459 } 31460 } 31461 std::string tag_bytes; 31462 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 31463 if (rc != TPM_RC_SUCCESS) { 31464 return rc; 31465 } 31466 std::string command_size_bytes; 31467 rc = Serialize_UINT32(command_size, &command_size_bytes); 31468 if (rc != TPM_RC_SUCCESS) { 31469 return rc; 31470 } 31471 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 31472 handle_section_bytes + authorization_size_bytes + 31473 authorization_section_bytes + parameter_section_bytes; 31474 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31475 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31476 serialized_command->size()); 31477 return TPM_RC_SUCCESS; 31478 } 31479 31480 TPM_RC Tpm::ParseResponse_NV_Extend( 31481 const std::string& response, 31482 AuthorizationDelegate* authorization_delegate) { 31483 VLOG(3) << __func__; 31484 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31485 TPM_RC rc = TPM_RC_SUCCESS; 31486 std::string buffer(response); 31487 TPM_ST tag; 31488 std::string tag_bytes; 31489 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 31490 if (rc != TPM_RC_SUCCESS) { 31491 return rc; 31492 } 31493 UINT32 response_size; 31494 std::string response_size_bytes; 31495 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 31496 if (rc != TPM_RC_SUCCESS) { 31497 return rc; 31498 } 31499 TPM_RC response_code; 31500 std::string response_code_bytes; 31501 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 31502 if (rc != TPM_RC_SUCCESS) { 31503 return rc; 31504 } 31505 if (response_size != response.size()) { 31506 return TPM_RC_SIZE; 31507 } 31508 if (response_code != TPM_RC_SUCCESS) { 31509 return response_code; 31510 } 31511 TPM_CC command_code = TPM_CC_NV_Extend; 31512 std::string command_code_bytes; 31513 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31514 if (rc != TPM_RC_SUCCESS) { 31515 return rc; 31516 } 31517 std::string authorization_section_bytes; 31518 if (tag == TPM_ST_SESSIONS) { 31519 UINT32 parameter_section_size = buffer.size(); 31520 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31521 if (rc != TPM_RC_SUCCESS) { 31522 return rc; 31523 } 31524 if (parameter_section_size > buffer.size()) { 31525 return TPM_RC_INSUFFICIENT; 31526 } 31527 authorization_section_bytes = buffer.substr(parameter_section_size); 31528 // Keep the parameter section in |buffer|. 31529 buffer.erase(parameter_section_size); 31530 } 31531 std::unique_ptr<crypto::SecureHash> hash( 31532 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31533 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 31534 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31535 hash->Update(buffer.data(), buffer.size()); 31536 std::string response_hash(32, 0); 31537 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31538 if (tag == TPM_ST_SESSIONS) { 31539 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31540 if (!authorization_delegate->CheckResponseAuthorization( 31541 response_hash, authorization_section_bytes)) { 31542 return TRUNKS_RC_AUTHORIZATION_FAILED; 31543 } 31544 } 31545 return TPM_RC_SUCCESS; 31546 } 31547 31548 void NV_ExtendErrorCallback(const Tpm::NV_ExtendResponse& callback, 31549 TPM_RC response_code) { 31550 VLOG(1) << __func__; 31551 callback.Run(response_code); 31552 } 31553 31554 void NV_ExtendResponseParser(const Tpm::NV_ExtendResponse& callback, 31555 AuthorizationDelegate* authorization_delegate, 31556 const std::string& response) { 31557 VLOG(1) << __func__; 31558 base::Callback<void(TPM_RC)> error_reporter = 31559 base::Bind(NV_ExtendErrorCallback, callback); 31560 TPM_RC rc = Tpm::ParseResponse_NV_Extend(response, authorization_delegate); 31561 if (rc != TPM_RC_SUCCESS) { 31562 error_reporter.Run(rc); 31563 return; 31564 } 31565 callback.Run(rc); 31566 } 31567 31568 void Tpm::NV_Extend(const TPMI_RH_NV_AUTH& auth_handle, 31569 const std::string& auth_handle_name, 31570 const TPMI_RH_NV_INDEX& nv_index, 31571 const std::string& nv_index_name, 31572 const TPM2B_MAX_NV_BUFFER& data, 31573 AuthorizationDelegate* authorization_delegate, 31574 const NV_ExtendResponse& callback) { 31575 VLOG(1) << __func__; 31576 base::Callback<void(TPM_RC)> error_reporter = 31577 base::Bind(NV_ExtendErrorCallback, callback); 31578 base::Callback<void(const std::string&)> parser = 31579 base::Bind(NV_ExtendResponseParser, callback, authorization_delegate); 31580 std::string command; 31581 TPM_RC rc = SerializeCommand_NV_Extend(auth_handle, auth_handle_name, 31582 nv_index, nv_index_name, data, 31583 &command, authorization_delegate); 31584 if (rc != TPM_RC_SUCCESS) { 31585 error_reporter.Run(rc); 31586 return; 31587 } 31588 transceiver_->SendCommand(command, parser); 31589 } 31590 31591 TPM_RC Tpm::NV_ExtendSync(const TPMI_RH_NV_AUTH& auth_handle, 31592 const std::string& auth_handle_name, 31593 const TPMI_RH_NV_INDEX& nv_index, 31594 const std::string& nv_index_name, 31595 const TPM2B_MAX_NV_BUFFER& data, 31596 AuthorizationDelegate* authorization_delegate) { 31597 VLOG(1) << __func__; 31598 std::string command; 31599 TPM_RC rc = SerializeCommand_NV_Extend(auth_handle, auth_handle_name, 31600 nv_index, nv_index_name, data, 31601 &command, authorization_delegate); 31602 if (rc != TPM_RC_SUCCESS) { 31603 return rc; 31604 } 31605 std::string response = transceiver_->SendCommandAndWait(command); 31606 rc = ParseResponse_NV_Extend(response, authorization_delegate); 31607 return rc; 31608 } 31609 31610 TPM_RC Tpm::SerializeCommand_NV_SetBits( 31611 const TPMI_RH_NV_AUTH& auth_handle, 31612 const std::string& auth_handle_name, 31613 const TPMI_RH_NV_INDEX& nv_index, 31614 const std::string& nv_index_name, 31615 const UINT64& bits, 31616 std::string* serialized_command, 31617 AuthorizationDelegate* authorization_delegate) { 31618 VLOG(3) << __func__; 31619 TPM_RC rc = TPM_RC_SUCCESS; 31620 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31621 UINT32 command_size = 10; // Header size. 31622 std::string handle_section_bytes; 31623 std::string parameter_section_bytes; 31624 TPM_CC command_code = TPM_CC_NV_SetBits; 31625 bool is_command_parameter_encryption_possible = false; 31626 bool is_response_parameter_encryption_possible = false; 31627 std::string command_code_bytes; 31628 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31629 if (rc != TPM_RC_SUCCESS) { 31630 return rc; 31631 } 31632 std::string auth_handle_bytes; 31633 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 31634 if (rc != TPM_RC_SUCCESS) { 31635 return rc; 31636 } 31637 std::string nv_index_bytes; 31638 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 31639 if (rc != TPM_RC_SUCCESS) { 31640 return rc; 31641 } 31642 std::string bits_bytes; 31643 rc = Serialize_UINT64(bits, &bits_bytes); 31644 if (rc != TPM_RC_SUCCESS) { 31645 return rc; 31646 } 31647 std::unique_ptr<crypto::SecureHash> hash( 31648 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31649 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31650 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 31651 handle_section_bytes += auth_handle_bytes; 31652 command_size += auth_handle_bytes.size(); 31653 hash->Update(nv_index_name.data(), nv_index_name.size()); 31654 handle_section_bytes += nv_index_bytes; 31655 command_size += nv_index_bytes.size(); 31656 hash->Update(bits_bytes.data(), bits_bytes.size()); 31657 parameter_section_bytes += bits_bytes; 31658 command_size += bits_bytes.size(); 31659 std::string command_hash(32, 0); 31660 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31661 std::string authorization_section_bytes; 31662 std::string authorization_size_bytes; 31663 if (authorization_delegate) { 31664 if (!authorization_delegate->GetCommandAuthorization( 31665 command_hash, is_command_parameter_encryption_possible, 31666 is_response_parameter_encryption_possible, 31667 &authorization_section_bytes)) { 31668 return TRUNKS_RC_AUTHORIZATION_FAILED; 31669 } 31670 if (!authorization_section_bytes.empty()) { 31671 tag = TPM_ST_SESSIONS; 31672 std::string tmp; 31673 rc = Serialize_UINT32(authorization_section_bytes.size(), 31674 &authorization_size_bytes); 31675 if (rc != TPM_RC_SUCCESS) { 31676 return rc; 31677 } 31678 command_size += 31679 authorization_size_bytes.size() + authorization_section_bytes.size(); 31680 } 31681 } 31682 std::string tag_bytes; 31683 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 31684 if (rc != TPM_RC_SUCCESS) { 31685 return rc; 31686 } 31687 std::string command_size_bytes; 31688 rc = Serialize_UINT32(command_size, &command_size_bytes); 31689 if (rc != TPM_RC_SUCCESS) { 31690 return rc; 31691 } 31692 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 31693 handle_section_bytes + authorization_size_bytes + 31694 authorization_section_bytes + parameter_section_bytes; 31695 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31696 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31697 serialized_command->size()); 31698 return TPM_RC_SUCCESS; 31699 } 31700 31701 TPM_RC Tpm::ParseResponse_NV_SetBits( 31702 const std::string& response, 31703 AuthorizationDelegate* authorization_delegate) { 31704 VLOG(3) << __func__; 31705 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31706 TPM_RC rc = TPM_RC_SUCCESS; 31707 std::string buffer(response); 31708 TPM_ST tag; 31709 std::string tag_bytes; 31710 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 31711 if (rc != TPM_RC_SUCCESS) { 31712 return rc; 31713 } 31714 UINT32 response_size; 31715 std::string response_size_bytes; 31716 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 31717 if (rc != TPM_RC_SUCCESS) { 31718 return rc; 31719 } 31720 TPM_RC response_code; 31721 std::string response_code_bytes; 31722 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 31723 if (rc != TPM_RC_SUCCESS) { 31724 return rc; 31725 } 31726 if (response_size != response.size()) { 31727 return TPM_RC_SIZE; 31728 } 31729 if (response_code != TPM_RC_SUCCESS) { 31730 return response_code; 31731 } 31732 TPM_CC command_code = TPM_CC_NV_SetBits; 31733 std::string command_code_bytes; 31734 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31735 if (rc != TPM_RC_SUCCESS) { 31736 return rc; 31737 } 31738 std::string authorization_section_bytes; 31739 if (tag == TPM_ST_SESSIONS) { 31740 UINT32 parameter_section_size = buffer.size(); 31741 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31742 if (rc != TPM_RC_SUCCESS) { 31743 return rc; 31744 } 31745 if (parameter_section_size > buffer.size()) { 31746 return TPM_RC_INSUFFICIENT; 31747 } 31748 authorization_section_bytes = buffer.substr(parameter_section_size); 31749 // Keep the parameter section in |buffer|. 31750 buffer.erase(parameter_section_size); 31751 } 31752 std::unique_ptr<crypto::SecureHash> hash( 31753 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31754 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 31755 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31756 hash->Update(buffer.data(), buffer.size()); 31757 std::string response_hash(32, 0); 31758 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31759 if (tag == TPM_ST_SESSIONS) { 31760 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31761 if (!authorization_delegate->CheckResponseAuthorization( 31762 response_hash, authorization_section_bytes)) { 31763 return TRUNKS_RC_AUTHORIZATION_FAILED; 31764 } 31765 } 31766 return TPM_RC_SUCCESS; 31767 } 31768 31769 void NV_SetBitsErrorCallback(const Tpm::NV_SetBitsResponse& callback, 31770 TPM_RC response_code) { 31771 VLOG(1) << __func__; 31772 callback.Run(response_code); 31773 } 31774 31775 void NV_SetBitsResponseParser(const Tpm::NV_SetBitsResponse& callback, 31776 AuthorizationDelegate* authorization_delegate, 31777 const std::string& response) { 31778 VLOG(1) << __func__; 31779 base::Callback<void(TPM_RC)> error_reporter = 31780 base::Bind(NV_SetBitsErrorCallback, callback); 31781 TPM_RC rc = Tpm::ParseResponse_NV_SetBits(response, authorization_delegate); 31782 if (rc != TPM_RC_SUCCESS) { 31783 error_reporter.Run(rc); 31784 return; 31785 } 31786 callback.Run(rc); 31787 } 31788 31789 void Tpm::NV_SetBits(const TPMI_RH_NV_AUTH& auth_handle, 31790 const std::string& auth_handle_name, 31791 const TPMI_RH_NV_INDEX& nv_index, 31792 const std::string& nv_index_name, 31793 const UINT64& bits, 31794 AuthorizationDelegate* authorization_delegate, 31795 const NV_SetBitsResponse& callback) { 31796 VLOG(1) << __func__; 31797 base::Callback<void(TPM_RC)> error_reporter = 31798 base::Bind(NV_SetBitsErrorCallback, callback); 31799 base::Callback<void(const std::string&)> parser = 31800 base::Bind(NV_SetBitsResponseParser, callback, authorization_delegate); 31801 std::string command; 31802 TPM_RC rc = SerializeCommand_NV_SetBits(auth_handle, auth_handle_name, 31803 nv_index, nv_index_name, bits, 31804 &command, authorization_delegate); 31805 if (rc != TPM_RC_SUCCESS) { 31806 error_reporter.Run(rc); 31807 return; 31808 } 31809 transceiver_->SendCommand(command, parser); 31810 } 31811 31812 TPM_RC Tpm::NV_SetBitsSync(const TPMI_RH_NV_AUTH& auth_handle, 31813 const std::string& auth_handle_name, 31814 const TPMI_RH_NV_INDEX& nv_index, 31815 const std::string& nv_index_name, 31816 const UINT64& bits, 31817 AuthorizationDelegate* authorization_delegate) { 31818 VLOG(1) << __func__; 31819 std::string command; 31820 TPM_RC rc = SerializeCommand_NV_SetBits(auth_handle, auth_handle_name, 31821 nv_index, nv_index_name, bits, 31822 &command, authorization_delegate); 31823 if (rc != TPM_RC_SUCCESS) { 31824 return rc; 31825 } 31826 std::string response = transceiver_->SendCommandAndWait(command); 31827 rc = ParseResponse_NV_SetBits(response, authorization_delegate); 31828 return rc; 31829 } 31830 31831 TPM_RC Tpm::SerializeCommand_NV_WriteLock( 31832 const TPMI_RH_NV_AUTH& auth_handle, 31833 const std::string& auth_handle_name, 31834 const TPMI_RH_NV_INDEX& nv_index, 31835 const std::string& nv_index_name, 31836 std::string* serialized_command, 31837 AuthorizationDelegate* authorization_delegate) { 31838 VLOG(3) << __func__; 31839 TPM_RC rc = TPM_RC_SUCCESS; 31840 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31841 UINT32 command_size = 10; // Header size. 31842 std::string handle_section_bytes; 31843 std::string parameter_section_bytes; 31844 TPM_CC command_code = TPM_CC_NV_WriteLock; 31845 bool is_command_parameter_encryption_possible = false; 31846 bool is_response_parameter_encryption_possible = false; 31847 std::string command_code_bytes; 31848 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31849 if (rc != TPM_RC_SUCCESS) { 31850 return rc; 31851 } 31852 std::string auth_handle_bytes; 31853 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 31854 if (rc != TPM_RC_SUCCESS) { 31855 return rc; 31856 } 31857 std::string nv_index_bytes; 31858 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 31859 if (rc != TPM_RC_SUCCESS) { 31860 return rc; 31861 } 31862 std::unique_ptr<crypto::SecureHash> hash( 31863 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31864 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31865 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 31866 handle_section_bytes += auth_handle_bytes; 31867 command_size += auth_handle_bytes.size(); 31868 hash->Update(nv_index_name.data(), nv_index_name.size()); 31869 handle_section_bytes += nv_index_bytes; 31870 command_size += nv_index_bytes.size(); 31871 std::string command_hash(32, 0); 31872 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31873 std::string authorization_section_bytes; 31874 std::string authorization_size_bytes; 31875 if (authorization_delegate) { 31876 if (!authorization_delegate->GetCommandAuthorization( 31877 command_hash, is_command_parameter_encryption_possible, 31878 is_response_parameter_encryption_possible, 31879 &authorization_section_bytes)) { 31880 return TRUNKS_RC_AUTHORIZATION_FAILED; 31881 } 31882 if (!authorization_section_bytes.empty()) { 31883 tag = TPM_ST_SESSIONS; 31884 std::string tmp; 31885 rc = Serialize_UINT32(authorization_section_bytes.size(), 31886 &authorization_size_bytes); 31887 if (rc != TPM_RC_SUCCESS) { 31888 return rc; 31889 } 31890 command_size += 31891 authorization_size_bytes.size() + authorization_section_bytes.size(); 31892 } 31893 } 31894 std::string tag_bytes; 31895 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 31896 if (rc != TPM_RC_SUCCESS) { 31897 return rc; 31898 } 31899 std::string command_size_bytes; 31900 rc = Serialize_UINT32(command_size, &command_size_bytes); 31901 if (rc != TPM_RC_SUCCESS) { 31902 return rc; 31903 } 31904 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 31905 handle_section_bytes + authorization_size_bytes + 31906 authorization_section_bytes + parameter_section_bytes; 31907 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31908 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31909 serialized_command->size()); 31910 return TPM_RC_SUCCESS; 31911 } 31912 31913 TPM_RC Tpm::ParseResponse_NV_WriteLock( 31914 const std::string& response, 31915 AuthorizationDelegate* authorization_delegate) { 31916 VLOG(3) << __func__; 31917 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31918 TPM_RC rc = TPM_RC_SUCCESS; 31919 std::string buffer(response); 31920 TPM_ST tag; 31921 std::string tag_bytes; 31922 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 31923 if (rc != TPM_RC_SUCCESS) { 31924 return rc; 31925 } 31926 UINT32 response_size; 31927 std::string response_size_bytes; 31928 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 31929 if (rc != TPM_RC_SUCCESS) { 31930 return rc; 31931 } 31932 TPM_RC response_code; 31933 std::string response_code_bytes; 31934 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 31935 if (rc != TPM_RC_SUCCESS) { 31936 return rc; 31937 } 31938 if (response_size != response.size()) { 31939 return TPM_RC_SIZE; 31940 } 31941 if (response_code != TPM_RC_SUCCESS) { 31942 return response_code; 31943 } 31944 TPM_CC command_code = TPM_CC_NV_WriteLock; 31945 std::string command_code_bytes; 31946 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 31947 if (rc != TPM_RC_SUCCESS) { 31948 return rc; 31949 } 31950 std::string authorization_section_bytes; 31951 if (tag == TPM_ST_SESSIONS) { 31952 UINT32 parameter_section_size = buffer.size(); 31953 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31954 if (rc != TPM_RC_SUCCESS) { 31955 return rc; 31956 } 31957 if (parameter_section_size > buffer.size()) { 31958 return TPM_RC_INSUFFICIENT; 31959 } 31960 authorization_section_bytes = buffer.substr(parameter_section_size); 31961 // Keep the parameter section in |buffer|. 31962 buffer.erase(parameter_section_size); 31963 } 31964 std::unique_ptr<crypto::SecureHash> hash( 31965 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 31966 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 31967 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 31968 hash->Update(buffer.data(), buffer.size()); 31969 std::string response_hash(32, 0); 31970 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31971 if (tag == TPM_ST_SESSIONS) { 31972 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31973 if (!authorization_delegate->CheckResponseAuthorization( 31974 response_hash, authorization_section_bytes)) { 31975 return TRUNKS_RC_AUTHORIZATION_FAILED; 31976 } 31977 } 31978 return TPM_RC_SUCCESS; 31979 } 31980 31981 void NV_WriteLockErrorCallback(const Tpm::NV_WriteLockResponse& callback, 31982 TPM_RC response_code) { 31983 VLOG(1) << __func__; 31984 callback.Run(response_code); 31985 } 31986 31987 void NV_WriteLockResponseParser(const Tpm::NV_WriteLockResponse& callback, 31988 AuthorizationDelegate* authorization_delegate, 31989 const std::string& response) { 31990 VLOG(1) << __func__; 31991 base::Callback<void(TPM_RC)> error_reporter = 31992 base::Bind(NV_WriteLockErrorCallback, callback); 31993 TPM_RC rc = Tpm::ParseResponse_NV_WriteLock(response, authorization_delegate); 31994 if (rc != TPM_RC_SUCCESS) { 31995 error_reporter.Run(rc); 31996 return; 31997 } 31998 callback.Run(rc); 31999 } 32000 32001 void Tpm::NV_WriteLock(const TPMI_RH_NV_AUTH& auth_handle, 32002 const std::string& auth_handle_name, 32003 const TPMI_RH_NV_INDEX& nv_index, 32004 const std::string& nv_index_name, 32005 AuthorizationDelegate* authorization_delegate, 32006 const NV_WriteLockResponse& callback) { 32007 VLOG(1) << __func__; 32008 base::Callback<void(TPM_RC)> error_reporter = 32009 base::Bind(NV_WriteLockErrorCallback, callback); 32010 base::Callback<void(const std::string&)> parser = 32011 base::Bind(NV_WriteLockResponseParser, callback, authorization_delegate); 32012 std::string command; 32013 TPM_RC rc = SerializeCommand_NV_WriteLock(auth_handle, auth_handle_name, 32014 nv_index, nv_index_name, &command, 32015 authorization_delegate); 32016 if (rc != TPM_RC_SUCCESS) { 32017 error_reporter.Run(rc); 32018 return; 32019 } 32020 transceiver_->SendCommand(command, parser); 32021 } 32022 32023 TPM_RC Tpm::NV_WriteLockSync(const TPMI_RH_NV_AUTH& auth_handle, 32024 const std::string& auth_handle_name, 32025 const TPMI_RH_NV_INDEX& nv_index, 32026 const std::string& nv_index_name, 32027 AuthorizationDelegate* authorization_delegate) { 32028 VLOG(1) << __func__; 32029 std::string command; 32030 TPM_RC rc = SerializeCommand_NV_WriteLock(auth_handle, auth_handle_name, 32031 nv_index, nv_index_name, &command, 32032 authorization_delegate); 32033 if (rc != TPM_RC_SUCCESS) { 32034 return rc; 32035 } 32036 std::string response = transceiver_->SendCommandAndWait(command); 32037 rc = ParseResponse_NV_WriteLock(response, authorization_delegate); 32038 return rc; 32039 } 32040 32041 TPM_RC Tpm::SerializeCommand_NV_GlobalWriteLock( 32042 const TPMI_RH_PROVISION& auth_handle, 32043 const std::string& auth_handle_name, 32044 std::string* serialized_command, 32045 AuthorizationDelegate* authorization_delegate) { 32046 VLOG(3) << __func__; 32047 TPM_RC rc = TPM_RC_SUCCESS; 32048 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32049 UINT32 command_size = 10; // Header size. 32050 std::string handle_section_bytes; 32051 std::string parameter_section_bytes; 32052 TPM_CC command_code = TPM_CC_NV_GlobalWriteLock; 32053 bool is_command_parameter_encryption_possible = false; 32054 bool is_response_parameter_encryption_possible = false; 32055 std::string command_code_bytes; 32056 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32057 if (rc != TPM_RC_SUCCESS) { 32058 return rc; 32059 } 32060 std::string auth_handle_bytes; 32061 rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes); 32062 if (rc != TPM_RC_SUCCESS) { 32063 return rc; 32064 } 32065 std::unique_ptr<crypto::SecureHash> hash( 32066 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32067 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32068 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 32069 handle_section_bytes += auth_handle_bytes; 32070 command_size += auth_handle_bytes.size(); 32071 std::string command_hash(32, 0); 32072 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32073 std::string authorization_section_bytes; 32074 std::string authorization_size_bytes; 32075 if (authorization_delegate) { 32076 if (!authorization_delegate->GetCommandAuthorization( 32077 command_hash, is_command_parameter_encryption_possible, 32078 is_response_parameter_encryption_possible, 32079 &authorization_section_bytes)) { 32080 return TRUNKS_RC_AUTHORIZATION_FAILED; 32081 } 32082 if (!authorization_section_bytes.empty()) { 32083 tag = TPM_ST_SESSIONS; 32084 std::string tmp; 32085 rc = Serialize_UINT32(authorization_section_bytes.size(), 32086 &authorization_size_bytes); 32087 if (rc != TPM_RC_SUCCESS) { 32088 return rc; 32089 } 32090 command_size += 32091 authorization_size_bytes.size() + authorization_section_bytes.size(); 32092 } 32093 } 32094 std::string tag_bytes; 32095 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 32096 if (rc != TPM_RC_SUCCESS) { 32097 return rc; 32098 } 32099 std::string command_size_bytes; 32100 rc = Serialize_UINT32(command_size, &command_size_bytes); 32101 if (rc != TPM_RC_SUCCESS) { 32102 return rc; 32103 } 32104 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 32105 handle_section_bytes + authorization_size_bytes + 32106 authorization_section_bytes + parameter_section_bytes; 32107 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32108 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32109 serialized_command->size()); 32110 return TPM_RC_SUCCESS; 32111 } 32112 32113 TPM_RC Tpm::ParseResponse_NV_GlobalWriteLock( 32114 const std::string& response, 32115 AuthorizationDelegate* authorization_delegate) { 32116 VLOG(3) << __func__; 32117 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32118 TPM_RC rc = TPM_RC_SUCCESS; 32119 std::string buffer(response); 32120 TPM_ST tag; 32121 std::string tag_bytes; 32122 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 32123 if (rc != TPM_RC_SUCCESS) { 32124 return rc; 32125 } 32126 UINT32 response_size; 32127 std::string response_size_bytes; 32128 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 32129 if (rc != TPM_RC_SUCCESS) { 32130 return rc; 32131 } 32132 TPM_RC response_code; 32133 std::string response_code_bytes; 32134 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 32135 if (rc != TPM_RC_SUCCESS) { 32136 return rc; 32137 } 32138 if (response_size != response.size()) { 32139 return TPM_RC_SIZE; 32140 } 32141 if (response_code != TPM_RC_SUCCESS) { 32142 return response_code; 32143 } 32144 TPM_CC command_code = TPM_CC_NV_GlobalWriteLock; 32145 std::string command_code_bytes; 32146 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32147 if (rc != TPM_RC_SUCCESS) { 32148 return rc; 32149 } 32150 std::string authorization_section_bytes; 32151 if (tag == TPM_ST_SESSIONS) { 32152 UINT32 parameter_section_size = buffer.size(); 32153 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32154 if (rc != TPM_RC_SUCCESS) { 32155 return rc; 32156 } 32157 if (parameter_section_size > buffer.size()) { 32158 return TPM_RC_INSUFFICIENT; 32159 } 32160 authorization_section_bytes = buffer.substr(parameter_section_size); 32161 // Keep the parameter section in |buffer|. 32162 buffer.erase(parameter_section_size); 32163 } 32164 std::unique_ptr<crypto::SecureHash> hash( 32165 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32166 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 32167 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32168 hash->Update(buffer.data(), buffer.size()); 32169 std::string response_hash(32, 0); 32170 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32171 if (tag == TPM_ST_SESSIONS) { 32172 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32173 if (!authorization_delegate->CheckResponseAuthorization( 32174 response_hash, authorization_section_bytes)) { 32175 return TRUNKS_RC_AUTHORIZATION_FAILED; 32176 } 32177 } 32178 return TPM_RC_SUCCESS; 32179 } 32180 32181 void NV_GlobalWriteLockErrorCallback( 32182 const Tpm::NV_GlobalWriteLockResponse& callback, 32183 TPM_RC response_code) { 32184 VLOG(1) << __func__; 32185 callback.Run(response_code); 32186 } 32187 32188 void NV_GlobalWriteLockResponseParser( 32189 const Tpm::NV_GlobalWriteLockResponse& callback, 32190 AuthorizationDelegate* authorization_delegate, 32191 const std::string& response) { 32192 VLOG(1) << __func__; 32193 base::Callback<void(TPM_RC)> error_reporter = 32194 base::Bind(NV_GlobalWriteLockErrorCallback, callback); 32195 TPM_RC rc = 32196 Tpm::ParseResponse_NV_GlobalWriteLock(response, authorization_delegate); 32197 if (rc != TPM_RC_SUCCESS) { 32198 error_reporter.Run(rc); 32199 return; 32200 } 32201 callback.Run(rc); 32202 } 32203 32204 void Tpm::NV_GlobalWriteLock(const TPMI_RH_PROVISION& auth_handle, 32205 const std::string& auth_handle_name, 32206 AuthorizationDelegate* authorization_delegate, 32207 const NV_GlobalWriteLockResponse& callback) { 32208 VLOG(1) << __func__; 32209 base::Callback<void(TPM_RC)> error_reporter = 32210 base::Bind(NV_GlobalWriteLockErrorCallback, callback); 32211 base::Callback<void(const std::string&)> parser = base::Bind( 32212 NV_GlobalWriteLockResponseParser, callback, authorization_delegate); 32213 std::string command; 32214 TPM_RC rc = SerializeCommand_NV_GlobalWriteLock( 32215 auth_handle, auth_handle_name, &command, authorization_delegate); 32216 if (rc != TPM_RC_SUCCESS) { 32217 error_reporter.Run(rc); 32218 return; 32219 } 32220 transceiver_->SendCommand(command, parser); 32221 } 32222 32223 TPM_RC Tpm::NV_GlobalWriteLockSync( 32224 const TPMI_RH_PROVISION& auth_handle, 32225 const std::string& auth_handle_name, 32226 AuthorizationDelegate* authorization_delegate) { 32227 VLOG(1) << __func__; 32228 std::string command; 32229 TPM_RC rc = SerializeCommand_NV_GlobalWriteLock( 32230 auth_handle, auth_handle_name, &command, authorization_delegate); 32231 if (rc != TPM_RC_SUCCESS) { 32232 return rc; 32233 } 32234 std::string response = transceiver_->SendCommandAndWait(command); 32235 rc = ParseResponse_NV_GlobalWriteLock(response, authorization_delegate); 32236 return rc; 32237 } 32238 32239 TPM_RC Tpm::SerializeCommand_NV_Read( 32240 const TPMI_RH_NV_AUTH& auth_handle, 32241 const std::string& auth_handle_name, 32242 const TPMI_RH_NV_INDEX& nv_index, 32243 const std::string& nv_index_name, 32244 const UINT16& size, 32245 const UINT16& offset, 32246 std::string* serialized_command, 32247 AuthorizationDelegate* authorization_delegate) { 32248 VLOG(3) << __func__; 32249 TPM_RC rc = TPM_RC_SUCCESS; 32250 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32251 UINT32 command_size = 10; // Header size. 32252 std::string handle_section_bytes; 32253 std::string parameter_section_bytes; 32254 TPM_CC command_code = TPM_CC_NV_Read; 32255 bool is_command_parameter_encryption_possible = false; 32256 bool is_response_parameter_encryption_possible = true; 32257 std::string command_code_bytes; 32258 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32259 if (rc != TPM_RC_SUCCESS) { 32260 return rc; 32261 } 32262 std::string auth_handle_bytes; 32263 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 32264 if (rc != TPM_RC_SUCCESS) { 32265 return rc; 32266 } 32267 std::string nv_index_bytes; 32268 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 32269 if (rc != TPM_RC_SUCCESS) { 32270 return rc; 32271 } 32272 std::string size_bytes; 32273 rc = Serialize_UINT16(size, &size_bytes); 32274 if (rc != TPM_RC_SUCCESS) { 32275 return rc; 32276 } 32277 std::string offset_bytes; 32278 rc = Serialize_UINT16(offset, &offset_bytes); 32279 if (rc != TPM_RC_SUCCESS) { 32280 return rc; 32281 } 32282 std::unique_ptr<crypto::SecureHash> hash( 32283 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32284 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32285 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 32286 handle_section_bytes += auth_handle_bytes; 32287 command_size += auth_handle_bytes.size(); 32288 hash->Update(nv_index_name.data(), nv_index_name.size()); 32289 handle_section_bytes += nv_index_bytes; 32290 command_size += nv_index_bytes.size(); 32291 hash->Update(size_bytes.data(), size_bytes.size()); 32292 parameter_section_bytes += size_bytes; 32293 command_size += size_bytes.size(); 32294 hash->Update(offset_bytes.data(), offset_bytes.size()); 32295 parameter_section_bytes += offset_bytes; 32296 command_size += offset_bytes.size(); 32297 std::string command_hash(32, 0); 32298 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32299 std::string authorization_section_bytes; 32300 std::string authorization_size_bytes; 32301 if (authorization_delegate) { 32302 if (!authorization_delegate->GetCommandAuthorization( 32303 command_hash, is_command_parameter_encryption_possible, 32304 is_response_parameter_encryption_possible, 32305 &authorization_section_bytes)) { 32306 return TRUNKS_RC_AUTHORIZATION_FAILED; 32307 } 32308 if (!authorization_section_bytes.empty()) { 32309 tag = TPM_ST_SESSIONS; 32310 std::string tmp; 32311 rc = Serialize_UINT32(authorization_section_bytes.size(), 32312 &authorization_size_bytes); 32313 if (rc != TPM_RC_SUCCESS) { 32314 return rc; 32315 } 32316 command_size += 32317 authorization_size_bytes.size() + authorization_section_bytes.size(); 32318 } 32319 } 32320 std::string tag_bytes; 32321 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 32322 if (rc != TPM_RC_SUCCESS) { 32323 return rc; 32324 } 32325 std::string command_size_bytes; 32326 rc = Serialize_UINT32(command_size, &command_size_bytes); 32327 if (rc != TPM_RC_SUCCESS) { 32328 return rc; 32329 } 32330 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 32331 handle_section_bytes + authorization_size_bytes + 32332 authorization_section_bytes + parameter_section_bytes; 32333 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32334 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32335 serialized_command->size()); 32336 return TPM_RC_SUCCESS; 32337 } 32338 32339 TPM_RC Tpm::ParseResponse_NV_Read( 32340 const std::string& response, 32341 TPM2B_MAX_NV_BUFFER* data, 32342 AuthorizationDelegate* authorization_delegate) { 32343 VLOG(3) << __func__; 32344 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32345 TPM_RC rc = TPM_RC_SUCCESS; 32346 std::string buffer(response); 32347 TPM_ST tag; 32348 std::string tag_bytes; 32349 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 32350 if (rc != TPM_RC_SUCCESS) { 32351 return rc; 32352 } 32353 UINT32 response_size; 32354 std::string response_size_bytes; 32355 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 32356 if (rc != TPM_RC_SUCCESS) { 32357 return rc; 32358 } 32359 TPM_RC response_code; 32360 std::string response_code_bytes; 32361 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 32362 if (rc != TPM_RC_SUCCESS) { 32363 return rc; 32364 } 32365 if (response_size != response.size()) { 32366 return TPM_RC_SIZE; 32367 } 32368 if (response_code != TPM_RC_SUCCESS) { 32369 return response_code; 32370 } 32371 TPM_CC command_code = TPM_CC_NV_Read; 32372 std::string command_code_bytes; 32373 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32374 if (rc != TPM_RC_SUCCESS) { 32375 return rc; 32376 } 32377 std::string authorization_section_bytes; 32378 if (tag == TPM_ST_SESSIONS) { 32379 UINT32 parameter_section_size = buffer.size(); 32380 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32381 if (rc != TPM_RC_SUCCESS) { 32382 return rc; 32383 } 32384 if (parameter_section_size > buffer.size()) { 32385 return TPM_RC_INSUFFICIENT; 32386 } 32387 authorization_section_bytes = buffer.substr(parameter_section_size); 32388 // Keep the parameter section in |buffer|. 32389 buffer.erase(parameter_section_size); 32390 } 32391 std::unique_ptr<crypto::SecureHash> hash( 32392 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32393 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 32394 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32395 hash->Update(buffer.data(), buffer.size()); 32396 std::string response_hash(32, 0); 32397 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32398 if (tag == TPM_ST_SESSIONS) { 32399 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32400 if (!authorization_delegate->CheckResponseAuthorization( 32401 response_hash, authorization_section_bytes)) { 32402 return TRUNKS_RC_AUTHORIZATION_FAILED; 32403 } 32404 } 32405 std::string data_bytes; 32406 rc = Parse_TPM2B_MAX_NV_BUFFER(&buffer, data, &data_bytes); 32407 if (rc != TPM_RC_SUCCESS) { 32408 return rc; 32409 } 32410 if (tag == TPM_ST_SESSIONS) { 32411 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32412 // Decrypt just the parameter data, not the size. 32413 std::string tmp = data_bytes.substr(2); 32414 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 32415 return TRUNKS_RC_ENCRYPTION_FAILED; 32416 } 32417 data_bytes.replace(2, std::string::npos, tmp); 32418 rc = Parse_TPM2B_MAX_NV_BUFFER(&data_bytes, data, nullptr); 32419 if (rc != TPM_RC_SUCCESS) { 32420 return rc; 32421 } 32422 } 32423 return TPM_RC_SUCCESS; 32424 } 32425 32426 void NV_ReadErrorCallback(const Tpm::NV_ReadResponse& callback, 32427 TPM_RC response_code) { 32428 VLOG(1) << __func__; 32429 callback.Run(response_code, TPM2B_MAX_NV_BUFFER()); 32430 } 32431 32432 void NV_ReadResponseParser(const Tpm::NV_ReadResponse& callback, 32433 AuthorizationDelegate* authorization_delegate, 32434 const std::string& response) { 32435 VLOG(1) << __func__; 32436 base::Callback<void(TPM_RC)> error_reporter = 32437 base::Bind(NV_ReadErrorCallback, callback); 32438 TPM2B_MAX_NV_BUFFER data; 32439 TPM_RC rc = 32440 Tpm::ParseResponse_NV_Read(response, &data, authorization_delegate); 32441 if (rc != TPM_RC_SUCCESS) { 32442 error_reporter.Run(rc); 32443 return; 32444 } 32445 callback.Run(rc, data); 32446 } 32447 32448 void Tpm::NV_Read(const TPMI_RH_NV_AUTH& auth_handle, 32449 const std::string& auth_handle_name, 32450 const TPMI_RH_NV_INDEX& nv_index, 32451 const std::string& nv_index_name, 32452 const UINT16& size, 32453 const UINT16& offset, 32454 AuthorizationDelegate* authorization_delegate, 32455 const NV_ReadResponse& callback) { 32456 VLOG(1) << __func__; 32457 base::Callback<void(TPM_RC)> error_reporter = 32458 base::Bind(NV_ReadErrorCallback, callback); 32459 base::Callback<void(const std::string&)> parser = 32460 base::Bind(NV_ReadResponseParser, callback, authorization_delegate); 32461 std::string command; 32462 TPM_RC rc = SerializeCommand_NV_Read(auth_handle, auth_handle_name, nv_index, 32463 nv_index_name, size, offset, &command, 32464 authorization_delegate); 32465 if (rc != TPM_RC_SUCCESS) { 32466 error_reporter.Run(rc); 32467 return; 32468 } 32469 transceiver_->SendCommand(command, parser); 32470 } 32471 32472 TPM_RC Tpm::NV_ReadSync(const TPMI_RH_NV_AUTH& auth_handle, 32473 const std::string& auth_handle_name, 32474 const TPMI_RH_NV_INDEX& nv_index, 32475 const std::string& nv_index_name, 32476 const UINT16& size, 32477 const UINT16& offset, 32478 TPM2B_MAX_NV_BUFFER* data, 32479 AuthorizationDelegate* authorization_delegate) { 32480 VLOG(1) << __func__; 32481 std::string command; 32482 TPM_RC rc = SerializeCommand_NV_Read(auth_handle, auth_handle_name, nv_index, 32483 nv_index_name, size, offset, &command, 32484 authorization_delegate); 32485 if (rc != TPM_RC_SUCCESS) { 32486 return rc; 32487 } 32488 std::string response = transceiver_->SendCommandAndWait(command); 32489 rc = ParseResponse_NV_Read(response, data, authorization_delegate); 32490 return rc; 32491 } 32492 32493 TPM_RC Tpm::SerializeCommand_NV_ReadLock( 32494 const TPMI_RH_NV_AUTH& auth_handle, 32495 const std::string& auth_handle_name, 32496 const TPMI_RH_NV_INDEX& nv_index, 32497 const std::string& nv_index_name, 32498 std::string* serialized_command, 32499 AuthorizationDelegate* authorization_delegate) { 32500 VLOG(3) << __func__; 32501 TPM_RC rc = TPM_RC_SUCCESS; 32502 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32503 UINT32 command_size = 10; // Header size. 32504 std::string handle_section_bytes; 32505 std::string parameter_section_bytes; 32506 TPM_CC command_code = TPM_CC_NV_ReadLock; 32507 bool is_command_parameter_encryption_possible = false; 32508 bool is_response_parameter_encryption_possible = false; 32509 std::string command_code_bytes; 32510 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32511 if (rc != TPM_RC_SUCCESS) { 32512 return rc; 32513 } 32514 std::string auth_handle_bytes; 32515 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 32516 if (rc != TPM_RC_SUCCESS) { 32517 return rc; 32518 } 32519 std::string nv_index_bytes; 32520 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 32521 if (rc != TPM_RC_SUCCESS) { 32522 return rc; 32523 } 32524 std::unique_ptr<crypto::SecureHash> hash( 32525 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32526 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32527 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 32528 handle_section_bytes += auth_handle_bytes; 32529 command_size += auth_handle_bytes.size(); 32530 hash->Update(nv_index_name.data(), nv_index_name.size()); 32531 handle_section_bytes += nv_index_bytes; 32532 command_size += nv_index_bytes.size(); 32533 std::string command_hash(32, 0); 32534 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32535 std::string authorization_section_bytes; 32536 std::string authorization_size_bytes; 32537 if (authorization_delegate) { 32538 if (!authorization_delegate->GetCommandAuthorization( 32539 command_hash, is_command_parameter_encryption_possible, 32540 is_response_parameter_encryption_possible, 32541 &authorization_section_bytes)) { 32542 return TRUNKS_RC_AUTHORIZATION_FAILED; 32543 } 32544 if (!authorization_section_bytes.empty()) { 32545 tag = TPM_ST_SESSIONS; 32546 std::string tmp; 32547 rc = Serialize_UINT32(authorization_section_bytes.size(), 32548 &authorization_size_bytes); 32549 if (rc != TPM_RC_SUCCESS) { 32550 return rc; 32551 } 32552 command_size += 32553 authorization_size_bytes.size() + authorization_section_bytes.size(); 32554 } 32555 } 32556 std::string tag_bytes; 32557 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 32558 if (rc != TPM_RC_SUCCESS) { 32559 return rc; 32560 } 32561 std::string command_size_bytes; 32562 rc = Serialize_UINT32(command_size, &command_size_bytes); 32563 if (rc != TPM_RC_SUCCESS) { 32564 return rc; 32565 } 32566 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 32567 handle_section_bytes + authorization_size_bytes + 32568 authorization_section_bytes + parameter_section_bytes; 32569 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32570 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32571 serialized_command->size()); 32572 return TPM_RC_SUCCESS; 32573 } 32574 32575 TPM_RC Tpm::ParseResponse_NV_ReadLock( 32576 const std::string& response, 32577 AuthorizationDelegate* authorization_delegate) { 32578 VLOG(3) << __func__; 32579 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32580 TPM_RC rc = TPM_RC_SUCCESS; 32581 std::string buffer(response); 32582 TPM_ST tag; 32583 std::string tag_bytes; 32584 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 32585 if (rc != TPM_RC_SUCCESS) { 32586 return rc; 32587 } 32588 UINT32 response_size; 32589 std::string response_size_bytes; 32590 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 32591 if (rc != TPM_RC_SUCCESS) { 32592 return rc; 32593 } 32594 TPM_RC response_code; 32595 std::string response_code_bytes; 32596 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 32597 if (rc != TPM_RC_SUCCESS) { 32598 return rc; 32599 } 32600 if (response_size != response.size()) { 32601 return TPM_RC_SIZE; 32602 } 32603 if (response_code != TPM_RC_SUCCESS) { 32604 return response_code; 32605 } 32606 TPM_CC command_code = TPM_CC_NV_ReadLock; 32607 std::string command_code_bytes; 32608 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32609 if (rc != TPM_RC_SUCCESS) { 32610 return rc; 32611 } 32612 std::string authorization_section_bytes; 32613 if (tag == TPM_ST_SESSIONS) { 32614 UINT32 parameter_section_size = buffer.size(); 32615 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32616 if (rc != TPM_RC_SUCCESS) { 32617 return rc; 32618 } 32619 if (parameter_section_size > buffer.size()) { 32620 return TPM_RC_INSUFFICIENT; 32621 } 32622 authorization_section_bytes = buffer.substr(parameter_section_size); 32623 // Keep the parameter section in |buffer|. 32624 buffer.erase(parameter_section_size); 32625 } 32626 std::unique_ptr<crypto::SecureHash> hash( 32627 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32628 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 32629 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32630 hash->Update(buffer.data(), buffer.size()); 32631 std::string response_hash(32, 0); 32632 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32633 if (tag == TPM_ST_SESSIONS) { 32634 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32635 if (!authorization_delegate->CheckResponseAuthorization( 32636 response_hash, authorization_section_bytes)) { 32637 return TRUNKS_RC_AUTHORIZATION_FAILED; 32638 } 32639 } 32640 return TPM_RC_SUCCESS; 32641 } 32642 32643 void NV_ReadLockErrorCallback(const Tpm::NV_ReadLockResponse& callback, 32644 TPM_RC response_code) { 32645 VLOG(1) << __func__; 32646 callback.Run(response_code); 32647 } 32648 32649 void NV_ReadLockResponseParser(const Tpm::NV_ReadLockResponse& callback, 32650 AuthorizationDelegate* authorization_delegate, 32651 const std::string& response) { 32652 VLOG(1) << __func__; 32653 base::Callback<void(TPM_RC)> error_reporter = 32654 base::Bind(NV_ReadLockErrorCallback, callback); 32655 TPM_RC rc = Tpm::ParseResponse_NV_ReadLock(response, authorization_delegate); 32656 if (rc != TPM_RC_SUCCESS) { 32657 error_reporter.Run(rc); 32658 return; 32659 } 32660 callback.Run(rc); 32661 } 32662 32663 void Tpm::NV_ReadLock(const TPMI_RH_NV_AUTH& auth_handle, 32664 const std::string& auth_handle_name, 32665 const TPMI_RH_NV_INDEX& nv_index, 32666 const std::string& nv_index_name, 32667 AuthorizationDelegate* authorization_delegate, 32668 const NV_ReadLockResponse& callback) { 32669 VLOG(1) << __func__; 32670 base::Callback<void(TPM_RC)> error_reporter = 32671 base::Bind(NV_ReadLockErrorCallback, callback); 32672 base::Callback<void(const std::string&)> parser = 32673 base::Bind(NV_ReadLockResponseParser, callback, authorization_delegate); 32674 std::string command; 32675 TPM_RC rc = SerializeCommand_NV_ReadLock(auth_handle, auth_handle_name, 32676 nv_index, nv_index_name, &command, 32677 authorization_delegate); 32678 if (rc != TPM_RC_SUCCESS) { 32679 error_reporter.Run(rc); 32680 return; 32681 } 32682 transceiver_->SendCommand(command, parser); 32683 } 32684 32685 TPM_RC Tpm::NV_ReadLockSync(const TPMI_RH_NV_AUTH& auth_handle, 32686 const std::string& auth_handle_name, 32687 const TPMI_RH_NV_INDEX& nv_index, 32688 const std::string& nv_index_name, 32689 AuthorizationDelegate* authorization_delegate) { 32690 VLOG(1) << __func__; 32691 std::string command; 32692 TPM_RC rc = SerializeCommand_NV_ReadLock(auth_handle, auth_handle_name, 32693 nv_index, nv_index_name, &command, 32694 authorization_delegate); 32695 if (rc != TPM_RC_SUCCESS) { 32696 return rc; 32697 } 32698 std::string response = transceiver_->SendCommandAndWait(command); 32699 rc = ParseResponse_NV_ReadLock(response, authorization_delegate); 32700 return rc; 32701 } 32702 32703 TPM_RC Tpm::SerializeCommand_NV_ChangeAuth( 32704 const TPMI_RH_NV_INDEX& nv_index, 32705 const std::string& nv_index_name, 32706 const TPM2B_AUTH& new_auth, 32707 std::string* serialized_command, 32708 AuthorizationDelegate* authorization_delegate) { 32709 VLOG(3) << __func__; 32710 TPM_RC rc = TPM_RC_SUCCESS; 32711 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32712 UINT32 command_size = 10; // Header size. 32713 std::string handle_section_bytes; 32714 std::string parameter_section_bytes; 32715 TPM_CC command_code = TPM_CC_NV_ChangeAuth; 32716 bool is_command_parameter_encryption_possible = true; 32717 bool is_response_parameter_encryption_possible = false; 32718 std::string command_code_bytes; 32719 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32720 if (rc != TPM_RC_SUCCESS) { 32721 return rc; 32722 } 32723 std::string nv_index_bytes; 32724 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 32725 if (rc != TPM_RC_SUCCESS) { 32726 return rc; 32727 } 32728 std::string new_auth_bytes; 32729 rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes); 32730 if (rc != TPM_RC_SUCCESS) { 32731 return rc; 32732 } 32733 if (authorization_delegate) { 32734 // Encrypt just the parameter data, not the size. 32735 std::string tmp = new_auth_bytes.substr(2); 32736 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 32737 return TRUNKS_RC_ENCRYPTION_FAILED; 32738 } 32739 new_auth_bytes.replace(2, std::string::npos, tmp); 32740 } 32741 std::unique_ptr<crypto::SecureHash> hash( 32742 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32743 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32744 hash->Update(nv_index_name.data(), nv_index_name.size()); 32745 handle_section_bytes += nv_index_bytes; 32746 command_size += nv_index_bytes.size(); 32747 hash->Update(new_auth_bytes.data(), new_auth_bytes.size()); 32748 parameter_section_bytes += new_auth_bytes; 32749 command_size += new_auth_bytes.size(); 32750 std::string command_hash(32, 0); 32751 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32752 std::string authorization_section_bytes; 32753 std::string authorization_size_bytes; 32754 if (authorization_delegate) { 32755 if (!authorization_delegate->GetCommandAuthorization( 32756 command_hash, is_command_parameter_encryption_possible, 32757 is_response_parameter_encryption_possible, 32758 &authorization_section_bytes)) { 32759 return TRUNKS_RC_AUTHORIZATION_FAILED; 32760 } 32761 if (!authorization_section_bytes.empty()) { 32762 tag = TPM_ST_SESSIONS; 32763 std::string tmp; 32764 rc = Serialize_UINT32(authorization_section_bytes.size(), 32765 &authorization_size_bytes); 32766 if (rc != TPM_RC_SUCCESS) { 32767 return rc; 32768 } 32769 command_size += 32770 authorization_size_bytes.size() + authorization_section_bytes.size(); 32771 } 32772 } 32773 std::string tag_bytes; 32774 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 32775 if (rc != TPM_RC_SUCCESS) { 32776 return rc; 32777 } 32778 std::string command_size_bytes; 32779 rc = Serialize_UINT32(command_size, &command_size_bytes); 32780 if (rc != TPM_RC_SUCCESS) { 32781 return rc; 32782 } 32783 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 32784 handle_section_bytes + authorization_size_bytes + 32785 authorization_section_bytes + parameter_section_bytes; 32786 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32787 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32788 serialized_command->size()); 32789 return TPM_RC_SUCCESS; 32790 } 32791 32792 TPM_RC Tpm::ParseResponse_NV_ChangeAuth( 32793 const std::string& response, 32794 AuthorizationDelegate* authorization_delegate) { 32795 VLOG(3) << __func__; 32796 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32797 TPM_RC rc = TPM_RC_SUCCESS; 32798 std::string buffer(response); 32799 TPM_ST tag; 32800 std::string tag_bytes; 32801 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 32802 if (rc != TPM_RC_SUCCESS) { 32803 return rc; 32804 } 32805 UINT32 response_size; 32806 std::string response_size_bytes; 32807 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 32808 if (rc != TPM_RC_SUCCESS) { 32809 return rc; 32810 } 32811 TPM_RC response_code; 32812 std::string response_code_bytes; 32813 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 32814 if (rc != TPM_RC_SUCCESS) { 32815 return rc; 32816 } 32817 if (response_size != response.size()) { 32818 return TPM_RC_SIZE; 32819 } 32820 if (response_code != TPM_RC_SUCCESS) { 32821 return response_code; 32822 } 32823 TPM_CC command_code = TPM_CC_NV_ChangeAuth; 32824 std::string command_code_bytes; 32825 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32826 if (rc != TPM_RC_SUCCESS) { 32827 return rc; 32828 } 32829 std::string authorization_section_bytes; 32830 if (tag == TPM_ST_SESSIONS) { 32831 UINT32 parameter_section_size = buffer.size(); 32832 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32833 if (rc != TPM_RC_SUCCESS) { 32834 return rc; 32835 } 32836 if (parameter_section_size > buffer.size()) { 32837 return TPM_RC_INSUFFICIENT; 32838 } 32839 authorization_section_bytes = buffer.substr(parameter_section_size); 32840 // Keep the parameter section in |buffer|. 32841 buffer.erase(parameter_section_size); 32842 } 32843 std::unique_ptr<crypto::SecureHash> hash( 32844 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32845 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 32846 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32847 hash->Update(buffer.data(), buffer.size()); 32848 std::string response_hash(32, 0); 32849 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32850 if (tag == TPM_ST_SESSIONS) { 32851 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32852 if (!authorization_delegate->CheckResponseAuthorization( 32853 response_hash, authorization_section_bytes)) { 32854 return TRUNKS_RC_AUTHORIZATION_FAILED; 32855 } 32856 } 32857 return TPM_RC_SUCCESS; 32858 } 32859 32860 void NV_ChangeAuthErrorCallback(const Tpm::NV_ChangeAuthResponse& callback, 32861 TPM_RC response_code) { 32862 VLOG(1) << __func__; 32863 callback.Run(response_code); 32864 } 32865 32866 void NV_ChangeAuthResponseParser(const Tpm::NV_ChangeAuthResponse& callback, 32867 AuthorizationDelegate* authorization_delegate, 32868 const std::string& response) { 32869 VLOG(1) << __func__; 32870 base::Callback<void(TPM_RC)> error_reporter = 32871 base::Bind(NV_ChangeAuthErrorCallback, callback); 32872 TPM_RC rc = 32873 Tpm::ParseResponse_NV_ChangeAuth(response, authorization_delegate); 32874 if (rc != TPM_RC_SUCCESS) { 32875 error_reporter.Run(rc); 32876 return; 32877 } 32878 callback.Run(rc); 32879 } 32880 32881 void Tpm::NV_ChangeAuth(const TPMI_RH_NV_INDEX& nv_index, 32882 const std::string& nv_index_name, 32883 const TPM2B_AUTH& new_auth, 32884 AuthorizationDelegate* authorization_delegate, 32885 const NV_ChangeAuthResponse& callback) { 32886 VLOG(1) << __func__; 32887 base::Callback<void(TPM_RC)> error_reporter = 32888 base::Bind(NV_ChangeAuthErrorCallback, callback); 32889 base::Callback<void(const std::string&)> parser = 32890 base::Bind(NV_ChangeAuthResponseParser, callback, authorization_delegate); 32891 std::string command; 32892 TPM_RC rc = SerializeCommand_NV_ChangeAuth(nv_index, nv_index_name, new_auth, 32893 &command, authorization_delegate); 32894 if (rc != TPM_RC_SUCCESS) { 32895 error_reporter.Run(rc); 32896 return; 32897 } 32898 transceiver_->SendCommand(command, parser); 32899 } 32900 32901 TPM_RC Tpm::NV_ChangeAuthSync(const TPMI_RH_NV_INDEX& nv_index, 32902 const std::string& nv_index_name, 32903 const TPM2B_AUTH& new_auth, 32904 AuthorizationDelegate* authorization_delegate) { 32905 VLOG(1) << __func__; 32906 std::string command; 32907 TPM_RC rc = SerializeCommand_NV_ChangeAuth(nv_index, nv_index_name, new_auth, 32908 &command, authorization_delegate); 32909 if (rc != TPM_RC_SUCCESS) { 32910 return rc; 32911 } 32912 std::string response = transceiver_->SendCommandAndWait(command); 32913 rc = ParseResponse_NV_ChangeAuth(response, authorization_delegate); 32914 return rc; 32915 } 32916 32917 TPM_RC Tpm::SerializeCommand_NV_Certify( 32918 const TPMI_DH_OBJECT& sign_handle, 32919 const std::string& sign_handle_name, 32920 const TPMI_RH_NV_AUTH& auth_handle, 32921 const std::string& auth_handle_name, 32922 const TPMI_RH_NV_INDEX& nv_index, 32923 const std::string& nv_index_name, 32924 const TPM2B_DATA& qualifying_data, 32925 const TPMT_SIG_SCHEME& in_scheme, 32926 const UINT16& size, 32927 const UINT16& offset, 32928 std::string* serialized_command, 32929 AuthorizationDelegate* authorization_delegate) { 32930 VLOG(3) << __func__; 32931 TPM_RC rc = TPM_RC_SUCCESS; 32932 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32933 UINT32 command_size = 10; // Header size. 32934 std::string handle_section_bytes; 32935 std::string parameter_section_bytes; 32936 TPM_CC command_code = TPM_CC_NV_Certify; 32937 bool is_command_parameter_encryption_possible = true; 32938 bool is_response_parameter_encryption_possible = true; 32939 std::string command_code_bytes; 32940 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 32941 if (rc != TPM_RC_SUCCESS) { 32942 return rc; 32943 } 32944 std::string sign_handle_bytes; 32945 rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes); 32946 if (rc != TPM_RC_SUCCESS) { 32947 return rc; 32948 } 32949 std::string auth_handle_bytes; 32950 rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes); 32951 if (rc != TPM_RC_SUCCESS) { 32952 return rc; 32953 } 32954 std::string nv_index_bytes; 32955 rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes); 32956 if (rc != TPM_RC_SUCCESS) { 32957 return rc; 32958 } 32959 std::string qualifying_data_bytes; 32960 rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes); 32961 if (rc != TPM_RC_SUCCESS) { 32962 return rc; 32963 } 32964 std::string in_scheme_bytes; 32965 rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes); 32966 if (rc != TPM_RC_SUCCESS) { 32967 return rc; 32968 } 32969 std::string size_bytes; 32970 rc = Serialize_UINT16(size, &size_bytes); 32971 if (rc != TPM_RC_SUCCESS) { 32972 return rc; 32973 } 32974 std::string offset_bytes; 32975 rc = Serialize_UINT16(offset, &offset_bytes); 32976 if (rc != TPM_RC_SUCCESS) { 32977 return rc; 32978 } 32979 if (authorization_delegate) { 32980 // Encrypt just the parameter data, not the size. 32981 std::string tmp = qualifying_data_bytes.substr(2); 32982 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 32983 return TRUNKS_RC_ENCRYPTION_FAILED; 32984 } 32985 qualifying_data_bytes.replace(2, std::string::npos, tmp); 32986 } 32987 std::unique_ptr<crypto::SecureHash> hash( 32988 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 32989 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 32990 hash->Update(sign_handle_name.data(), sign_handle_name.size()); 32991 handle_section_bytes += sign_handle_bytes; 32992 command_size += sign_handle_bytes.size(); 32993 hash->Update(auth_handle_name.data(), auth_handle_name.size()); 32994 handle_section_bytes += auth_handle_bytes; 32995 command_size += auth_handle_bytes.size(); 32996 hash->Update(nv_index_name.data(), nv_index_name.size()); 32997 handle_section_bytes += nv_index_bytes; 32998 command_size += nv_index_bytes.size(); 32999 hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size()); 33000 parameter_section_bytes += qualifying_data_bytes; 33001 command_size += qualifying_data_bytes.size(); 33002 hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size()); 33003 parameter_section_bytes += in_scheme_bytes; 33004 command_size += in_scheme_bytes.size(); 33005 hash->Update(size_bytes.data(), size_bytes.size()); 33006 parameter_section_bytes += size_bytes; 33007 command_size += size_bytes.size(); 33008 hash->Update(offset_bytes.data(), offset_bytes.size()); 33009 parameter_section_bytes += offset_bytes; 33010 command_size += offset_bytes.size(); 33011 std::string command_hash(32, 0); 33012 hash->Finish(string_as_array(&command_hash), command_hash.size()); 33013 std::string authorization_section_bytes; 33014 std::string authorization_size_bytes; 33015 if (authorization_delegate) { 33016 if (!authorization_delegate->GetCommandAuthorization( 33017 command_hash, is_command_parameter_encryption_possible, 33018 is_response_parameter_encryption_possible, 33019 &authorization_section_bytes)) { 33020 return TRUNKS_RC_AUTHORIZATION_FAILED; 33021 } 33022 if (!authorization_section_bytes.empty()) { 33023 tag = TPM_ST_SESSIONS; 33024 std::string tmp; 33025 rc = Serialize_UINT32(authorization_section_bytes.size(), 33026 &authorization_size_bytes); 33027 if (rc != TPM_RC_SUCCESS) { 33028 return rc; 33029 } 33030 command_size += 33031 authorization_size_bytes.size() + authorization_section_bytes.size(); 33032 } 33033 } 33034 std::string tag_bytes; 33035 rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes); 33036 if (rc != TPM_RC_SUCCESS) { 33037 return rc; 33038 } 33039 std::string command_size_bytes; 33040 rc = Serialize_UINT32(command_size, &command_size_bytes); 33041 if (rc != TPM_RC_SUCCESS) { 33042 return rc; 33043 } 33044 *serialized_command = tag_bytes + command_size_bytes + command_code_bytes + 33045 handle_section_bytes + authorization_size_bytes + 33046 authorization_section_bytes + parameter_section_bytes; 33047 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 33048 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 33049 serialized_command->size()); 33050 return TPM_RC_SUCCESS; 33051 } 33052 33053 TPM_RC Tpm::ParseResponse_NV_Certify( 33054 const std::string& response, 33055 TPM2B_ATTEST* certify_info, 33056 TPMT_SIGNATURE* signature, 33057 AuthorizationDelegate* authorization_delegate) { 33058 VLOG(3) << __func__; 33059 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 33060 TPM_RC rc = TPM_RC_SUCCESS; 33061 std::string buffer(response); 33062 TPM_ST tag; 33063 std::string tag_bytes; 33064 rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes); 33065 if (rc != TPM_RC_SUCCESS) { 33066 return rc; 33067 } 33068 UINT32 response_size; 33069 std::string response_size_bytes; 33070 rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes); 33071 if (rc != TPM_RC_SUCCESS) { 33072 return rc; 33073 } 33074 TPM_RC response_code; 33075 std::string response_code_bytes; 33076 rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes); 33077 if (rc != TPM_RC_SUCCESS) { 33078 return rc; 33079 } 33080 if (response_size != response.size()) { 33081 return TPM_RC_SIZE; 33082 } 33083 if (response_code != TPM_RC_SUCCESS) { 33084 return response_code; 33085 } 33086 TPM_CC command_code = TPM_CC_NV_Certify; 33087 std::string command_code_bytes; 33088 rc = Serialize_TPM_CC(command_code, &command_code_bytes); 33089 if (rc != TPM_RC_SUCCESS) { 33090 return rc; 33091 } 33092 std::string authorization_section_bytes; 33093 if (tag == TPM_ST_SESSIONS) { 33094 UINT32 parameter_section_size = buffer.size(); 33095 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 33096 if (rc != TPM_RC_SUCCESS) { 33097 return rc; 33098 } 33099 if (parameter_section_size > buffer.size()) { 33100 return TPM_RC_INSUFFICIENT; 33101 } 33102 authorization_section_bytes = buffer.substr(parameter_section_size); 33103 // Keep the parameter section in |buffer|. 33104 buffer.erase(parameter_section_size); 33105 } 33106 std::unique_ptr<crypto::SecureHash> hash( 33107 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 33108 hash->Update(response_code_bytes.data(), response_code_bytes.size()); 33109 hash->Update(command_code_bytes.data(), command_code_bytes.size()); 33110 hash->Update(buffer.data(), buffer.size()); 33111 std::string response_hash(32, 0); 33112 hash->Finish(string_as_array(&response_hash), response_hash.size()); 33113 if (tag == TPM_ST_SESSIONS) { 33114 CHECK(authorization_delegate) << "Authorization delegate missing!"; 33115 if (!authorization_delegate->CheckResponseAuthorization( 33116 response_hash, authorization_section_bytes)) { 33117 return TRUNKS_RC_AUTHORIZATION_FAILED; 33118 } 33119 } 33120 std::string certify_info_bytes; 33121 rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes); 33122 if (rc != TPM_RC_SUCCESS) { 33123 return rc; 33124 } 33125 std::string signature_bytes; 33126 rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes); 33127 if (rc != TPM_RC_SUCCESS) { 33128 return rc; 33129 } 33130 if (tag == TPM_ST_SESSIONS) { 33131 CHECK(authorization_delegate) << "Authorization delegate missing!"; 33132 // Decrypt just the parameter data, not the size. 33133 std::string tmp = certify_info_bytes.substr(2); 33134 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 33135 return TRUNKS_RC_ENCRYPTION_FAILED; 33136 } 33137 certify_info_bytes.replace(2, std::string::npos, tmp); 33138 rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr); 33139 if (rc != TPM_RC_SUCCESS) { 33140 return rc; 33141 } 33142 } 33143 return TPM_RC_SUCCESS; 33144 } 33145 33146 void NV_CertifyErrorCallback(const Tpm::NV_CertifyResponse& callback, 33147 TPM_RC response_code) { 33148 VLOG(1) << __func__; 33149 callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE()); 33150 } 33151 33152 void NV_CertifyResponseParser(const Tpm::NV_CertifyResponse& callback, 33153 AuthorizationDelegate* authorization_delegate, 33154 const std::string& response) { 33155 VLOG(1) << __func__; 33156 base::Callback<void(TPM_RC)> error_reporter = 33157 base::Bind(NV_CertifyErrorCallback, callback); 33158 TPM2B_ATTEST certify_info; 33159 TPMT_SIGNATURE signature; 33160 TPM_RC rc = Tpm::ParseResponse_NV_Certify(response, &certify_info, &signature, 33161 authorization_delegate); 33162 if (rc != TPM_RC_SUCCESS) { 33163 error_reporter.Run(rc); 33164 return; 33165 } 33166 callback.Run(rc, certify_info, signature); 33167 } 33168 33169 void Tpm::NV_Certify(const TPMI_DH_OBJECT& sign_handle, 33170 const std::string& sign_handle_name, 33171 const TPMI_RH_NV_AUTH& auth_handle, 33172 const std::string& auth_handle_name, 33173 const TPMI_RH_NV_INDEX& nv_index, 33174 const std::string& nv_index_name, 33175 const TPM2B_DATA& qualifying_data, 33176 const TPMT_SIG_SCHEME& in_scheme, 33177 const UINT16& size, 33178 const UINT16& offset, 33179 AuthorizationDelegate* authorization_delegate, 33180 const NV_CertifyResponse& callback) { 33181 VLOG(1) << __func__; 33182 base::Callback<void(TPM_RC)> error_reporter = 33183 base::Bind(NV_CertifyErrorCallback, callback); 33184 base::Callback<void(const std::string&)> parser = 33185 base::Bind(NV_CertifyResponseParser, callback, authorization_delegate); 33186 std::string command; 33187 TPM_RC rc = SerializeCommand_NV_Certify( 33188 sign_handle, sign_handle_name, auth_handle, auth_handle_name, nv_index, 33189 nv_index_name, qualifying_data, in_scheme, size, offset, &command, 33190 authorization_delegate); 33191 if (rc != TPM_RC_SUCCESS) { 33192 error_reporter.Run(rc); 33193 return; 33194 } 33195 transceiver_->SendCommand(command, parser); 33196 } 33197 33198 TPM_RC Tpm::NV_CertifySync(const TPMI_DH_OBJECT& sign_handle, 33199 const std::string& sign_handle_name, 33200 const TPMI_RH_NV_AUTH& auth_handle, 33201 const std::string& auth_handle_name, 33202 const TPMI_RH_NV_INDEX& nv_index, 33203 const std::string& nv_index_name, 33204 const TPM2B_DATA& qualifying_data, 33205 const TPMT_SIG_SCHEME& in_scheme, 33206 const UINT16& size, 33207 const UINT16& offset, 33208 TPM2B_ATTEST* certify_info, 33209 TPMT_SIGNATURE* signature, 33210 AuthorizationDelegate* authorization_delegate) { 33211 VLOG(1) << __func__; 33212 std::string command; 33213 TPM_RC rc = SerializeCommand_NV_Certify( 33214 sign_handle, sign_handle_name, auth_handle, auth_handle_name, nv_index, 33215 nv_index_name, qualifying_data, in_scheme, size, offset, &command, 33216 authorization_delegate); 33217 if (rc != TPM_RC_SUCCESS) { 33218 return rc; 33219 } 33220 std::string response = transceiver_->SendCommandAndWait(command); 33221 rc = ParseResponse_NV_Certify(response, certify_info, signature, 33222 authorization_delegate); 33223 return rc; 33224 } 33225 33226 } // namespace trunks 33227