Home | History | Annotate | Download | only in trunks 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 // THIS CODE IS GENERATED - DO NOT MODIFY!
     18 
     19 #include "trunks/tpm_generated.h"
     20 
     21 #include <memory>
     22 #include <string>
     23 
     24 #include <base/bind.h>
     25 #include <base/callback.h>
     26 #include <base/logging.h>
     27 #include <base/macros.h>
     28 #include <base/stl_util.h>
     29 #include <base/strings/string_number_conversions.h>
     30 #include <base/sys_byteorder.h>
     31 #include <crypto/secure_hash.h>
     32 
     33 #include "trunks/authorization_delegate.h"
     34 #include "trunks/command_transceiver.h"
     35 #include "trunks/error_codes.h"
     36 
     37 namespace trunks {
     38 
     39 size_t GetNumberOfRequestHandles(TPM_CC command_code) {
     40   switch (command_code) {
     41     case TPM_CC_Startup:
     42       return 0;
     43     case TPM_CC_Shutdown:
     44       return 0;
     45     case TPM_CC_SelfTest:
     46       return 0;
     47     case TPM_CC_IncrementalSelfTest:
     48       return 0;
     49     case TPM_CC_GetTestResult:
     50       return 0;
     51     case TPM_CC_StartAuthSession:
     52       return 2;
     53     case TPM_CC_PolicyRestart:
     54       return 1;
     55     case TPM_CC_Create:
     56       return 1;
     57     case TPM_CC_Load:
     58       return 1;
     59     case TPM_CC_LoadExternal:
     60       return 0;
     61     case TPM_CC_ReadPublic:
     62       return 1;
     63     case TPM_CC_ActivateCredential:
     64       return 2;
     65     case TPM_CC_MakeCredential:
     66       return 1;
     67     case TPM_CC_Unseal:
     68       return 1;
     69     case TPM_CC_ObjectChangeAuth:
     70       return 2;
     71     case TPM_CC_Duplicate:
     72       return 2;
     73     case TPM_CC_Rewrap:
     74       return 2;
     75     case TPM_CC_Import:
     76       return 1;
     77     case TPM_CC_RSA_Encrypt:
     78       return 1;
     79     case TPM_CC_RSA_Decrypt:
     80       return 1;
     81     case TPM_CC_ECDH_KeyGen:
     82       return 1;
     83     case TPM_CC_ECDH_ZGen:
     84       return 1;
     85     case TPM_CC_ECC_Parameters:
     86       return 0;
     87     case TPM_CC_ZGen_2Phase:
     88       return 1;
     89     case TPM_CC_EncryptDecrypt:
     90       return 1;
     91     case TPM_CC_Hash:
     92       return 0;
     93     case TPM_CC_HMAC:
     94       return 1;
     95     case TPM_CC_GetRandom:
     96       return 0;
     97     case TPM_CC_StirRandom:
     98       return 0;
     99     case TPM_CC_HMAC_Start:
    100       return 1;
    101     case TPM_CC_HashSequenceStart:
    102       return 0;
    103     case TPM_CC_SequenceUpdate:
    104       return 1;
    105     case TPM_CC_SequenceComplete:
    106       return 1;
    107     case TPM_CC_EventSequenceComplete:
    108       return 2;
    109     case TPM_CC_Certify:
    110       return 2;
    111     case TPM_CC_CertifyCreation:
    112       return 2;
    113     case TPM_CC_Quote:
    114       return 1;
    115     case TPM_CC_GetSessionAuditDigest:
    116       return 3;
    117     case TPM_CC_GetCommandAuditDigest:
    118       return 2;
    119     case TPM_CC_GetTime:
    120       return 2;
    121     case TPM_CC_Commit:
    122       return 1;
    123     case TPM_CC_EC_Ephemeral:
    124       return 0;
    125     case TPM_CC_VerifySignature:
    126       return 1;
    127     case TPM_CC_Sign:
    128       return 1;
    129     case TPM_CC_SetCommandCodeAuditStatus:
    130       return 1;
    131     case TPM_CC_PCR_Extend:
    132       return 1;
    133     case TPM_CC_PCR_Event:
    134       return 1;
    135     case TPM_CC_PCR_Read:
    136       return 0;
    137     case TPM_CC_PCR_Allocate:
    138       return 1;
    139     case TPM_CC_PCR_SetAuthPolicy:
    140       return 2;
    141     case TPM_CC_PCR_SetAuthValue:
    142       return 1;
    143     case TPM_CC_PCR_Reset:
    144       return 1;
    145     case TPM_CC_PolicySigned:
    146       return 2;
    147     case TPM_CC_PolicySecret:
    148       return 2;
    149     case TPM_CC_PolicyTicket:
    150       return 1;
    151     case TPM_CC_PolicyOR:
    152       return 1;
    153     case TPM_CC_PolicyPCR:
    154       return 1;
    155     case TPM_CC_PolicyLocality:
    156       return 1;
    157     case TPM_CC_PolicyNV:
    158       return 3;
    159     case TPM_CC_PolicyCounterTimer:
    160       return 1;
    161     case TPM_CC_PolicyCommandCode:
    162       return 1;
    163     case TPM_CC_PolicyPhysicalPresence:
    164       return 1;
    165     case TPM_CC_PolicyCpHash:
    166       return 1;
    167     case TPM_CC_PolicyNameHash:
    168       return 1;
    169     case TPM_CC_PolicyDuplicationSelect:
    170       return 1;
    171     case TPM_CC_PolicyAuthorize:
    172       return 1;
    173     case TPM_CC_PolicyAuthValue:
    174       return 1;
    175     case TPM_CC_PolicyPassword:
    176       return 1;
    177     case TPM_CC_PolicyGetDigest:
    178       return 1;
    179     case TPM_CC_PolicyNvWritten:
    180       return 1;
    181     case TPM_CC_CreatePrimary:
    182       return 1;
    183     case TPM_CC_HierarchyControl:
    184       return 1;
    185     case TPM_CC_SetPrimaryPolicy:
    186       return 1;
    187     case TPM_CC_ChangePPS:
    188       return 1;
    189     case TPM_CC_ChangeEPS:
    190       return 1;
    191     case TPM_CC_Clear:
    192       return 1;
    193     case TPM_CC_ClearControl:
    194       return 1;
    195     case TPM_CC_HierarchyChangeAuth:
    196       return 1;
    197     case TPM_CC_DictionaryAttackLockReset:
    198       return 1;
    199     case TPM_CC_DictionaryAttackParameters:
    200       return 1;
    201     case TPM_CC_PP_Commands:
    202       return 1;
    203     case TPM_CC_SetAlgorithmSet:
    204       return 1;
    205     case TPM_CC_FieldUpgradeStart:
    206       return 2;
    207     case TPM_CC_FieldUpgradeData:
    208       return 0;
    209     case TPM_CC_FirmwareRead:
    210       return 0;
    211     case TPM_CC_ContextSave:
    212       return 1;
    213     case TPM_CC_ContextLoad:
    214       return 0;
    215     case TPM_CC_FlushContext:
    216       return 0;
    217     case TPM_CC_EvictControl:
    218       return 2;
    219     case TPM_CC_ReadClock:
    220       return 0;
    221     case TPM_CC_ClockSet:
    222       return 1;
    223     case TPM_CC_ClockRateAdjust:
    224       return 1;
    225     case TPM_CC_GetCapability:
    226       return 0;
    227     case TPM_CC_TestParms:
    228       return 0;
    229     case TPM_CC_NV_DefineSpace:
    230       return 1;
    231     case TPM_CC_NV_UndefineSpace:
    232       return 2;
    233     case TPM_CC_NV_UndefineSpaceSpecial:
    234       return 2;
    235     case TPM_CC_NV_ReadPublic:
    236       return 1;
    237     case TPM_CC_NV_Write:
    238       return 2;
    239     case TPM_CC_NV_Increment:
    240       return 2;
    241     case TPM_CC_NV_Extend:
    242       return 2;
    243     case TPM_CC_NV_SetBits:
    244       return 2;
    245     case TPM_CC_NV_WriteLock:
    246       return 2;
    247     case TPM_CC_NV_GlobalWriteLock:
    248       return 1;
    249     case TPM_CC_NV_Read:
    250       return 2;
    251     case TPM_CC_NV_ReadLock:
    252       return 2;
    253     case TPM_CC_NV_ChangeAuth:
    254       return 1;
    255     case TPM_CC_NV_Certify:
    256       return 3;
    257     default:
    258       LOG(WARNING) << "Unknown command code: " << command_code;
    259   }
    260   return 0;
    261 }
    262 
    263 size_t GetNumberOfResponseHandles(TPM_CC command_code) {
    264   switch (command_code) {
    265     case TPM_CC_Startup:
    266       return 0;
    267     case TPM_CC_Shutdown:
    268       return 0;
    269     case TPM_CC_SelfTest:
    270       return 0;
    271     case TPM_CC_IncrementalSelfTest:
    272       return 0;
    273     case TPM_CC_GetTestResult:
    274       return 0;
    275     case TPM_CC_StartAuthSession:
    276       return 1;
    277     case TPM_CC_PolicyRestart:
    278       return 0;
    279     case TPM_CC_Create:
    280       return 0;
    281     case TPM_CC_Load:
    282       return 1;
    283     case TPM_CC_LoadExternal:
    284       return 1;
    285     case TPM_CC_ReadPublic:
    286       return 0;
    287     case TPM_CC_ActivateCredential:
    288       return 0;
    289     case TPM_CC_MakeCredential:
    290       return 0;
    291     case TPM_CC_Unseal:
    292       return 0;
    293     case TPM_CC_ObjectChangeAuth:
    294       return 0;
    295     case TPM_CC_Duplicate:
    296       return 0;
    297     case TPM_CC_Rewrap:
    298       return 0;
    299     case TPM_CC_Import:
    300       return 0;
    301     case TPM_CC_RSA_Encrypt:
    302       return 0;
    303     case TPM_CC_RSA_Decrypt:
    304       return 0;
    305     case TPM_CC_ECDH_KeyGen:
    306       return 0;
    307     case TPM_CC_ECDH_ZGen:
    308       return 0;
    309     case TPM_CC_ECC_Parameters:
    310       return 0;
    311     case TPM_CC_ZGen_2Phase:
    312       return 0;
    313     case TPM_CC_EncryptDecrypt:
    314       return 0;
    315     case TPM_CC_Hash:
    316       return 0;
    317     case TPM_CC_HMAC:
    318       return 0;
    319     case TPM_CC_GetRandom:
    320       return 0;
    321     case TPM_CC_StirRandom:
    322       return 0;
    323     case TPM_CC_HMAC_Start:
    324       return 1;
    325     case TPM_CC_HashSequenceStart:
    326       return 1;
    327     case TPM_CC_SequenceUpdate:
    328       return 0;
    329     case TPM_CC_SequenceComplete:
    330       return 0;
    331     case TPM_CC_EventSequenceComplete:
    332       return 0;
    333     case TPM_CC_Certify:
    334       return 0;
    335     case TPM_CC_CertifyCreation:
    336       return 0;
    337     case TPM_CC_Quote:
    338       return 0;
    339     case TPM_CC_GetSessionAuditDigest:
    340       return 0;
    341     case TPM_CC_GetCommandAuditDigest:
    342       return 0;
    343     case TPM_CC_GetTime:
    344       return 0;
    345     case TPM_CC_Commit:
    346       return 0;
    347     case TPM_CC_EC_Ephemeral:
    348       return 0;
    349     case TPM_CC_VerifySignature:
    350       return 0;
    351     case TPM_CC_Sign:
    352       return 0;
    353     case TPM_CC_SetCommandCodeAuditStatus:
    354       return 0;
    355     case TPM_CC_PCR_Extend:
    356       return 0;
    357     case TPM_CC_PCR_Event:
    358       return 0;
    359     case TPM_CC_PCR_Read:
    360       return 0;
    361     case TPM_CC_PCR_Allocate:
    362       return 0;
    363     case TPM_CC_PCR_SetAuthPolicy:
    364       return 0;
    365     case TPM_CC_PCR_SetAuthValue:
    366       return 0;
    367     case TPM_CC_PCR_Reset:
    368       return 0;
    369     case TPM_CC_PolicySigned:
    370       return 0;
    371     case TPM_CC_PolicySecret:
    372       return 0;
    373     case TPM_CC_PolicyTicket:
    374       return 0;
    375     case TPM_CC_PolicyOR:
    376       return 0;
    377     case TPM_CC_PolicyPCR:
    378       return 0;
    379     case TPM_CC_PolicyLocality:
    380       return 0;
    381     case TPM_CC_PolicyNV:
    382       return 0;
    383     case TPM_CC_PolicyCounterTimer:
    384       return 0;
    385     case TPM_CC_PolicyCommandCode:
    386       return 0;
    387     case TPM_CC_PolicyPhysicalPresence:
    388       return 0;
    389     case TPM_CC_PolicyCpHash:
    390       return 0;
    391     case TPM_CC_PolicyNameHash:
    392       return 0;
    393     case TPM_CC_PolicyDuplicationSelect:
    394       return 0;
    395     case TPM_CC_PolicyAuthorize:
    396       return 0;
    397     case TPM_CC_PolicyAuthValue:
    398       return 0;
    399     case TPM_CC_PolicyPassword:
    400       return 0;
    401     case TPM_CC_PolicyGetDigest:
    402       return 0;
    403     case TPM_CC_PolicyNvWritten:
    404       return 0;
    405     case TPM_CC_CreatePrimary:
    406       return 1;
    407     case TPM_CC_HierarchyControl:
    408       return 0;
    409     case TPM_CC_SetPrimaryPolicy:
    410       return 0;
    411     case TPM_CC_ChangePPS:
    412       return 0;
    413     case TPM_CC_ChangeEPS:
    414       return 0;
    415     case TPM_CC_Clear:
    416       return 0;
    417     case TPM_CC_ClearControl:
    418       return 0;
    419     case TPM_CC_HierarchyChangeAuth:
    420       return 0;
    421     case TPM_CC_DictionaryAttackLockReset:
    422       return 0;
    423     case TPM_CC_DictionaryAttackParameters:
    424       return 0;
    425     case TPM_CC_PP_Commands:
    426       return 0;
    427     case TPM_CC_SetAlgorithmSet:
    428       return 0;
    429     case TPM_CC_FieldUpgradeStart:
    430       return 0;
    431     case TPM_CC_FieldUpgradeData:
    432       return 0;
    433     case TPM_CC_FirmwareRead:
    434       return 0;
    435     case TPM_CC_ContextSave:
    436       return 0;
    437     case TPM_CC_ContextLoad:
    438       return 1;
    439     case TPM_CC_FlushContext:
    440       return 0;
    441     case TPM_CC_EvictControl:
    442       return 0;
    443     case TPM_CC_ReadClock:
    444       return 0;
    445     case TPM_CC_ClockSet:
    446       return 0;
    447     case TPM_CC_ClockRateAdjust:
    448       return 0;
    449     case TPM_CC_GetCapability:
    450       return 0;
    451     case TPM_CC_TestParms:
    452       return 0;
    453     case TPM_CC_NV_DefineSpace:
    454       return 0;
    455     case TPM_CC_NV_UndefineSpace:
    456       return 0;
    457     case TPM_CC_NV_UndefineSpaceSpecial:
    458       return 0;
    459     case TPM_CC_NV_ReadPublic:
    460       return 0;
    461     case TPM_CC_NV_Write:
    462       return 0;
    463     case TPM_CC_NV_Increment:
    464       return 0;
    465     case TPM_CC_NV_Extend:
    466       return 0;
    467     case TPM_CC_NV_SetBits:
    468       return 0;
    469     case TPM_CC_NV_WriteLock:
    470       return 0;
    471     case TPM_CC_NV_GlobalWriteLock:
    472       return 0;
    473     case TPM_CC_NV_Read:
    474       return 0;
    475     case TPM_CC_NV_ReadLock:
    476       return 0;
    477     case TPM_CC_NV_ChangeAuth:
    478       return 0;
    479     case TPM_CC_NV_Certify:
    480       return 0;
    481     default:
    482       LOG(WARNING) << "Unknown command code: " << command_code;
    483   }
    484   return 0;
    485 }
    486 
    487 TPM_RC Serialize_uint8_t(const uint8_t& value, std::string* buffer) {
    488   VLOG(3) << __func__;
    489   uint8_t value_net = value;
    490   switch (sizeof(uint8_t)) {
    491     case 2:
    492       value_net = base::HostToNet16(value);
    493       break;
    494     case 4:
    495       value_net = base::HostToNet32(value);
    496       break;
    497     case 8:
    498       value_net = base::HostToNet64(value);
    499       break;
    500     default:
    501       break;
    502   }
    503   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    504   buffer->append(value_bytes, sizeof(uint8_t));
    505   return TPM_RC_SUCCESS;
    506 }
    507 
    508 TPM_RC Parse_uint8_t(std::string* buffer,
    509                      uint8_t* value,
    510                      std::string* value_bytes) {
    511   VLOG(3) << __func__;
    512   if (buffer->size() < sizeof(uint8_t))
    513     return TPM_RC_INSUFFICIENT;
    514   uint8_t value_net = 0;
    515   memcpy(&value_net, buffer->data(), sizeof(uint8_t));
    516   switch (sizeof(uint8_t)) {
    517     case 2:
    518       *value = base::NetToHost16(value_net);
    519       break;
    520     case 4:
    521       *value = base::NetToHost32(value_net);
    522       break;
    523     case 8:
    524       *value = base::NetToHost64(value_net);
    525       break;
    526     default:
    527       *value = value_net;
    528   }
    529   if (value_bytes) {
    530     value_bytes->append(buffer->substr(0, sizeof(uint8_t)));
    531   }
    532   buffer->erase(0, sizeof(uint8_t));
    533   return TPM_RC_SUCCESS;
    534 }
    535 
    536 TPM_RC Serialize_int8_t(const int8_t& value, std::string* buffer) {
    537   VLOG(3) << __func__;
    538   int8_t value_net = value;
    539   switch (sizeof(int8_t)) {
    540     case 2:
    541       value_net = base::HostToNet16(value);
    542       break;
    543     case 4:
    544       value_net = base::HostToNet32(value);
    545       break;
    546     case 8:
    547       value_net = base::HostToNet64(value);
    548       break;
    549     default:
    550       break;
    551   }
    552   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    553   buffer->append(value_bytes, sizeof(int8_t));
    554   return TPM_RC_SUCCESS;
    555 }
    556 
    557 TPM_RC Parse_int8_t(std::string* buffer,
    558                     int8_t* value,
    559                     std::string* value_bytes) {
    560   VLOG(3) << __func__;
    561   if (buffer->size() < sizeof(int8_t))
    562     return TPM_RC_INSUFFICIENT;
    563   int8_t value_net = 0;
    564   memcpy(&value_net, buffer->data(), sizeof(int8_t));
    565   switch (sizeof(int8_t)) {
    566     case 2:
    567       *value = base::NetToHost16(value_net);
    568       break;
    569     case 4:
    570       *value = base::NetToHost32(value_net);
    571       break;
    572     case 8:
    573       *value = base::NetToHost64(value_net);
    574       break;
    575     default:
    576       *value = value_net;
    577   }
    578   if (value_bytes) {
    579     value_bytes->append(buffer->substr(0, sizeof(int8_t)));
    580   }
    581   buffer->erase(0, sizeof(int8_t));
    582   return TPM_RC_SUCCESS;
    583 }
    584 
    585 TPM_RC Serialize_int(const int& value, std::string* buffer) {
    586   VLOG(3) << __func__;
    587   int value_net = value;
    588   switch (sizeof(int)) {
    589     case 2:
    590       value_net = base::HostToNet16(value);
    591       break;
    592     case 4:
    593       value_net = base::HostToNet32(value);
    594       break;
    595     case 8:
    596       value_net = base::HostToNet64(value);
    597       break;
    598     default:
    599       break;
    600   }
    601   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    602   buffer->append(value_bytes, sizeof(int));
    603   return TPM_RC_SUCCESS;
    604 }
    605 
    606 TPM_RC Parse_int(std::string* buffer, int* value, std::string* value_bytes) {
    607   VLOG(3) << __func__;
    608   if (buffer->size() < sizeof(int))
    609     return TPM_RC_INSUFFICIENT;
    610   int value_net = 0;
    611   memcpy(&value_net, buffer->data(), sizeof(int));
    612   switch (sizeof(int)) {
    613     case 2:
    614       *value = base::NetToHost16(value_net);
    615       break;
    616     case 4:
    617       *value = base::NetToHost32(value_net);
    618       break;
    619     case 8:
    620       *value = base::NetToHost64(value_net);
    621       break;
    622     default:
    623       *value = value_net;
    624   }
    625   if (value_bytes) {
    626     value_bytes->append(buffer->substr(0, sizeof(int)));
    627   }
    628   buffer->erase(0, sizeof(int));
    629   return TPM_RC_SUCCESS;
    630 }
    631 
    632 TPM_RC Serialize_uint16_t(const uint16_t& value, std::string* buffer) {
    633   VLOG(3) << __func__;
    634   uint16_t value_net = value;
    635   switch (sizeof(uint16_t)) {
    636     case 2:
    637       value_net = base::HostToNet16(value);
    638       break;
    639     case 4:
    640       value_net = base::HostToNet32(value);
    641       break;
    642     case 8:
    643       value_net = base::HostToNet64(value);
    644       break;
    645     default:
    646       break;
    647   }
    648   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    649   buffer->append(value_bytes, sizeof(uint16_t));
    650   return TPM_RC_SUCCESS;
    651 }
    652 
    653 TPM_RC Parse_uint16_t(std::string* buffer,
    654                       uint16_t* value,
    655                       std::string* value_bytes) {
    656   VLOG(3) << __func__;
    657   if (buffer->size() < sizeof(uint16_t))
    658     return TPM_RC_INSUFFICIENT;
    659   uint16_t value_net = 0;
    660   memcpy(&value_net, buffer->data(), sizeof(uint16_t));
    661   switch (sizeof(uint16_t)) {
    662     case 2:
    663       *value = base::NetToHost16(value_net);
    664       break;
    665     case 4:
    666       *value = base::NetToHost32(value_net);
    667       break;
    668     case 8:
    669       *value = base::NetToHost64(value_net);
    670       break;
    671     default:
    672       *value = value_net;
    673   }
    674   if (value_bytes) {
    675     value_bytes->append(buffer->substr(0, sizeof(uint16_t)));
    676   }
    677   buffer->erase(0, sizeof(uint16_t));
    678   return TPM_RC_SUCCESS;
    679 }
    680 
    681 TPM_RC Serialize_int16_t(const int16_t& value, std::string* buffer) {
    682   VLOG(3) << __func__;
    683   int16_t value_net = value;
    684   switch (sizeof(int16_t)) {
    685     case 2:
    686       value_net = base::HostToNet16(value);
    687       break;
    688     case 4:
    689       value_net = base::HostToNet32(value);
    690       break;
    691     case 8:
    692       value_net = base::HostToNet64(value);
    693       break;
    694     default:
    695       break;
    696   }
    697   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    698   buffer->append(value_bytes, sizeof(int16_t));
    699   return TPM_RC_SUCCESS;
    700 }
    701 
    702 TPM_RC Parse_int16_t(std::string* buffer,
    703                      int16_t* value,
    704                      std::string* value_bytes) {
    705   VLOG(3) << __func__;
    706   if (buffer->size() < sizeof(int16_t))
    707     return TPM_RC_INSUFFICIENT;
    708   int16_t value_net = 0;
    709   memcpy(&value_net, buffer->data(), sizeof(int16_t));
    710   switch (sizeof(int16_t)) {
    711     case 2:
    712       *value = base::NetToHost16(value_net);
    713       break;
    714     case 4:
    715       *value = base::NetToHost32(value_net);
    716       break;
    717     case 8:
    718       *value = base::NetToHost64(value_net);
    719       break;
    720     default:
    721       *value = value_net;
    722   }
    723   if (value_bytes) {
    724     value_bytes->append(buffer->substr(0, sizeof(int16_t)));
    725   }
    726   buffer->erase(0, sizeof(int16_t));
    727   return TPM_RC_SUCCESS;
    728 }
    729 
    730 TPM_RC Serialize_uint32_t(const uint32_t& value, std::string* buffer) {
    731   VLOG(3) << __func__;
    732   uint32_t value_net = value;
    733   switch (sizeof(uint32_t)) {
    734     case 2:
    735       value_net = base::HostToNet16(value);
    736       break;
    737     case 4:
    738       value_net = base::HostToNet32(value);
    739       break;
    740     case 8:
    741       value_net = base::HostToNet64(value);
    742       break;
    743     default:
    744       break;
    745   }
    746   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    747   buffer->append(value_bytes, sizeof(uint32_t));
    748   return TPM_RC_SUCCESS;
    749 }
    750 
    751 TPM_RC Parse_uint32_t(std::string* buffer,
    752                       uint32_t* value,
    753                       std::string* value_bytes) {
    754   VLOG(3) << __func__;
    755   if (buffer->size() < sizeof(uint32_t))
    756     return TPM_RC_INSUFFICIENT;
    757   uint32_t value_net = 0;
    758   memcpy(&value_net, buffer->data(), sizeof(uint32_t));
    759   switch (sizeof(uint32_t)) {
    760     case 2:
    761       *value = base::NetToHost16(value_net);
    762       break;
    763     case 4:
    764       *value = base::NetToHost32(value_net);
    765       break;
    766     case 8:
    767       *value = base::NetToHost64(value_net);
    768       break;
    769     default:
    770       *value = value_net;
    771   }
    772   if (value_bytes) {
    773     value_bytes->append(buffer->substr(0, sizeof(uint32_t)));
    774   }
    775   buffer->erase(0, sizeof(uint32_t));
    776   return TPM_RC_SUCCESS;
    777 }
    778 
    779 TPM_RC Serialize_int32_t(const int32_t& value, std::string* buffer) {
    780   VLOG(3) << __func__;
    781   int32_t value_net = value;
    782   switch (sizeof(int32_t)) {
    783     case 2:
    784       value_net = base::HostToNet16(value);
    785       break;
    786     case 4:
    787       value_net = base::HostToNet32(value);
    788       break;
    789     case 8:
    790       value_net = base::HostToNet64(value);
    791       break;
    792     default:
    793       break;
    794   }
    795   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    796   buffer->append(value_bytes, sizeof(int32_t));
    797   return TPM_RC_SUCCESS;
    798 }
    799 
    800 TPM_RC Parse_int32_t(std::string* buffer,
    801                      int32_t* value,
    802                      std::string* value_bytes) {
    803   VLOG(3) << __func__;
    804   if (buffer->size() < sizeof(int32_t))
    805     return TPM_RC_INSUFFICIENT;
    806   int32_t value_net = 0;
    807   memcpy(&value_net, buffer->data(), sizeof(int32_t));
    808   switch (sizeof(int32_t)) {
    809     case 2:
    810       *value = base::NetToHost16(value_net);
    811       break;
    812     case 4:
    813       *value = base::NetToHost32(value_net);
    814       break;
    815     case 8:
    816       *value = base::NetToHost64(value_net);
    817       break;
    818     default:
    819       *value = value_net;
    820   }
    821   if (value_bytes) {
    822     value_bytes->append(buffer->substr(0, sizeof(int32_t)));
    823   }
    824   buffer->erase(0, sizeof(int32_t));
    825   return TPM_RC_SUCCESS;
    826 }
    827 
    828 TPM_RC Serialize_uint64_t(const uint64_t& value, std::string* buffer) {
    829   VLOG(3) << __func__;
    830   uint64_t value_net = value;
    831   switch (sizeof(uint64_t)) {
    832     case 2:
    833       value_net = base::HostToNet16(value);
    834       break;
    835     case 4:
    836       value_net = base::HostToNet32(value);
    837       break;
    838     case 8:
    839       value_net = base::HostToNet64(value);
    840       break;
    841     default:
    842       break;
    843   }
    844   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    845   buffer->append(value_bytes, sizeof(uint64_t));
    846   return TPM_RC_SUCCESS;
    847 }
    848 
    849 TPM_RC Parse_uint64_t(std::string* buffer,
    850                       uint64_t* value,
    851                       std::string* value_bytes) {
    852   VLOG(3) << __func__;
    853   if (buffer->size() < sizeof(uint64_t))
    854     return TPM_RC_INSUFFICIENT;
    855   uint64_t value_net = 0;
    856   memcpy(&value_net, buffer->data(), sizeof(uint64_t));
    857   switch (sizeof(uint64_t)) {
    858     case 2:
    859       *value = base::NetToHost16(value_net);
    860       break;
    861     case 4:
    862       *value = base::NetToHost32(value_net);
    863       break;
    864     case 8:
    865       *value = base::NetToHost64(value_net);
    866       break;
    867     default:
    868       *value = value_net;
    869   }
    870   if (value_bytes) {
    871     value_bytes->append(buffer->substr(0, sizeof(uint64_t)));
    872   }
    873   buffer->erase(0, sizeof(uint64_t));
    874   return TPM_RC_SUCCESS;
    875 }
    876 
    877 TPM_RC Serialize_int64_t(const int64_t& value, std::string* buffer) {
    878   VLOG(3) << __func__;
    879   int64_t value_net = value;
    880   switch (sizeof(int64_t)) {
    881     case 2:
    882       value_net = base::HostToNet16(value);
    883       break;
    884     case 4:
    885       value_net = base::HostToNet32(value);
    886       break;
    887     case 8:
    888       value_net = base::HostToNet64(value);
    889       break;
    890     default:
    891       break;
    892   }
    893   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    894   buffer->append(value_bytes, sizeof(int64_t));
    895   return TPM_RC_SUCCESS;
    896 }
    897 
    898 TPM_RC Parse_int64_t(std::string* buffer,
    899                      int64_t* value,
    900                      std::string* value_bytes) {
    901   VLOG(3) << __func__;
    902   if (buffer->size() < sizeof(int64_t))
    903     return TPM_RC_INSUFFICIENT;
    904   int64_t value_net = 0;
    905   memcpy(&value_net, buffer->data(), sizeof(int64_t));
    906   switch (sizeof(int64_t)) {
    907     case 2:
    908       *value = base::NetToHost16(value_net);
    909       break;
    910     case 4:
    911       *value = base::NetToHost32(value_net);
    912       break;
    913     case 8:
    914       *value = base::NetToHost64(value_net);
    915       break;
    916     default:
    917       *value = value_net;
    918   }
    919   if (value_bytes) {
    920     value_bytes->append(buffer->substr(0, sizeof(int64_t)));
    921   }
    922   buffer->erase(0, sizeof(int64_t));
    923   return TPM_RC_SUCCESS;
    924 }
    925 
    926 TPM_RC Serialize_UINT8(const UINT8& value, std::string* buffer) {
    927   VLOG(3) << __func__;
    928   return Serialize_uint8_t(value, buffer);
    929 }
    930 
    931 TPM_RC Parse_UINT8(std::string* buffer,
    932                    UINT8* value,
    933                    std::string* value_bytes) {
    934   VLOG(3) << __func__;
    935   return Parse_uint8_t(buffer, value, value_bytes);
    936 }
    937 
    938 TPM_RC Serialize_BYTE(const BYTE& value, std::string* buffer) {
    939   VLOG(3) << __func__;
    940   return Serialize_uint8_t(value, buffer);
    941 }
    942 
    943 TPM_RC Parse_BYTE(std::string* buffer, BYTE* value, std::string* value_bytes) {
    944   VLOG(3) << __func__;
    945   return Parse_uint8_t(buffer, value, value_bytes);
    946 }
    947 
    948 TPM_RC Serialize_INT8(const INT8& value, std::string* buffer) {
    949   VLOG(3) << __func__;
    950   return Serialize_int8_t(value, buffer);
    951 }
    952 
    953 TPM_RC Parse_INT8(std::string* buffer, INT8* value, std::string* value_bytes) {
    954   VLOG(3) << __func__;
    955   return Parse_int8_t(buffer, value, value_bytes);
    956 }
    957 
    958 TPM_RC Serialize_BOOL(const BOOL& value, std::string* buffer) {
    959   VLOG(3) << __func__;
    960   return Serialize_int(value, buffer);
    961 }
    962 
    963 TPM_RC Parse_BOOL(std::string* buffer, BOOL* value, std::string* value_bytes) {
    964   VLOG(3) << __func__;
    965   return Parse_int(buffer, value, value_bytes);
    966 }
    967 
    968 TPM_RC Serialize_UINT16(const UINT16& value, std::string* buffer) {
    969   VLOG(3) << __func__;
    970   return Serialize_uint16_t(value, buffer);
    971 }
    972 
    973 TPM_RC Parse_UINT16(std::string* buffer,
    974                     UINT16* value,
    975                     std::string* value_bytes) {
    976   VLOG(3) << __func__;
    977   return Parse_uint16_t(buffer, value, value_bytes);
    978 }
    979 
    980 TPM_RC Serialize_INT16(const INT16& value, std::string* buffer) {
    981   VLOG(3) << __func__;
    982   return Serialize_int16_t(value, buffer);
    983 }
    984 
    985 TPM_RC Parse_INT16(std::string* buffer,
    986                    INT16* value,
    987                    std::string* value_bytes) {
    988   VLOG(3) << __func__;
    989   return Parse_int16_t(buffer, value, value_bytes);
    990 }
    991 
    992 TPM_RC Serialize_UINT32(const UINT32& value, std::string* buffer) {
    993   VLOG(3) << __func__;
    994   return Serialize_uint32_t(value, buffer);
    995 }
    996 
    997 TPM_RC Parse_UINT32(std::string* buffer,
    998                     UINT32* value,
    999                     std::string* value_bytes) {
   1000   VLOG(3) << __func__;
   1001   return Parse_uint32_t(buffer, value, value_bytes);
   1002 }
   1003 
   1004 TPM_RC Serialize_INT32(const INT32& value, std::string* buffer) {
   1005   VLOG(3) << __func__;
   1006   return Serialize_int32_t(value, buffer);
   1007 }
   1008 
   1009 TPM_RC Parse_INT32(std::string* buffer,
   1010                    INT32* value,
   1011                    std::string* value_bytes) {
   1012   VLOG(3) << __func__;
   1013   return Parse_int32_t(buffer, value, value_bytes);
   1014 }
   1015 
   1016 TPM_RC Serialize_UINT64(const UINT64& value, std::string* buffer) {
   1017   VLOG(3) << __func__;
   1018   return Serialize_uint64_t(value, buffer);
   1019 }
   1020 
   1021 TPM_RC Parse_UINT64(std::string* buffer,
   1022                     UINT64* value,
   1023                     std::string* value_bytes) {
   1024   VLOG(3) << __func__;
   1025   return Parse_uint64_t(buffer, value, value_bytes);
   1026 }
   1027 
   1028 TPM_RC Serialize_INT64(const INT64& value, std::string* buffer) {
   1029   VLOG(3) << __func__;
   1030   return Serialize_int64_t(value, buffer);
   1031 }
   1032 
   1033 TPM_RC Parse_INT64(std::string* buffer,
   1034                    INT64* value,
   1035                    std::string* value_bytes) {
   1036   VLOG(3) << __func__;
   1037   return Parse_int64_t(buffer, value, value_bytes);
   1038 }
   1039 
   1040 TPM_RC Serialize_TPM_ALGORITHM_ID(const TPM_ALGORITHM_ID& value,
   1041                                   std::string* buffer) {
   1042   VLOG(3) << __func__;
   1043   return Serialize_UINT32(value, buffer);
   1044 }
   1045 
   1046 TPM_RC Parse_TPM_ALGORITHM_ID(std::string* buffer,
   1047                               TPM_ALGORITHM_ID* value,
   1048                               std::string* value_bytes) {
   1049   VLOG(3) << __func__;
   1050   return Parse_UINT32(buffer, value, value_bytes);
   1051 }
   1052 
   1053 TPM_RC Serialize_TPM_MODIFIER_INDICATOR(const TPM_MODIFIER_INDICATOR& value,
   1054                                         std::string* buffer) {
   1055   VLOG(3) << __func__;
   1056   return Serialize_UINT32(value, buffer);
   1057 }
   1058 
   1059 TPM_RC Parse_TPM_MODIFIER_INDICATOR(std::string* buffer,
   1060                                     TPM_MODIFIER_INDICATOR* value,
   1061                                     std::string* value_bytes) {
   1062   VLOG(3) << __func__;
   1063   return Parse_UINT32(buffer, value, value_bytes);
   1064 }
   1065 
   1066 TPM_RC Serialize_TPM_AUTHORIZATION_SIZE(const TPM_AUTHORIZATION_SIZE& value,
   1067                                         std::string* buffer) {
   1068   VLOG(3) << __func__;
   1069   return Serialize_UINT32(value, buffer);
   1070 }
   1071 
   1072 TPM_RC Parse_TPM_AUTHORIZATION_SIZE(std::string* buffer,
   1073                                     TPM_AUTHORIZATION_SIZE* value,
   1074                                     std::string* value_bytes) {
   1075   VLOG(3) << __func__;
   1076   return Parse_UINT32(buffer, value, value_bytes);
   1077 }
   1078 
   1079 TPM_RC Serialize_TPM_PARAMETER_SIZE(const TPM_PARAMETER_SIZE& value,
   1080                                     std::string* buffer) {
   1081   VLOG(3) << __func__;
   1082   return Serialize_UINT32(value, buffer);
   1083 }
   1084 
   1085 TPM_RC Parse_TPM_PARAMETER_SIZE(std::string* buffer,
   1086                                 TPM_PARAMETER_SIZE* value,
   1087                                 std::string* value_bytes) {
   1088   VLOG(3) << __func__;
   1089   return Parse_UINT32(buffer, value, value_bytes);
   1090 }
   1091 
   1092 TPM_RC Serialize_TPM_KEY_SIZE(const TPM_KEY_SIZE& value, std::string* buffer) {
   1093   VLOG(3) << __func__;
   1094   return Serialize_UINT16(value, buffer);
   1095 }
   1096 
   1097 TPM_RC Parse_TPM_KEY_SIZE(std::string* buffer,
   1098                           TPM_KEY_SIZE* value,
   1099                           std::string* value_bytes) {
   1100   VLOG(3) << __func__;
   1101   return Parse_UINT16(buffer, value, value_bytes);
   1102 }
   1103 
   1104 TPM_RC Serialize_TPM_KEY_BITS(const TPM_KEY_BITS& value, std::string* buffer) {
   1105   VLOG(3) << __func__;
   1106   return Serialize_UINT16(value, buffer);
   1107 }
   1108 
   1109 TPM_RC Parse_TPM_KEY_BITS(std::string* buffer,
   1110                           TPM_KEY_BITS* value,
   1111                           std::string* value_bytes) {
   1112   VLOG(3) << __func__;
   1113   return Parse_UINT16(buffer, value, value_bytes);
   1114 }
   1115 
   1116 TPM_RC Serialize_TPM_HANDLE(const TPM_HANDLE& value, std::string* buffer) {
   1117   VLOG(3) << __func__;
   1118   return Serialize_UINT32(value, buffer);
   1119 }
   1120 
   1121 TPM_RC Parse_TPM_HANDLE(std::string* buffer,
   1122                         TPM_HANDLE* value,
   1123                         std::string* value_bytes) {
   1124   VLOG(3) << __func__;
   1125   return Parse_UINT32(buffer, value, value_bytes);
   1126 }
   1127 
   1128 TPM_RC Serialize_TPM2B_DIGEST(const TPM2B_DIGEST& value, std::string* buffer) {
   1129   TPM_RC result = TPM_RC_SUCCESS;
   1130   VLOG(3) << __func__;
   1131 
   1132   result = Serialize_UINT16(value.size, buffer);
   1133   if (result) {
   1134     return result;
   1135   }
   1136 
   1137   if (arraysize(value.buffer) < value.size) {
   1138     return TPM_RC_INSUFFICIENT;
   1139   }
   1140   for (uint32_t i = 0; i < value.size; ++i) {
   1141     result = Serialize_BYTE(value.buffer[i], buffer);
   1142     if (result) {
   1143       return result;
   1144     }
   1145   }
   1146   return result;
   1147 }
   1148 
   1149 TPM_RC Parse_TPM2B_DIGEST(std::string* buffer,
   1150                           TPM2B_DIGEST* value,
   1151                           std::string* value_bytes) {
   1152   TPM_RC result = TPM_RC_SUCCESS;
   1153   VLOG(3) << __func__;
   1154 
   1155   result = Parse_UINT16(buffer, &value->size, value_bytes);
   1156   if (result) {
   1157     return result;
   1158   }
   1159 
   1160   if (arraysize(value->buffer) < value->size) {
   1161     return TPM_RC_INSUFFICIENT;
   1162   }
   1163   for (uint32_t i = 0; i < value->size; ++i) {
   1164     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   1165     if (result) {
   1166       return result;
   1167     }
   1168   }
   1169   return result;
   1170 }
   1171 
   1172 TPM2B_DIGEST Make_TPM2B_DIGEST(const std::string& bytes) {
   1173   TPM2B_DIGEST tpm2b;
   1174   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   1175   memset(&tpm2b, 0, sizeof(TPM2B_DIGEST));
   1176   tpm2b.size = bytes.size();
   1177   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   1178   return tpm2b;
   1179 }
   1180 
   1181 std::string StringFrom_TPM2B_DIGEST(const TPM2B_DIGEST& tpm2b) {
   1182   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   1183   return std::string(char_buffer, tpm2b.size);
   1184 }
   1185 
   1186 TPM_RC Serialize_TPM2B_NONCE(const TPM2B_NONCE& value, std::string* buffer) {
   1187   VLOG(3) << __func__;
   1188   return Serialize_TPM2B_DIGEST(value, buffer);
   1189 }
   1190 
   1191 TPM_RC Parse_TPM2B_NONCE(std::string* buffer,
   1192                          TPM2B_NONCE* value,
   1193                          std::string* value_bytes) {
   1194   VLOG(3) << __func__;
   1195   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1196 }
   1197 
   1198 TPM_RC Serialize_TPM2B_AUTH(const TPM2B_AUTH& value, std::string* buffer) {
   1199   VLOG(3) << __func__;
   1200   return Serialize_TPM2B_DIGEST(value, buffer);
   1201 }
   1202 
   1203 TPM_RC Parse_TPM2B_AUTH(std::string* buffer,
   1204                         TPM2B_AUTH* value,
   1205                         std::string* value_bytes) {
   1206   VLOG(3) << __func__;
   1207   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1208 }
   1209 
   1210 TPM_RC Serialize_TPM2B_OPERAND(const TPM2B_OPERAND& value,
   1211                                std::string* buffer) {
   1212   VLOG(3) << __func__;
   1213   return Serialize_TPM2B_DIGEST(value, buffer);
   1214 }
   1215 
   1216 TPM_RC Parse_TPM2B_OPERAND(std::string* buffer,
   1217                            TPM2B_OPERAND* value,
   1218                            std::string* value_bytes) {
   1219   VLOG(3) << __func__;
   1220   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1221 }
   1222 
   1223 TPM_RC Serialize_TPM_ALG_ID(const TPM_ALG_ID& value, std::string* buffer) {
   1224   VLOG(3) << __func__;
   1225   return Serialize_UINT16(value, buffer);
   1226 }
   1227 
   1228 TPM_RC Parse_TPM_ALG_ID(std::string* buffer,
   1229                         TPM_ALG_ID* value,
   1230                         std::string* value_bytes) {
   1231   VLOG(3) << __func__;
   1232   return Parse_UINT16(buffer, value, value_bytes);
   1233 }
   1234 
   1235 TPM_RC Serialize_TPMI_ALG_HASH(const TPMI_ALG_HASH& value,
   1236                                std::string* buffer) {
   1237   VLOG(3) << __func__;
   1238   return Serialize_TPM_ALG_ID(value, buffer);
   1239 }
   1240 
   1241 TPM_RC Parse_TPMI_ALG_HASH(std::string* buffer,
   1242                            TPMI_ALG_HASH* value,
   1243                            std::string* value_bytes) {
   1244   VLOG(3) << __func__;
   1245   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1246 }
   1247 
   1248 TPM_RC Serialize_TPMS_SCHEME_SIGHASH(const TPMS_SCHEME_SIGHASH& value,
   1249                                      std::string* buffer) {
   1250   TPM_RC result = TPM_RC_SUCCESS;
   1251   VLOG(3) << __func__;
   1252 
   1253   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   1254   if (result) {
   1255     return result;
   1256   }
   1257   return result;
   1258 }
   1259 
   1260 TPM_RC Parse_TPMS_SCHEME_SIGHASH(std::string* buffer,
   1261                                  TPMS_SCHEME_SIGHASH* value,
   1262                                  std::string* value_bytes) {
   1263   TPM_RC result = TPM_RC_SUCCESS;
   1264   VLOG(3) << __func__;
   1265 
   1266   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   1267   if (result) {
   1268     return result;
   1269   }
   1270   return result;
   1271 }
   1272 
   1273 TPM_RC Serialize_TPMS_SCHEME_HMAC(const TPMS_SCHEME_HMAC& value,
   1274                                   std::string* buffer) {
   1275   VLOG(3) << __func__;
   1276   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1277 }
   1278 
   1279 TPM_RC Parse_TPMS_SCHEME_HMAC(std::string* buffer,
   1280                               TPMS_SCHEME_HMAC* value,
   1281                               std::string* value_bytes) {
   1282   VLOG(3) << __func__;
   1283   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1284 }
   1285 
   1286 TPM_RC Serialize_TPMS_SCHEME_RSASSA(const TPMS_SCHEME_RSASSA& value,
   1287                                     std::string* buffer) {
   1288   VLOG(3) << __func__;
   1289   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1290 }
   1291 
   1292 TPM_RC Parse_TPMS_SCHEME_RSASSA(std::string* buffer,
   1293                                 TPMS_SCHEME_RSASSA* value,
   1294                                 std::string* value_bytes) {
   1295   VLOG(3) << __func__;
   1296   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1297 }
   1298 
   1299 TPM_RC Serialize_TPMS_SCHEME_RSAPSS(const TPMS_SCHEME_RSAPSS& value,
   1300                                     std::string* buffer) {
   1301   VLOG(3) << __func__;
   1302   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1303 }
   1304 
   1305 TPM_RC Parse_TPMS_SCHEME_RSAPSS(std::string* buffer,
   1306                                 TPMS_SCHEME_RSAPSS* value,
   1307                                 std::string* value_bytes) {
   1308   VLOG(3) << __func__;
   1309   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1310 }
   1311 
   1312 TPM_RC Serialize_TPMS_SCHEME_ECDSA(const TPMS_SCHEME_ECDSA& value,
   1313                                    std::string* buffer) {
   1314   VLOG(3) << __func__;
   1315   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1316 }
   1317 
   1318 TPM_RC Parse_TPMS_SCHEME_ECDSA(std::string* buffer,
   1319                                TPMS_SCHEME_ECDSA* value,
   1320                                std::string* value_bytes) {
   1321   VLOG(3) << __func__;
   1322   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1323 }
   1324 
   1325 TPM_RC Serialize_TPMS_SCHEME_SM2(const TPMS_SCHEME_SM2& value,
   1326                                  std::string* buffer) {
   1327   VLOG(3) << __func__;
   1328   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1329 }
   1330 
   1331 TPM_RC Parse_TPMS_SCHEME_SM2(std::string* buffer,
   1332                              TPMS_SCHEME_SM2* value,
   1333                              std::string* value_bytes) {
   1334   VLOG(3) << __func__;
   1335   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1336 }
   1337 
   1338 TPM_RC Serialize_TPMS_SCHEME_ECSCHNORR(const TPMS_SCHEME_ECSCHNORR& value,
   1339                                        std::string* buffer) {
   1340   VLOG(3) << __func__;
   1341   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1342 }
   1343 
   1344 TPM_RC Parse_TPMS_SCHEME_ECSCHNORR(std::string* buffer,
   1345                                    TPMS_SCHEME_ECSCHNORR* value,
   1346                                    std::string* value_bytes) {
   1347   VLOG(3) << __func__;
   1348   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1349 }
   1350 
   1351 TPM_RC Serialize_TPMI_YES_NO(const TPMI_YES_NO& value, std::string* buffer) {
   1352   VLOG(3) << __func__;
   1353   return Serialize_BYTE(value, buffer);
   1354 }
   1355 
   1356 TPM_RC Parse_TPMI_YES_NO(std::string* buffer,
   1357                          TPMI_YES_NO* value,
   1358                          std::string* value_bytes) {
   1359   VLOG(3) << __func__;
   1360   return Parse_BYTE(buffer, value, value_bytes);
   1361 }
   1362 
   1363 TPM_RC Serialize_TPMI_DH_OBJECT(const TPMI_DH_OBJECT& value,
   1364                                 std::string* buffer) {
   1365   VLOG(3) << __func__;
   1366   return Serialize_TPM_HANDLE(value, buffer);
   1367 }
   1368 
   1369 TPM_RC Parse_TPMI_DH_OBJECT(std::string* buffer,
   1370                             TPMI_DH_OBJECT* value,
   1371                             std::string* value_bytes) {
   1372   VLOG(3) << __func__;
   1373   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1374 }
   1375 
   1376 TPM_RC Serialize_TPMI_DH_PERSISTENT(const TPMI_DH_PERSISTENT& value,
   1377                                     std::string* buffer) {
   1378   VLOG(3) << __func__;
   1379   return Serialize_TPM_HANDLE(value, buffer);
   1380 }
   1381 
   1382 TPM_RC Parse_TPMI_DH_PERSISTENT(std::string* buffer,
   1383                                 TPMI_DH_PERSISTENT* value,
   1384                                 std::string* value_bytes) {
   1385   VLOG(3) << __func__;
   1386   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1387 }
   1388 
   1389 TPM_RC Serialize_TPMI_DH_ENTITY(const TPMI_DH_ENTITY& value,
   1390                                 std::string* buffer) {
   1391   VLOG(3) << __func__;
   1392   return Serialize_TPM_HANDLE(value, buffer);
   1393 }
   1394 
   1395 TPM_RC Parse_TPMI_DH_ENTITY(std::string* buffer,
   1396                             TPMI_DH_ENTITY* value,
   1397                             std::string* value_bytes) {
   1398   VLOG(3) << __func__;
   1399   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1400 }
   1401 
   1402 TPM_RC Serialize_TPMI_DH_PCR(const TPMI_DH_PCR& value, std::string* buffer) {
   1403   VLOG(3) << __func__;
   1404   return Serialize_TPM_HANDLE(value, buffer);
   1405 }
   1406 
   1407 TPM_RC Parse_TPMI_DH_PCR(std::string* buffer,
   1408                          TPMI_DH_PCR* value,
   1409                          std::string* value_bytes) {
   1410   VLOG(3) << __func__;
   1411   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1412 }
   1413 
   1414 TPM_RC Serialize_TPMI_SH_AUTH_SESSION(const TPMI_SH_AUTH_SESSION& value,
   1415                                       std::string* buffer) {
   1416   VLOG(3) << __func__;
   1417   return Serialize_TPM_HANDLE(value, buffer);
   1418 }
   1419 
   1420 TPM_RC Parse_TPMI_SH_AUTH_SESSION(std::string* buffer,
   1421                                   TPMI_SH_AUTH_SESSION* value,
   1422                                   std::string* value_bytes) {
   1423   VLOG(3) << __func__;
   1424   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1425 }
   1426 
   1427 TPM_RC Serialize_TPMI_SH_HMAC(const TPMI_SH_HMAC& value, std::string* buffer) {
   1428   VLOG(3) << __func__;
   1429   return Serialize_TPM_HANDLE(value, buffer);
   1430 }
   1431 
   1432 TPM_RC Parse_TPMI_SH_HMAC(std::string* buffer,
   1433                           TPMI_SH_HMAC* value,
   1434                           std::string* value_bytes) {
   1435   VLOG(3) << __func__;
   1436   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1437 }
   1438 
   1439 TPM_RC Serialize_TPMI_SH_POLICY(const TPMI_SH_POLICY& value,
   1440                                 std::string* buffer) {
   1441   VLOG(3) << __func__;
   1442   return Serialize_TPM_HANDLE(value, buffer);
   1443 }
   1444 
   1445 TPM_RC Parse_TPMI_SH_POLICY(std::string* buffer,
   1446                             TPMI_SH_POLICY* value,
   1447                             std::string* value_bytes) {
   1448   VLOG(3) << __func__;
   1449   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1450 }
   1451 
   1452 TPM_RC Serialize_TPMI_DH_CONTEXT(const TPMI_DH_CONTEXT& value,
   1453                                  std::string* buffer) {
   1454   VLOG(3) << __func__;
   1455   return Serialize_TPM_HANDLE(value, buffer);
   1456 }
   1457 
   1458 TPM_RC Parse_TPMI_DH_CONTEXT(std::string* buffer,
   1459                              TPMI_DH_CONTEXT* value,
   1460                              std::string* value_bytes) {
   1461   VLOG(3) << __func__;
   1462   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1463 }
   1464 
   1465 TPM_RC Serialize_TPMI_RH_HIERARCHY(const TPMI_RH_HIERARCHY& value,
   1466                                    std::string* buffer) {
   1467   VLOG(3) << __func__;
   1468   return Serialize_TPM_HANDLE(value, buffer);
   1469 }
   1470 
   1471 TPM_RC Parse_TPMI_RH_HIERARCHY(std::string* buffer,
   1472                                TPMI_RH_HIERARCHY* value,
   1473                                std::string* value_bytes) {
   1474   VLOG(3) << __func__;
   1475   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1476 }
   1477 
   1478 TPM_RC Serialize_TPMI_RH_ENABLES(const TPMI_RH_ENABLES& value,
   1479                                  std::string* buffer) {
   1480   VLOG(3) << __func__;
   1481   return Serialize_TPM_HANDLE(value, buffer);
   1482 }
   1483 
   1484 TPM_RC Parse_TPMI_RH_ENABLES(std::string* buffer,
   1485                              TPMI_RH_ENABLES* value,
   1486                              std::string* value_bytes) {
   1487   VLOG(3) << __func__;
   1488   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1489 }
   1490 
   1491 TPM_RC Serialize_TPMI_RH_HIERARCHY_AUTH(const TPMI_RH_HIERARCHY_AUTH& value,
   1492                                         std::string* buffer) {
   1493   VLOG(3) << __func__;
   1494   return Serialize_TPM_HANDLE(value, buffer);
   1495 }
   1496 
   1497 TPM_RC Parse_TPMI_RH_HIERARCHY_AUTH(std::string* buffer,
   1498                                     TPMI_RH_HIERARCHY_AUTH* value,
   1499                                     std::string* value_bytes) {
   1500   VLOG(3) << __func__;
   1501   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1502 }
   1503 
   1504 TPM_RC Serialize_TPMI_RH_PLATFORM(const TPMI_RH_PLATFORM& value,
   1505                                   std::string* buffer) {
   1506   VLOG(3) << __func__;
   1507   return Serialize_TPM_HANDLE(value, buffer);
   1508 }
   1509 
   1510 TPM_RC Parse_TPMI_RH_PLATFORM(std::string* buffer,
   1511                               TPMI_RH_PLATFORM* value,
   1512                               std::string* value_bytes) {
   1513   VLOG(3) << __func__;
   1514   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1515 }
   1516 
   1517 TPM_RC Serialize_TPMI_RH_OWNER(const TPMI_RH_OWNER& value,
   1518                                std::string* buffer) {
   1519   VLOG(3) << __func__;
   1520   return Serialize_TPM_HANDLE(value, buffer);
   1521 }
   1522 
   1523 TPM_RC Parse_TPMI_RH_OWNER(std::string* buffer,
   1524                            TPMI_RH_OWNER* value,
   1525                            std::string* value_bytes) {
   1526   VLOG(3) << __func__;
   1527   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1528 }
   1529 
   1530 TPM_RC Serialize_TPMI_RH_ENDORSEMENT(const TPMI_RH_ENDORSEMENT& value,
   1531                                      std::string* buffer) {
   1532   VLOG(3) << __func__;
   1533   return Serialize_TPM_HANDLE(value, buffer);
   1534 }
   1535 
   1536 TPM_RC Parse_TPMI_RH_ENDORSEMENT(std::string* buffer,
   1537                                  TPMI_RH_ENDORSEMENT* value,
   1538                                  std::string* value_bytes) {
   1539   VLOG(3) << __func__;
   1540   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1541 }
   1542 
   1543 TPM_RC Serialize_TPMI_RH_PROVISION(const TPMI_RH_PROVISION& value,
   1544                                    std::string* buffer) {
   1545   VLOG(3) << __func__;
   1546   return Serialize_TPM_HANDLE(value, buffer);
   1547 }
   1548 
   1549 TPM_RC Parse_TPMI_RH_PROVISION(std::string* buffer,
   1550                                TPMI_RH_PROVISION* value,
   1551                                std::string* value_bytes) {
   1552   VLOG(3) << __func__;
   1553   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1554 }
   1555 
   1556 TPM_RC Serialize_TPMI_RH_CLEAR(const TPMI_RH_CLEAR& value,
   1557                                std::string* buffer) {
   1558   VLOG(3) << __func__;
   1559   return Serialize_TPM_HANDLE(value, buffer);
   1560 }
   1561 
   1562 TPM_RC Parse_TPMI_RH_CLEAR(std::string* buffer,
   1563                            TPMI_RH_CLEAR* value,
   1564                            std::string* value_bytes) {
   1565   VLOG(3) << __func__;
   1566   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1567 }
   1568 
   1569 TPM_RC Serialize_TPMI_RH_NV_AUTH(const TPMI_RH_NV_AUTH& value,
   1570                                  std::string* buffer) {
   1571   VLOG(3) << __func__;
   1572   return Serialize_TPM_HANDLE(value, buffer);
   1573 }
   1574 
   1575 TPM_RC Parse_TPMI_RH_NV_AUTH(std::string* buffer,
   1576                              TPMI_RH_NV_AUTH* value,
   1577                              std::string* value_bytes) {
   1578   VLOG(3) << __func__;
   1579   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1580 }
   1581 
   1582 TPM_RC Serialize_TPMI_RH_LOCKOUT(const TPMI_RH_LOCKOUT& value,
   1583                                  std::string* buffer) {
   1584   VLOG(3) << __func__;
   1585   return Serialize_TPM_HANDLE(value, buffer);
   1586 }
   1587 
   1588 TPM_RC Parse_TPMI_RH_LOCKOUT(std::string* buffer,
   1589                              TPMI_RH_LOCKOUT* value,
   1590                              std::string* value_bytes) {
   1591   VLOG(3) << __func__;
   1592   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1593 }
   1594 
   1595 TPM_RC Serialize_TPMI_RH_NV_INDEX(const TPMI_RH_NV_INDEX& value,
   1596                                   std::string* buffer) {
   1597   VLOG(3) << __func__;
   1598   return Serialize_TPM_HANDLE(value, buffer);
   1599 }
   1600 
   1601 TPM_RC Parse_TPMI_RH_NV_INDEX(std::string* buffer,
   1602                               TPMI_RH_NV_INDEX* value,
   1603                               std::string* value_bytes) {
   1604   VLOG(3) << __func__;
   1605   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1606 }
   1607 
   1608 TPM_RC Serialize_TPMI_ALG_ASYM(const TPMI_ALG_ASYM& value,
   1609                                std::string* buffer) {
   1610   VLOG(3) << __func__;
   1611   return Serialize_TPM_ALG_ID(value, buffer);
   1612 }
   1613 
   1614 TPM_RC Parse_TPMI_ALG_ASYM(std::string* buffer,
   1615                            TPMI_ALG_ASYM* value,
   1616                            std::string* value_bytes) {
   1617   VLOG(3) << __func__;
   1618   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1619 }
   1620 
   1621 TPM_RC Serialize_TPMI_ALG_SYM(const TPMI_ALG_SYM& value, std::string* buffer) {
   1622   VLOG(3) << __func__;
   1623   return Serialize_TPM_ALG_ID(value, buffer);
   1624 }
   1625 
   1626 TPM_RC Parse_TPMI_ALG_SYM(std::string* buffer,
   1627                           TPMI_ALG_SYM* value,
   1628                           std::string* value_bytes) {
   1629   VLOG(3) << __func__;
   1630   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1631 }
   1632 
   1633 TPM_RC Serialize_TPMI_ALG_SYM_OBJECT(const TPMI_ALG_SYM_OBJECT& value,
   1634                                      std::string* buffer) {
   1635   VLOG(3) << __func__;
   1636   return Serialize_TPM_ALG_ID(value, buffer);
   1637 }
   1638 
   1639 TPM_RC Parse_TPMI_ALG_SYM_OBJECT(std::string* buffer,
   1640                                  TPMI_ALG_SYM_OBJECT* value,
   1641                                  std::string* value_bytes) {
   1642   VLOG(3) << __func__;
   1643   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1644 }
   1645 
   1646 TPM_RC Serialize_TPMI_ALG_SYM_MODE(const TPMI_ALG_SYM_MODE& value,
   1647                                    std::string* buffer) {
   1648   VLOG(3) << __func__;
   1649   return Serialize_TPM_ALG_ID(value, buffer);
   1650 }
   1651 
   1652 TPM_RC Parse_TPMI_ALG_SYM_MODE(std::string* buffer,
   1653                                TPMI_ALG_SYM_MODE* value,
   1654                                std::string* value_bytes) {
   1655   VLOG(3) << __func__;
   1656   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1657 }
   1658 
   1659 TPM_RC Serialize_TPMI_ALG_KDF(const TPMI_ALG_KDF& value, std::string* buffer) {
   1660   VLOG(3) << __func__;
   1661   return Serialize_TPM_ALG_ID(value, buffer);
   1662 }
   1663 
   1664 TPM_RC Parse_TPMI_ALG_KDF(std::string* buffer,
   1665                           TPMI_ALG_KDF* value,
   1666                           std::string* value_bytes) {
   1667   VLOG(3) << __func__;
   1668   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1669 }
   1670 
   1671 TPM_RC Serialize_TPMI_ALG_SIG_SCHEME(const TPMI_ALG_SIG_SCHEME& value,
   1672                                      std::string* buffer) {
   1673   VLOG(3) << __func__;
   1674   return Serialize_TPM_ALG_ID(value, buffer);
   1675 }
   1676 
   1677 TPM_RC Parse_TPMI_ALG_SIG_SCHEME(std::string* buffer,
   1678                                  TPMI_ALG_SIG_SCHEME* value,
   1679                                  std::string* value_bytes) {
   1680   VLOG(3) << __func__;
   1681   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1682 }
   1683 
   1684 TPM_RC Serialize_TPMI_ECC_KEY_EXCHANGE(const TPMI_ECC_KEY_EXCHANGE& value,
   1685                                        std::string* buffer) {
   1686   VLOG(3) << __func__;
   1687   return Serialize_TPM_ALG_ID(value, buffer);
   1688 }
   1689 
   1690 TPM_RC Parse_TPMI_ECC_KEY_EXCHANGE(std::string* buffer,
   1691                                    TPMI_ECC_KEY_EXCHANGE* value,
   1692                                    std::string* value_bytes) {
   1693   VLOG(3) << __func__;
   1694   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1695 }
   1696 
   1697 TPM_RC Serialize_TPM_ST(const TPM_ST& value, std::string* buffer) {
   1698   VLOG(3) << __func__;
   1699   return Serialize_UINT16(value, buffer);
   1700 }
   1701 
   1702 TPM_RC Parse_TPM_ST(std::string* buffer,
   1703                     TPM_ST* value,
   1704                     std::string* value_bytes) {
   1705   VLOG(3) << __func__;
   1706   return Parse_UINT16(buffer, value, value_bytes);
   1707 }
   1708 
   1709 TPM_RC Serialize_TPMI_ST_COMMAND_TAG(const TPMI_ST_COMMAND_TAG& value,
   1710                                      std::string* buffer) {
   1711   VLOG(3) << __func__;
   1712   return Serialize_TPM_ST(value, buffer);
   1713 }
   1714 
   1715 TPM_RC Parse_TPMI_ST_COMMAND_TAG(std::string* buffer,
   1716                                  TPMI_ST_COMMAND_TAG* value,
   1717                                  std::string* value_bytes) {
   1718   VLOG(3) << __func__;
   1719   return Parse_TPM_ST(buffer, value, value_bytes);
   1720 }
   1721 
   1722 TPM_RC Serialize_TPMI_ST_ATTEST(const TPMI_ST_ATTEST& value,
   1723                                 std::string* buffer) {
   1724   VLOG(3) << __func__;
   1725   return Serialize_TPM_ST(value, buffer);
   1726 }
   1727 
   1728 TPM_RC Parse_TPMI_ST_ATTEST(std::string* buffer,
   1729                             TPMI_ST_ATTEST* value,
   1730                             std::string* value_bytes) {
   1731   VLOG(3) << __func__;
   1732   return Parse_TPM_ST(buffer, value, value_bytes);
   1733 }
   1734 
   1735 TPM_RC Serialize_TPMI_AES_KEY_BITS(const TPMI_AES_KEY_BITS& value,
   1736                                    std::string* buffer) {
   1737   VLOG(3) << __func__;
   1738   return Serialize_TPM_KEY_BITS(value, buffer);
   1739 }
   1740 
   1741 TPM_RC Parse_TPMI_AES_KEY_BITS(std::string* buffer,
   1742                                TPMI_AES_KEY_BITS* value,
   1743                                std::string* value_bytes) {
   1744   VLOG(3) << __func__;
   1745   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1746 }
   1747 
   1748 TPM_RC Serialize_TPMI_SM4_KEY_BITS(const TPMI_SM4_KEY_BITS& value,
   1749                                    std::string* buffer) {
   1750   VLOG(3) << __func__;
   1751   return Serialize_TPM_KEY_BITS(value, buffer);
   1752 }
   1753 
   1754 TPM_RC Parse_TPMI_SM4_KEY_BITS(std::string* buffer,
   1755                                TPMI_SM4_KEY_BITS* value,
   1756                                std::string* value_bytes) {
   1757   VLOG(3) << __func__;
   1758   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1759 }
   1760 
   1761 TPM_RC Serialize_TPMI_ALG_KEYEDHASH_SCHEME(
   1762     const TPMI_ALG_KEYEDHASH_SCHEME& value,
   1763     std::string* buffer) {
   1764   VLOG(3) << __func__;
   1765   return Serialize_TPM_ALG_ID(value, buffer);
   1766 }
   1767 
   1768 TPM_RC Parse_TPMI_ALG_KEYEDHASH_SCHEME(std::string* buffer,
   1769                                        TPMI_ALG_KEYEDHASH_SCHEME* value,
   1770                                        std::string* value_bytes) {
   1771   VLOG(3) << __func__;
   1772   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1773 }
   1774 
   1775 TPM_RC Serialize_TPMI_ALG_ASYM_SCHEME(const TPMI_ALG_ASYM_SCHEME& value,
   1776                                       std::string* buffer) {
   1777   VLOG(3) << __func__;
   1778   return Serialize_TPM_ALG_ID(value, buffer);
   1779 }
   1780 
   1781 TPM_RC Parse_TPMI_ALG_ASYM_SCHEME(std::string* buffer,
   1782                                   TPMI_ALG_ASYM_SCHEME* value,
   1783                                   std::string* value_bytes) {
   1784   VLOG(3) << __func__;
   1785   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1786 }
   1787 
   1788 TPM_RC Serialize_TPMI_ALG_RSA_SCHEME(const TPMI_ALG_RSA_SCHEME& value,
   1789                                      std::string* buffer) {
   1790   VLOG(3) << __func__;
   1791   return Serialize_TPM_ALG_ID(value, buffer);
   1792 }
   1793 
   1794 TPM_RC Parse_TPMI_ALG_RSA_SCHEME(std::string* buffer,
   1795                                  TPMI_ALG_RSA_SCHEME* value,
   1796                                  std::string* value_bytes) {
   1797   VLOG(3) << __func__;
   1798   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1799 }
   1800 
   1801 TPM_RC Serialize_TPMI_ALG_RSA_DECRYPT(const TPMI_ALG_RSA_DECRYPT& value,
   1802                                       std::string* buffer) {
   1803   VLOG(3) << __func__;
   1804   return Serialize_TPM_ALG_ID(value, buffer);
   1805 }
   1806 
   1807 TPM_RC Parse_TPMI_ALG_RSA_DECRYPT(std::string* buffer,
   1808                                   TPMI_ALG_RSA_DECRYPT* value,
   1809                                   std::string* value_bytes) {
   1810   VLOG(3) << __func__;
   1811   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1812 }
   1813 
   1814 TPM_RC Serialize_TPMI_RSA_KEY_BITS(const TPMI_RSA_KEY_BITS& value,
   1815                                    std::string* buffer) {
   1816   VLOG(3) << __func__;
   1817   return Serialize_TPM_KEY_BITS(value, buffer);
   1818 }
   1819 
   1820 TPM_RC Parse_TPMI_RSA_KEY_BITS(std::string* buffer,
   1821                                TPMI_RSA_KEY_BITS* value,
   1822                                std::string* value_bytes) {
   1823   VLOG(3) << __func__;
   1824   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1825 }
   1826 
   1827 TPM_RC Serialize_TPMI_ALG_ECC_SCHEME(const TPMI_ALG_ECC_SCHEME& value,
   1828                                      std::string* buffer) {
   1829   VLOG(3) << __func__;
   1830   return Serialize_TPM_ALG_ID(value, buffer);
   1831 }
   1832 
   1833 TPM_RC Parse_TPMI_ALG_ECC_SCHEME(std::string* buffer,
   1834                                  TPMI_ALG_ECC_SCHEME* value,
   1835                                  std::string* value_bytes) {
   1836   VLOG(3) << __func__;
   1837   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1838 }
   1839 
   1840 TPM_RC Serialize_TPM_ECC_CURVE(const TPM_ECC_CURVE& value,
   1841                                std::string* buffer) {
   1842   VLOG(3) << __func__;
   1843   return Serialize_UINT16(value, buffer);
   1844 }
   1845 
   1846 TPM_RC Parse_TPM_ECC_CURVE(std::string* buffer,
   1847                            TPM_ECC_CURVE* value,
   1848                            std::string* value_bytes) {
   1849   VLOG(3) << __func__;
   1850   return Parse_UINT16(buffer, value, value_bytes);
   1851 }
   1852 
   1853 TPM_RC Serialize_TPMI_ECC_CURVE(const TPMI_ECC_CURVE& value,
   1854                                 std::string* buffer) {
   1855   VLOG(3) << __func__;
   1856   return Serialize_TPM_ECC_CURVE(value, buffer);
   1857 }
   1858 
   1859 TPM_RC Parse_TPMI_ECC_CURVE(std::string* buffer,
   1860                             TPMI_ECC_CURVE* value,
   1861                             std::string* value_bytes) {
   1862   VLOG(3) << __func__;
   1863   return Parse_TPM_ECC_CURVE(buffer, value, value_bytes);
   1864 }
   1865 
   1866 TPM_RC Serialize_TPMI_ALG_PUBLIC(const TPMI_ALG_PUBLIC& value,
   1867                                  std::string* buffer) {
   1868   VLOG(3) << __func__;
   1869   return Serialize_TPM_ALG_ID(value, buffer);
   1870 }
   1871 
   1872 TPM_RC Parse_TPMI_ALG_PUBLIC(std::string* buffer,
   1873                              TPMI_ALG_PUBLIC* value,
   1874                              std::string* value_bytes) {
   1875   VLOG(3) << __func__;
   1876   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1877 }
   1878 
   1879 TPM_RC Serialize_TPMA_ALGORITHM(const TPMA_ALGORITHM& value,
   1880                                 std::string* buffer) {
   1881   VLOG(3) << __func__;
   1882   return Serialize_UINT32(value, buffer);
   1883 }
   1884 
   1885 TPM_RC Parse_TPMA_ALGORITHM(std::string* buffer,
   1886                             TPMA_ALGORITHM* value,
   1887                             std::string* value_bytes) {
   1888   VLOG(3) << __func__;
   1889   return Parse_UINT32(buffer, value, value_bytes);
   1890 }
   1891 
   1892 TPM_RC Serialize_TPMA_OBJECT(const TPMA_OBJECT& value, std::string* buffer) {
   1893   VLOG(3) << __func__;
   1894   return Serialize_UINT32(value, buffer);
   1895 }
   1896 
   1897 TPM_RC Parse_TPMA_OBJECT(std::string* buffer,
   1898                          TPMA_OBJECT* value,
   1899                          std::string* value_bytes) {
   1900   VLOG(3) << __func__;
   1901   return Parse_UINT32(buffer, value, value_bytes);
   1902 }
   1903 
   1904 TPM_RC Serialize_TPMA_SESSION(const TPMA_SESSION& value, std::string* buffer) {
   1905   VLOG(3) << __func__;
   1906   return Serialize_UINT8(value, buffer);
   1907 }
   1908 
   1909 TPM_RC Parse_TPMA_SESSION(std::string* buffer,
   1910                           TPMA_SESSION* value,
   1911                           std::string* value_bytes) {
   1912   VLOG(3) << __func__;
   1913   return Parse_UINT8(buffer, value, value_bytes);
   1914 }
   1915 
   1916 TPM_RC Serialize_TPMA_LOCALITY(const TPMA_LOCALITY& value,
   1917                                std::string* buffer) {
   1918   VLOG(3) << __func__;
   1919   return Serialize_UINT8(value, buffer);
   1920 }
   1921 
   1922 TPM_RC Parse_TPMA_LOCALITY(std::string* buffer,
   1923                            TPMA_LOCALITY* value,
   1924                            std::string* value_bytes) {
   1925   VLOG(3) << __func__;
   1926   return Parse_UINT8(buffer, value, value_bytes);
   1927 }
   1928 
   1929 TPM_RC Serialize_TPMA_PERMANENT(const TPMA_PERMANENT& value,
   1930                                 std::string* buffer) {
   1931   VLOG(3) << __func__;
   1932   return Serialize_UINT32(value, buffer);
   1933 }
   1934 
   1935 TPM_RC Parse_TPMA_PERMANENT(std::string* buffer,
   1936                             TPMA_PERMANENT* value,
   1937                             std::string* value_bytes) {
   1938   VLOG(3) << __func__;
   1939   return Parse_UINT32(buffer, value, value_bytes);
   1940 }
   1941 
   1942 TPM_RC Serialize_TPMA_STARTUP_CLEAR(const TPMA_STARTUP_CLEAR& value,
   1943                                     std::string* buffer) {
   1944   VLOG(3) << __func__;
   1945   return Serialize_UINT32(value, buffer);
   1946 }
   1947 
   1948 TPM_RC Parse_TPMA_STARTUP_CLEAR(std::string* buffer,
   1949                                 TPMA_STARTUP_CLEAR* value,
   1950                                 std::string* value_bytes) {
   1951   VLOG(3) << __func__;
   1952   return Parse_UINT32(buffer, value, value_bytes);
   1953 }
   1954 
   1955 TPM_RC Serialize_TPMA_MEMORY(const TPMA_MEMORY& value, std::string* buffer) {
   1956   VLOG(3) << __func__;
   1957   return Serialize_UINT32(value, buffer);
   1958 }
   1959 
   1960 TPM_RC Parse_TPMA_MEMORY(std::string* buffer,
   1961                          TPMA_MEMORY* value,
   1962                          std::string* value_bytes) {
   1963   VLOG(3) << __func__;
   1964   return Parse_UINT32(buffer, value, value_bytes);
   1965 }
   1966 
   1967 TPM_RC Serialize_TPM_CC(const TPM_CC& value, std::string* buffer) {
   1968   VLOG(3) << __func__;
   1969   return Serialize_UINT32(value, buffer);
   1970 }
   1971 
   1972 TPM_RC Parse_TPM_CC(std::string* buffer,
   1973                     TPM_CC* value,
   1974                     std::string* value_bytes) {
   1975   VLOG(3) << __func__;
   1976   return Parse_UINT32(buffer, value, value_bytes);
   1977 }
   1978 
   1979 TPM_RC Serialize_TPMA_CC(const TPMA_CC& value, std::string* buffer) {
   1980   VLOG(3) << __func__;
   1981   return Serialize_TPM_CC(value, buffer);
   1982 }
   1983 
   1984 TPM_RC Parse_TPMA_CC(std::string* buffer,
   1985                      TPMA_CC* value,
   1986                      std::string* value_bytes) {
   1987   VLOG(3) << __func__;
   1988   return Parse_TPM_CC(buffer, value, value_bytes);
   1989 }
   1990 
   1991 TPM_RC Serialize_TPM_NV_INDEX(const TPM_NV_INDEX& value, std::string* buffer) {
   1992   VLOG(3) << __func__;
   1993   return Serialize_UINT32(value, buffer);
   1994 }
   1995 
   1996 TPM_RC Parse_TPM_NV_INDEX(std::string* buffer,
   1997                           TPM_NV_INDEX* value,
   1998                           std::string* value_bytes) {
   1999   VLOG(3) << __func__;
   2000   return Parse_UINT32(buffer, value, value_bytes);
   2001 }
   2002 
   2003 TPM_RC Serialize_TPMA_NV(const TPMA_NV& value, std::string* buffer) {
   2004   VLOG(3) << __func__;
   2005   return Serialize_UINT32(value, buffer);
   2006 }
   2007 
   2008 TPM_RC Parse_TPMA_NV(std::string* buffer,
   2009                      TPMA_NV* value,
   2010                      std::string* value_bytes) {
   2011   VLOG(3) << __func__;
   2012   return Parse_UINT32(buffer, value, value_bytes);
   2013 }
   2014 
   2015 TPM_RC Serialize_TPM_SPEC(const TPM_SPEC& value, std::string* buffer) {
   2016   VLOG(3) << __func__;
   2017   return Serialize_UINT32(value, buffer);
   2018 }
   2019 
   2020 TPM_RC Parse_TPM_SPEC(std::string* buffer,
   2021                       TPM_SPEC* value,
   2022                       std::string* value_bytes) {
   2023   VLOG(3) << __func__;
   2024   return Parse_UINT32(buffer, value, value_bytes);
   2025 }
   2026 
   2027 TPM_RC Serialize_TPM_GENERATED(const TPM_GENERATED& value,
   2028                                std::string* buffer) {
   2029   VLOG(3) << __func__;
   2030   return Serialize_UINT32(value, buffer);
   2031 }
   2032 
   2033 TPM_RC Parse_TPM_GENERATED(std::string* buffer,
   2034                            TPM_GENERATED* value,
   2035                            std::string* value_bytes) {
   2036   VLOG(3) << __func__;
   2037   return Parse_UINT32(buffer, value, value_bytes);
   2038 }
   2039 
   2040 TPM_RC Serialize_TPM_RC(const TPM_RC& value, std::string* buffer) {
   2041   VLOG(3) << __func__;
   2042   return Serialize_UINT32(value, buffer);
   2043 }
   2044 
   2045 TPM_RC Parse_TPM_RC(std::string* buffer,
   2046                     TPM_RC* value,
   2047                     std::string* value_bytes) {
   2048   VLOG(3) << __func__;
   2049   return Parse_UINT32(buffer, value, value_bytes);
   2050 }
   2051 
   2052 TPM_RC Serialize_TPM_CLOCK_ADJUST(const TPM_CLOCK_ADJUST& value,
   2053                                   std::string* buffer) {
   2054   VLOG(3) << __func__;
   2055   return Serialize_INT8(value, buffer);
   2056 }
   2057 
   2058 TPM_RC Parse_TPM_CLOCK_ADJUST(std::string* buffer,
   2059                               TPM_CLOCK_ADJUST* value,
   2060                               std::string* value_bytes) {
   2061   VLOG(3) << __func__;
   2062   return Parse_INT8(buffer, value, value_bytes);
   2063 }
   2064 
   2065 TPM_RC Serialize_TPM_EO(const TPM_EO& value, std::string* buffer) {
   2066   VLOG(3) << __func__;
   2067   return Serialize_UINT16(value, buffer);
   2068 }
   2069 
   2070 TPM_RC Parse_TPM_EO(std::string* buffer,
   2071                     TPM_EO* value,
   2072                     std::string* value_bytes) {
   2073   VLOG(3) << __func__;
   2074   return Parse_UINT16(buffer, value, value_bytes);
   2075 }
   2076 
   2077 TPM_RC Serialize_TPM_SU(const TPM_SU& value, std::string* buffer) {
   2078   VLOG(3) << __func__;
   2079   return Serialize_UINT16(value, buffer);
   2080 }
   2081 
   2082 TPM_RC Parse_TPM_SU(std::string* buffer,
   2083                     TPM_SU* value,
   2084                     std::string* value_bytes) {
   2085   VLOG(3) << __func__;
   2086   return Parse_UINT16(buffer, value, value_bytes);
   2087 }
   2088 
   2089 TPM_RC Serialize_TPM_SE(const TPM_SE& value, std::string* buffer) {
   2090   VLOG(3) << __func__;
   2091   return Serialize_UINT8(value, buffer);
   2092 }
   2093 
   2094 TPM_RC Parse_TPM_SE(std::string* buffer,
   2095                     TPM_SE* value,
   2096                     std::string* value_bytes) {
   2097   VLOG(3) << __func__;
   2098   return Parse_UINT8(buffer, value, value_bytes);
   2099 }
   2100 
   2101 TPM_RC Serialize_TPM_CAP(const TPM_CAP& value, std::string* buffer) {
   2102   VLOG(3) << __func__;
   2103   return Serialize_UINT32(value, buffer);
   2104 }
   2105 
   2106 TPM_RC Parse_TPM_CAP(std::string* buffer,
   2107                      TPM_CAP* value,
   2108                      std::string* value_bytes) {
   2109   VLOG(3) << __func__;
   2110   return Parse_UINT32(buffer, value, value_bytes);
   2111 }
   2112 
   2113 TPM_RC Serialize_TPM_PT(const TPM_PT& value, std::string* buffer) {
   2114   VLOG(3) << __func__;
   2115   return Serialize_UINT32(value, buffer);
   2116 }
   2117 
   2118 TPM_RC Parse_TPM_PT(std::string* buffer,
   2119                     TPM_PT* value,
   2120                     std::string* value_bytes) {
   2121   VLOG(3) << __func__;
   2122   return Parse_UINT32(buffer, value, value_bytes);
   2123 }
   2124 
   2125 TPM_RC Serialize_TPM_PT_PCR(const TPM_PT_PCR& value, std::string* buffer) {
   2126   VLOG(3) << __func__;
   2127   return Serialize_UINT32(value, buffer);
   2128 }
   2129 
   2130 TPM_RC Parse_TPM_PT_PCR(std::string* buffer,
   2131                         TPM_PT_PCR* value,
   2132                         std::string* value_bytes) {
   2133   VLOG(3) << __func__;
   2134   return Parse_UINT32(buffer, value, value_bytes);
   2135 }
   2136 
   2137 TPM_RC Serialize_TPM_PS(const TPM_PS& value, std::string* buffer) {
   2138   VLOG(3) << __func__;
   2139   return Serialize_UINT32(value, buffer);
   2140 }
   2141 
   2142 TPM_RC Parse_TPM_PS(std::string* buffer,
   2143                     TPM_PS* value,
   2144                     std::string* value_bytes) {
   2145   VLOG(3) << __func__;
   2146   return Parse_UINT32(buffer, value, value_bytes);
   2147 }
   2148 
   2149 TPM_RC Serialize_TPM_HT(const TPM_HT& value, std::string* buffer) {
   2150   VLOG(3) << __func__;
   2151   return Serialize_UINT8(value, buffer);
   2152 }
   2153 
   2154 TPM_RC Parse_TPM_HT(std::string* buffer,
   2155                     TPM_HT* value,
   2156                     std::string* value_bytes) {
   2157   VLOG(3) << __func__;
   2158   return Parse_UINT8(buffer, value, value_bytes);
   2159 }
   2160 
   2161 TPM_RC Serialize_TPM_RH(const TPM_RH& value, std::string* buffer) {
   2162   VLOG(3) << __func__;
   2163   return Serialize_UINT32(value, buffer);
   2164 }
   2165 
   2166 TPM_RC Parse_TPM_RH(std::string* buffer,
   2167                     TPM_RH* value,
   2168                     std::string* value_bytes) {
   2169   VLOG(3) << __func__;
   2170   return Parse_UINT32(buffer, value, value_bytes);
   2171 }
   2172 
   2173 TPM_RC Serialize_TPM_HC(const TPM_HC& value, std::string* buffer) {
   2174   VLOG(3) << __func__;
   2175   return Serialize_TPM_HANDLE(value, buffer);
   2176 }
   2177 
   2178 TPM_RC Parse_TPM_HC(std::string* buffer,
   2179                     TPM_HC* value,
   2180                     std::string* value_bytes) {
   2181   VLOG(3) << __func__;
   2182   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   2183 }
   2184 
   2185 TPM_RC Serialize_TPMS_ALGORITHM_DESCRIPTION(
   2186     const TPMS_ALGORITHM_DESCRIPTION& value,
   2187     std::string* buffer) {
   2188   TPM_RC result = TPM_RC_SUCCESS;
   2189   VLOG(3) << __func__;
   2190 
   2191   result = Serialize_TPM_ALG_ID(value.alg, buffer);
   2192   if (result) {
   2193     return result;
   2194   }
   2195 
   2196   result = Serialize_TPMA_ALGORITHM(value.attributes, buffer);
   2197   if (result) {
   2198     return result;
   2199   }
   2200   return result;
   2201 }
   2202 
   2203 TPM_RC Parse_TPMS_ALGORITHM_DESCRIPTION(std::string* buffer,
   2204                                         TPMS_ALGORITHM_DESCRIPTION* value,
   2205                                         std::string* value_bytes) {
   2206   TPM_RC result = TPM_RC_SUCCESS;
   2207   VLOG(3) << __func__;
   2208 
   2209   result = Parse_TPM_ALG_ID(buffer, &value->alg, value_bytes);
   2210   if (result) {
   2211     return result;
   2212   }
   2213 
   2214   result = Parse_TPMA_ALGORITHM(buffer, &value->attributes, value_bytes);
   2215   if (result) {
   2216     return result;
   2217   }
   2218   return result;
   2219 }
   2220 
   2221 TPM_RC Serialize_TPMU_HA(const TPMU_HA& value,
   2222                          TPMI_ALG_HASH selector,
   2223                          std::string* buffer) {
   2224   TPM_RC result = TPM_RC_SUCCESS;
   2225   VLOG(3) << __func__;
   2226 
   2227   if (selector == TPM_ALG_SHA384) {
   2228     if (arraysize(value.sha384) < SHA384_DIGEST_SIZE) {
   2229       return TPM_RC_INSUFFICIENT;
   2230     }
   2231     for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) {
   2232       result = Serialize_BYTE(value.sha384[i], buffer);
   2233       if (result) {
   2234         return result;
   2235       }
   2236     }
   2237   }
   2238 
   2239   if (selector == TPM_ALG_SHA1) {
   2240     if (arraysize(value.sha1) < SHA1_DIGEST_SIZE) {
   2241       return TPM_RC_INSUFFICIENT;
   2242     }
   2243     for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) {
   2244       result = Serialize_BYTE(value.sha1[i], buffer);
   2245       if (result) {
   2246         return result;
   2247       }
   2248     }
   2249   }
   2250 
   2251   if (selector == TPM_ALG_SM3_256) {
   2252     if (arraysize(value.sm3_256) < SM3_256_DIGEST_SIZE) {
   2253       return TPM_RC_INSUFFICIENT;
   2254     }
   2255     for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) {
   2256       result = Serialize_BYTE(value.sm3_256[i], buffer);
   2257       if (result) {
   2258         return result;
   2259       }
   2260     }
   2261   }
   2262 
   2263   if (selector == TPM_ALG_NULL) {
   2264     // Do nothing.
   2265   }
   2266 
   2267   if (selector == TPM_ALG_SHA256) {
   2268     if (arraysize(value.sha256) < SHA256_DIGEST_SIZE) {
   2269       return TPM_RC_INSUFFICIENT;
   2270     }
   2271     for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) {
   2272       result = Serialize_BYTE(value.sha256[i], buffer);
   2273       if (result) {
   2274         return result;
   2275       }
   2276     }
   2277   }
   2278 
   2279   if (selector == TPM_ALG_SHA512) {
   2280     if (arraysize(value.sha512) < SHA512_DIGEST_SIZE) {
   2281       return TPM_RC_INSUFFICIENT;
   2282     }
   2283     for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) {
   2284       result = Serialize_BYTE(value.sha512[i], buffer);
   2285       if (result) {
   2286         return result;
   2287       }
   2288     }
   2289   }
   2290   return result;
   2291 }
   2292 
   2293 TPM_RC Parse_TPMU_HA(std::string* buffer,
   2294                      TPMI_ALG_HASH selector,
   2295                      TPMU_HA* value,
   2296                      std::string* value_bytes) {
   2297   TPM_RC result = TPM_RC_SUCCESS;
   2298   VLOG(3) << __func__;
   2299 
   2300   if (selector == TPM_ALG_SHA384) {
   2301     if (arraysize(value->sha384) < SHA384_DIGEST_SIZE) {
   2302       return TPM_RC_INSUFFICIENT;
   2303     }
   2304     for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) {
   2305       result = Parse_BYTE(buffer, &value->sha384[i], value_bytes);
   2306       if (result) {
   2307         return result;
   2308       }
   2309     }
   2310   }
   2311 
   2312   if (selector == TPM_ALG_SHA1) {
   2313     if (arraysize(value->sha1) < SHA1_DIGEST_SIZE) {
   2314       return TPM_RC_INSUFFICIENT;
   2315     }
   2316     for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) {
   2317       result = Parse_BYTE(buffer, &value->sha1[i], value_bytes);
   2318       if (result) {
   2319         return result;
   2320       }
   2321     }
   2322   }
   2323 
   2324   if (selector == TPM_ALG_SM3_256) {
   2325     if (arraysize(value->sm3_256) < SM3_256_DIGEST_SIZE) {
   2326       return TPM_RC_INSUFFICIENT;
   2327     }
   2328     for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) {
   2329       result = Parse_BYTE(buffer, &value->sm3_256[i], value_bytes);
   2330       if (result) {
   2331         return result;
   2332       }
   2333     }
   2334   }
   2335 
   2336   if (selector == TPM_ALG_NULL) {
   2337     // Do nothing.
   2338   }
   2339 
   2340   if (selector == TPM_ALG_SHA256) {
   2341     if (arraysize(value->sha256) < SHA256_DIGEST_SIZE) {
   2342       return TPM_RC_INSUFFICIENT;
   2343     }
   2344     for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) {
   2345       result = Parse_BYTE(buffer, &value->sha256[i], value_bytes);
   2346       if (result) {
   2347         return result;
   2348       }
   2349     }
   2350   }
   2351 
   2352   if (selector == TPM_ALG_SHA512) {
   2353     if (arraysize(value->sha512) < SHA512_DIGEST_SIZE) {
   2354       return TPM_RC_INSUFFICIENT;
   2355     }
   2356     for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) {
   2357       result = Parse_BYTE(buffer, &value->sha512[i], value_bytes);
   2358       if (result) {
   2359         return result;
   2360       }
   2361     }
   2362   }
   2363   return result;
   2364 }
   2365 
   2366 TPM_RC Serialize_TPMT_HA(const TPMT_HA& value, std::string* buffer) {
   2367   TPM_RC result = TPM_RC_SUCCESS;
   2368   VLOG(3) << __func__;
   2369 
   2370   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   2371   if (result) {
   2372     return result;
   2373   }
   2374 
   2375   result = Serialize_TPMU_HA(value.digest, value.hash_alg, buffer);
   2376   if (result) {
   2377     return result;
   2378   }
   2379   return result;
   2380 }
   2381 
   2382 TPM_RC Parse_TPMT_HA(std::string* buffer,
   2383                      TPMT_HA* value,
   2384                      std::string* value_bytes) {
   2385   TPM_RC result = TPM_RC_SUCCESS;
   2386   VLOG(3) << __func__;
   2387 
   2388   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   2389   if (result) {
   2390     return result;
   2391   }
   2392 
   2393   result = Parse_TPMU_HA(buffer, value->hash_alg, &value->digest, value_bytes);
   2394   if (result) {
   2395     return result;
   2396   }
   2397   return result;
   2398 }
   2399 
   2400 TPM_RC Serialize_TPM2B_DATA(const TPM2B_DATA& value, std::string* buffer) {
   2401   TPM_RC result = TPM_RC_SUCCESS;
   2402   VLOG(3) << __func__;
   2403 
   2404   result = Serialize_UINT16(value.size, buffer);
   2405   if (result) {
   2406     return result;
   2407   }
   2408 
   2409   if (arraysize(value.buffer) < value.size) {
   2410     return TPM_RC_INSUFFICIENT;
   2411   }
   2412   for (uint32_t i = 0; i < value.size; ++i) {
   2413     result = Serialize_BYTE(value.buffer[i], buffer);
   2414     if (result) {
   2415       return result;
   2416     }
   2417   }
   2418   return result;
   2419 }
   2420 
   2421 TPM_RC Parse_TPM2B_DATA(std::string* buffer,
   2422                         TPM2B_DATA* value,
   2423                         std::string* value_bytes) {
   2424   TPM_RC result = TPM_RC_SUCCESS;
   2425   VLOG(3) << __func__;
   2426 
   2427   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2428   if (result) {
   2429     return result;
   2430   }
   2431 
   2432   if (arraysize(value->buffer) < value->size) {
   2433     return TPM_RC_INSUFFICIENT;
   2434   }
   2435   for (uint32_t i = 0; i < value->size; ++i) {
   2436     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2437     if (result) {
   2438       return result;
   2439     }
   2440   }
   2441   return result;
   2442 }
   2443 
   2444 TPM2B_DATA Make_TPM2B_DATA(const std::string& bytes) {
   2445   TPM2B_DATA tpm2b;
   2446   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2447   memset(&tpm2b, 0, sizeof(TPM2B_DATA));
   2448   tpm2b.size = bytes.size();
   2449   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2450   return tpm2b;
   2451 }
   2452 
   2453 std::string StringFrom_TPM2B_DATA(const TPM2B_DATA& tpm2b) {
   2454   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2455   return std::string(char_buffer, tpm2b.size);
   2456 }
   2457 
   2458 TPM_RC Serialize_TPM2B_EVENT(const TPM2B_EVENT& value, std::string* buffer) {
   2459   TPM_RC result = TPM_RC_SUCCESS;
   2460   VLOG(3) << __func__;
   2461 
   2462   result = Serialize_UINT16(value.size, buffer);
   2463   if (result) {
   2464     return result;
   2465   }
   2466 
   2467   if (arraysize(value.buffer) < value.size) {
   2468     return TPM_RC_INSUFFICIENT;
   2469   }
   2470   for (uint32_t i = 0; i < value.size; ++i) {
   2471     result = Serialize_BYTE(value.buffer[i], buffer);
   2472     if (result) {
   2473       return result;
   2474     }
   2475   }
   2476   return result;
   2477 }
   2478 
   2479 TPM_RC Parse_TPM2B_EVENT(std::string* buffer,
   2480                          TPM2B_EVENT* value,
   2481                          std::string* value_bytes) {
   2482   TPM_RC result = TPM_RC_SUCCESS;
   2483   VLOG(3) << __func__;
   2484 
   2485   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2486   if (result) {
   2487     return result;
   2488   }
   2489 
   2490   if (arraysize(value->buffer) < value->size) {
   2491     return TPM_RC_INSUFFICIENT;
   2492   }
   2493   for (uint32_t i = 0; i < value->size; ++i) {
   2494     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2495     if (result) {
   2496       return result;
   2497     }
   2498   }
   2499   return result;
   2500 }
   2501 
   2502 TPM2B_EVENT Make_TPM2B_EVENT(const std::string& bytes) {
   2503   TPM2B_EVENT tpm2b;
   2504   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2505   memset(&tpm2b, 0, sizeof(TPM2B_EVENT));
   2506   tpm2b.size = bytes.size();
   2507   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2508   return tpm2b;
   2509 }
   2510 
   2511 std::string StringFrom_TPM2B_EVENT(const TPM2B_EVENT& tpm2b) {
   2512   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2513   return std::string(char_buffer, tpm2b.size);
   2514 }
   2515 
   2516 TPM_RC Serialize_TPM2B_MAX_BUFFER(const TPM2B_MAX_BUFFER& value,
   2517                                   std::string* buffer) {
   2518   TPM_RC result = TPM_RC_SUCCESS;
   2519   VLOG(3) << __func__;
   2520 
   2521   result = Serialize_UINT16(value.size, buffer);
   2522   if (result) {
   2523     return result;
   2524   }
   2525 
   2526   if (arraysize(value.buffer) < value.size) {
   2527     return TPM_RC_INSUFFICIENT;
   2528   }
   2529   for (uint32_t i = 0; i < value.size; ++i) {
   2530     result = Serialize_BYTE(value.buffer[i], buffer);
   2531     if (result) {
   2532       return result;
   2533     }
   2534   }
   2535   return result;
   2536 }
   2537 
   2538 TPM_RC Parse_TPM2B_MAX_BUFFER(std::string* buffer,
   2539                               TPM2B_MAX_BUFFER* value,
   2540                               std::string* value_bytes) {
   2541   TPM_RC result = TPM_RC_SUCCESS;
   2542   VLOG(3) << __func__;
   2543 
   2544   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2545   if (result) {
   2546     return result;
   2547   }
   2548 
   2549   if (arraysize(value->buffer) < value->size) {
   2550     return TPM_RC_INSUFFICIENT;
   2551   }
   2552   for (uint32_t i = 0; i < value->size; ++i) {
   2553     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2554     if (result) {
   2555       return result;
   2556     }
   2557   }
   2558   return result;
   2559 }
   2560 
   2561 TPM2B_MAX_BUFFER Make_TPM2B_MAX_BUFFER(const std::string& bytes) {
   2562   TPM2B_MAX_BUFFER tpm2b;
   2563   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2564   memset(&tpm2b, 0, sizeof(TPM2B_MAX_BUFFER));
   2565   tpm2b.size = bytes.size();
   2566   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2567   return tpm2b;
   2568 }
   2569 
   2570 std::string StringFrom_TPM2B_MAX_BUFFER(const TPM2B_MAX_BUFFER& tpm2b) {
   2571   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2572   return std::string(char_buffer, tpm2b.size);
   2573 }
   2574 
   2575 TPM_RC Serialize_TPM2B_MAX_NV_BUFFER(const TPM2B_MAX_NV_BUFFER& value,
   2576                                      std::string* buffer) {
   2577   TPM_RC result = TPM_RC_SUCCESS;
   2578   VLOG(3) << __func__;
   2579 
   2580   result = Serialize_UINT16(value.size, buffer);
   2581   if (result) {
   2582     return result;
   2583   }
   2584 
   2585   if (arraysize(value.buffer) < value.size) {
   2586     return TPM_RC_INSUFFICIENT;
   2587   }
   2588   for (uint32_t i = 0; i < value.size; ++i) {
   2589     result = Serialize_BYTE(value.buffer[i], buffer);
   2590     if (result) {
   2591       return result;
   2592     }
   2593   }
   2594   return result;
   2595 }
   2596 
   2597 TPM_RC Parse_TPM2B_MAX_NV_BUFFER(std::string* buffer,
   2598                                  TPM2B_MAX_NV_BUFFER* value,
   2599                                  std::string* value_bytes) {
   2600   TPM_RC result = TPM_RC_SUCCESS;
   2601   VLOG(3) << __func__;
   2602 
   2603   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2604   if (result) {
   2605     return result;
   2606   }
   2607 
   2608   if (arraysize(value->buffer) < value->size) {
   2609     return TPM_RC_INSUFFICIENT;
   2610   }
   2611   for (uint32_t i = 0; i < value->size; ++i) {
   2612     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2613     if (result) {
   2614       return result;
   2615     }
   2616   }
   2617   return result;
   2618 }
   2619 
   2620 TPM2B_MAX_NV_BUFFER Make_TPM2B_MAX_NV_BUFFER(const std::string& bytes) {
   2621   TPM2B_MAX_NV_BUFFER tpm2b;
   2622   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2623   memset(&tpm2b, 0, sizeof(TPM2B_MAX_NV_BUFFER));
   2624   tpm2b.size = bytes.size();
   2625   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2626   return tpm2b;
   2627 }
   2628 
   2629 std::string StringFrom_TPM2B_MAX_NV_BUFFER(const TPM2B_MAX_NV_BUFFER& tpm2b) {
   2630   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2631   return std::string(char_buffer, tpm2b.size);
   2632 }
   2633 
   2634 TPM_RC Serialize_TPM2B_TIMEOUT(const TPM2B_TIMEOUT& value,
   2635                                std::string* buffer) {
   2636   TPM_RC result = TPM_RC_SUCCESS;
   2637   VLOG(3) << __func__;
   2638 
   2639   result = Serialize_UINT16(value.size, buffer);
   2640   if (result) {
   2641     return result;
   2642   }
   2643 
   2644   if (arraysize(value.buffer) < value.size) {
   2645     return TPM_RC_INSUFFICIENT;
   2646   }
   2647   for (uint32_t i = 0; i < value.size; ++i) {
   2648     result = Serialize_BYTE(value.buffer[i], buffer);
   2649     if (result) {
   2650       return result;
   2651     }
   2652   }
   2653   return result;
   2654 }
   2655 
   2656 TPM_RC Parse_TPM2B_TIMEOUT(std::string* buffer,
   2657                            TPM2B_TIMEOUT* value,
   2658                            std::string* value_bytes) {
   2659   TPM_RC result = TPM_RC_SUCCESS;
   2660   VLOG(3) << __func__;
   2661 
   2662   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2663   if (result) {
   2664     return result;
   2665   }
   2666 
   2667   if (arraysize(value->buffer) < value->size) {
   2668     return TPM_RC_INSUFFICIENT;
   2669   }
   2670   for (uint32_t i = 0; i < value->size; ++i) {
   2671     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2672     if (result) {
   2673       return result;
   2674     }
   2675   }
   2676   return result;
   2677 }
   2678 
   2679 TPM2B_TIMEOUT Make_TPM2B_TIMEOUT(const std::string& bytes) {
   2680   TPM2B_TIMEOUT tpm2b;
   2681   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2682   memset(&tpm2b, 0, sizeof(TPM2B_TIMEOUT));
   2683   tpm2b.size = bytes.size();
   2684   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2685   return tpm2b;
   2686 }
   2687 
   2688 std::string StringFrom_TPM2B_TIMEOUT(const TPM2B_TIMEOUT& tpm2b) {
   2689   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2690   return std::string(char_buffer, tpm2b.size);
   2691 }
   2692 
   2693 TPM_RC Serialize_TPM2B_IV(const TPM2B_IV& value, std::string* buffer) {
   2694   TPM_RC result = TPM_RC_SUCCESS;
   2695   VLOG(3) << __func__;
   2696 
   2697   result = Serialize_UINT16(value.size, buffer);
   2698   if (result) {
   2699     return result;
   2700   }
   2701 
   2702   if (arraysize(value.buffer) < value.size) {
   2703     return TPM_RC_INSUFFICIENT;
   2704   }
   2705   for (uint32_t i = 0; i < value.size; ++i) {
   2706     result = Serialize_BYTE(value.buffer[i], buffer);
   2707     if (result) {
   2708       return result;
   2709     }
   2710   }
   2711   return result;
   2712 }
   2713 
   2714 TPM_RC Parse_TPM2B_IV(std::string* buffer,
   2715                       TPM2B_IV* value,
   2716                       std::string* value_bytes) {
   2717   TPM_RC result = TPM_RC_SUCCESS;
   2718   VLOG(3) << __func__;
   2719 
   2720   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2721   if (result) {
   2722     return result;
   2723   }
   2724 
   2725   if (arraysize(value->buffer) < value->size) {
   2726     return TPM_RC_INSUFFICIENT;
   2727   }
   2728   for (uint32_t i = 0; i < value->size; ++i) {
   2729     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   2730     if (result) {
   2731       return result;
   2732     }
   2733   }
   2734   return result;
   2735 }
   2736 
   2737 TPM2B_IV Make_TPM2B_IV(const std::string& bytes) {
   2738   TPM2B_IV tpm2b;
   2739   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2740   memset(&tpm2b, 0, sizeof(TPM2B_IV));
   2741   tpm2b.size = bytes.size();
   2742   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2743   return tpm2b;
   2744 }
   2745 
   2746 std::string StringFrom_TPM2B_IV(const TPM2B_IV& tpm2b) {
   2747   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   2748   return std::string(char_buffer, tpm2b.size);
   2749 }
   2750 
   2751 TPM_RC Serialize_TPM2B_NAME(const TPM2B_NAME& value, std::string* buffer) {
   2752   TPM_RC result = TPM_RC_SUCCESS;
   2753   VLOG(3) << __func__;
   2754 
   2755   result = Serialize_UINT16(value.size, buffer);
   2756   if (result) {
   2757     return result;
   2758   }
   2759 
   2760   if (arraysize(value.name) < value.size) {
   2761     return TPM_RC_INSUFFICIENT;
   2762   }
   2763   for (uint32_t i = 0; i < value.size; ++i) {
   2764     result = Serialize_BYTE(value.name[i], buffer);
   2765     if (result) {
   2766       return result;
   2767     }
   2768   }
   2769   return result;
   2770 }
   2771 
   2772 TPM_RC Parse_TPM2B_NAME(std::string* buffer,
   2773                         TPM2B_NAME* value,
   2774                         std::string* value_bytes) {
   2775   TPM_RC result = TPM_RC_SUCCESS;
   2776   VLOG(3) << __func__;
   2777 
   2778   result = Parse_UINT16(buffer, &value->size, value_bytes);
   2779   if (result) {
   2780     return result;
   2781   }
   2782 
   2783   if (arraysize(value->name) < value->size) {
   2784     return TPM_RC_INSUFFICIENT;
   2785   }
   2786   for (uint32_t i = 0; i < value->size; ++i) {
   2787     result = Parse_BYTE(buffer, &value->name[i], value_bytes);
   2788     if (result) {
   2789       return result;
   2790     }
   2791   }
   2792   return result;
   2793 }
   2794 
   2795 TPM2B_NAME Make_TPM2B_NAME(const std::string& bytes) {
   2796   TPM2B_NAME tpm2b;
   2797   CHECK(bytes.size() <= sizeof(tpm2b.name));
   2798   memset(&tpm2b, 0, sizeof(TPM2B_NAME));
   2799   tpm2b.size = bytes.size();
   2800   memcpy(tpm2b.name, bytes.data(), bytes.size());
   2801   return tpm2b;
   2802 }
   2803 
   2804 std::string StringFrom_TPM2B_NAME(const TPM2B_NAME& tpm2b) {
   2805   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.name);
   2806   return std::string(char_buffer, tpm2b.size);
   2807 }
   2808 
   2809 TPM_RC Serialize_TPMS_PCR_SELECT(const TPMS_PCR_SELECT& value,
   2810                                  std::string* buffer) {
   2811   TPM_RC result = TPM_RC_SUCCESS;
   2812   VLOG(3) << __func__;
   2813 
   2814   result = Serialize_UINT8(value.sizeof_select, buffer);
   2815   if (result) {
   2816     return result;
   2817   }
   2818 
   2819   if (arraysize(value.pcr_select) < value.sizeof_select) {
   2820     return TPM_RC_INSUFFICIENT;
   2821   }
   2822   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   2823     result = Serialize_BYTE(value.pcr_select[i], buffer);
   2824     if (result) {
   2825       return result;
   2826     }
   2827   }
   2828   return result;
   2829 }
   2830 
   2831 TPM_RC Parse_TPMS_PCR_SELECT(std::string* buffer,
   2832                              TPMS_PCR_SELECT* value,
   2833                              std::string* value_bytes) {
   2834   TPM_RC result = TPM_RC_SUCCESS;
   2835   VLOG(3) << __func__;
   2836 
   2837   result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes);
   2838   if (result) {
   2839     return result;
   2840   }
   2841 
   2842   if (arraysize(value->pcr_select) < value->sizeof_select) {
   2843     return TPM_RC_INSUFFICIENT;
   2844   }
   2845   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   2846     result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes);
   2847     if (result) {
   2848       return result;
   2849     }
   2850   }
   2851   return result;
   2852 }
   2853 
   2854 TPM_RC Serialize_TPMS_PCR_SELECTION(const TPMS_PCR_SELECTION& value,
   2855                                     std::string* buffer) {
   2856   TPM_RC result = TPM_RC_SUCCESS;
   2857   VLOG(3) << __func__;
   2858 
   2859   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   2860   if (result) {
   2861     return result;
   2862   }
   2863 
   2864   result = Serialize_UINT8(value.sizeof_select, buffer);
   2865   if (result) {
   2866     return result;
   2867   }
   2868 
   2869   if (arraysize(value.pcr_select) < value.sizeof_select) {
   2870     return TPM_RC_INSUFFICIENT;
   2871   }
   2872   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   2873     result = Serialize_BYTE(value.pcr_select[i], buffer);
   2874     if (result) {
   2875       return result;
   2876     }
   2877   }
   2878   return result;
   2879 }
   2880 
   2881 TPM_RC Parse_TPMS_PCR_SELECTION(std::string* buffer,
   2882                                 TPMS_PCR_SELECTION* value,
   2883                                 std::string* value_bytes) {
   2884   TPM_RC result = TPM_RC_SUCCESS;
   2885   VLOG(3) << __func__;
   2886 
   2887   result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes);
   2888   if (result) {
   2889     return result;
   2890   }
   2891 
   2892   result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes);
   2893   if (result) {
   2894     return result;
   2895   }
   2896 
   2897   if (arraysize(value->pcr_select) < value->sizeof_select) {
   2898     return TPM_RC_INSUFFICIENT;
   2899   }
   2900   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   2901     result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes);
   2902     if (result) {
   2903       return result;
   2904     }
   2905   }
   2906   return result;
   2907 }
   2908 
   2909 TPM_RC Serialize_TPMT_TK_CREATION(const TPMT_TK_CREATION& value,
   2910                                   std::string* buffer) {
   2911   TPM_RC result = TPM_RC_SUCCESS;
   2912   VLOG(3) << __func__;
   2913 
   2914   result = Serialize_TPM_ST(value.tag, buffer);
   2915   if (result) {
   2916     return result;
   2917   }
   2918 
   2919   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   2920   if (result) {
   2921     return result;
   2922   }
   2923 
   2924   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   2925   if (result) {
   2926     return result;
   2927   }
   2928   return result;
   2929 }
   2930 
   2931 TPM_RC Parse_TPMT_TK_CREATION(std::string* buffer,
   2932                               TPMT_TK_CREATION* value,
   2933                               std::string* value_bytes) {
   2934   TPM_RC result = TPM_RC_SUCCESS;
   2935   VLOG(3) << __func__;
   2936 
   2937   result = Parse_TPM_ST(buffer, &value->tag, value_bytes);
   2938   if (result) {
   2939     return result;
   2940   }
   2941 
   2942   result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes);
   2943   if (result) {
   2944     return result;
   2945   }
   2946 
   2947   result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes);
   2948   if (result) {
   2949     return result;
   2950   }
   2951   return result;
   2952 }
   2953 
   2954 TPM_RC Serialize_TPMT_TK_VERIFIED(const TPMT_TK_VERIFIED& value,
   2955                                   std::string* buffer) {
   2956   TPM_RC result = TPM_RC_SUCCESS;
   2957   VLOG(3) << __func__;
   2958 
   2959   result = Serialize_TPM_ST(value.tag, buffer);
   2960   if (result) {
   2961     return result;
   2962   }
   2963 
   2964   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   2965   if (result) {
   2966     return result;
   2967   }
   2968 
   2969   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   2970   if (result) {
   2971     return result;
   2972   }
   2973   return result;
   2974 }
   2975 
   2976 TPM_RC Parse_TPMT_TK_VERIFIED(std::string* buffer,
   2977                               TPMT_TK_VERIFIED* value,
   2978                               std::string* value_bytes) {
   2979   TPM_RC result = TPM_RC_SUCCESS;
   2980   VLOG(3) << __func__;
   2981 
   2982   result = Parse_TPM_ST(buffer, &value->tag, value_bytes);
   2983   if (result) {
   2984     return result;
   2985   }
   2986 
   2987   result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes);
   2988   if (result) {
   2989     return result;
   2990   }
   2991 
   2992   result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes);
   2993   if (result) {
   2994     return result;
   2995   }
   2996   return result;
   2997 }
   2998 
   2999 TPM_RC Serialize_TPMT_TK_AUTH(const TPMT_TK_AUTH& value, std::string* buffer) {
   3000   TPM_RC result = TPM_RC_SUCCESS;
   3001   VLOG(3) << __func__;
   3002 
   3003   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3004   if (result) {
   3005     return result;
   3006   }
   3007 
   3008   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3009   if (result) {
   3010     return result;
   3011   }
   3012   return result;
   3013 }
   3014 
   3015 TPM_RC Parse_TPMT_TK_AUTH(std::string* buffer,
   3016                           TPMT_TK_AUTH* value,
   3017                           std::string* value_bytes) {
   3018   TPM_RC result = TPM_RC_SUCCESS;
   3019   VLOG(3) << __func__;
   3020 
   3021   result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes);
   3022   if (result) {
   3023     return result;
   3024   }
   3025 
   3026   result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes);
   3027   if (result) {
   3028     return result;
   3029   }
   3030   return result;
   3031 }
   3032 
   3033 TPM_RC Serialize_TPMT_TK_HASHCHECK(const TPMT_TK_HASHCHECK& value,
   3034                                    std::string* buffer) {
   3035   TPM_RC result = TPM_RC_SUCCESS;
   3036   VLOG(3) << __func__;
   3037 
   3038   result = Serialize_TPM_ST(value.tag, buffer);
   3039   if (result) {
   3040     return result;
   3041   }
   3042 
   3043   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3044   if (result) {
   3045     return result;
   3046   }
   3047 
   3048   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3049   if (result) {
   3050     return result;
   3051   }
   3052   return result;
   3053 }
   3054 
   3055 TPM_RC Parse_TPMT_TK_HASHCHECK(std::string* buffer,
   3056                                TPMT_TK_HASHCHECK* value,
   3057                                std::string* value_bytes) {
   3058   TPM_RC result = TPM_RC_SUCCESS;
   3059   VLOG(3) << __func__;
   3060 
   3061   result = Parse_TPM_ST(buffer, &value->tag, value_bytes);
   3062   if (result) {
   3063     return result;
   3064   }
   3065 
   3066   result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes);
   3067   if (result) {
   3068     return result;
   3069   }
   3070 
   3071   result = Parse_TPM2B_DIGEST(buffer, &value->digest, value_bytes);
   3072   if (result) {
   3073     return result;
   3074   }
   3075   return result;
   3076 }
   3077 
   3078 TPM_RC Serialize_TPMS_ALG_PROPERTY(const TPMS_ALG_PROPERTY& value,
   3079                                    std::string* buffer) {
   3080   TPM_RC result = TPM_RC_SUCCESS;
   3081   VLOG(3) << __func__;
   3082 
   3083   result = Serialize_TPM_ALG_ID(value.alg, buffer);
   3084   if (result) {
   3085     return result;
   3086   }
   3087 
   3088   result = Serialize_TPMA_ALGORITHM(value.alg_properties, buffer);
   3089   if (result) {
   3090     return result;
   3091   }
   3092   return result;
   3093 }
   3094 
   3095 TPM_RC Parse_TPMS_ALG_PROPERTY(std::string* buffer,
   3096                                TPMS_ALG_PROPERTY* value,
   3097                                std::string* value_bytes) {
   3098   TPM_RC result = TPM_RC_SUCCESS;
   3099   VLOG(3) << __func__;
   3100 
   3101   result = Parse_TPM_ALG_ID(buffer, &value->alg, value_bytes);
   3102   if (result) {
   3103     return result;
   3104   }
   3105 
   3106   result = Parse_TPMA_ALGORITHM(buffer, &value->alg_properties, value_bytes);
   3107   if (result) {
   3108     return result;
   3109   }
   3110   return result;
   3111 }
   3112 
   3113 TPM_RC Serialize_TPMS_TAGGED_PROPERTY(const TPMS_TAGGED_PROPERTY& value,
   3114                                       std::string* buffer) {
   3115   TPM_RC result = TPM_RC_SUCCESS;
   3116   VLOG(3) << __func__;
   3117 
   3118   result = Serialize_TPM_PT(value.property, buffer);
   3119   if (result) {
   3120     return result;
   3121   }
   3122 
   3123   result = Serialize_UINT32(value.value, buffer);
   3124   if (result) {
   3125     return result;
   3126   }
   3127   return result;
   3128 }
   3129 
   3130 TPM_RC Parse_TPMS_TAGGED_PROPERTY(std::string* buffer,
   3131                                   TPMS_TAGGED_PROPERTY* value,
   3132                                   std::string* value_bytes) {
   3133   TPM_RC result = TPM_RC_SUCCESS;
   3134   VLOG(3) << __func__;
   3135 
   3136   result = Parse_TPM_PT(buffer, &value->property, value_bytes);
   3137   if (result) {
   3138     return result;
   3139   }
   3140 
   3141   result = Parse_UINT32(buffer, &value->value, value_bytes);
   3142   if (result) {
   3143     return result;
   3144   }
   3145   return result;
   3146 }
   3147 
   3148 TPM_RC Serialize_TPMS_TAGGED_PCR_SELECT(const TPMS_TAGGED_PCR_SELECT& value,
   3149                                         std::string* buffer) {
   3150   TPM_RC result = TPM_RC_SUCCESS;
   3151   VLOG(3) << __func__;
   3152 
   3153   result = Serialize_TPM_PT(value.tag, buffer);
   3154   if (result) {
   3155     return result;
   3156   }
   3157 
   3158   result = Serialize_UINT8(value.sizeof_select, buffer);
   3159   if (result) {
   3160     return result;
   3161   }
   3162 
   3163   if (arraysize(value.pcr_select) < value.sizeof_select) {
   3164     return TPM_RC_INSUFFICIENT;
   3165   }
   3166   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   3167     result = Serialize_BYTE(value.pcr_select[i], buffer);
   3168     if (result) {
   3169       return result;
   3170     }
   3171   }
   3172   return result;
   3173 }
   3174 
   3175 TPM_RC Parse_TPMS_TAGGED_PCR_SELECT(std::string* buffer,
   3176                                     TPMS_TAGGED_PCR_SELECT* value,
   3177                                     std::string* value_bytes) {
   3178   TPM_RC result = TPM_RC_SUCCESS;
   3179   VLOG(3) << __func__;
   3180 
   3181   result = Parse_TPM_PT(buffer, &value->tag, value_bytes);
   3182   if (result) {
   3183     return result;
   3184   }
   3185 
   3186   result = Parse_UINT8(buffer, &value->sizeof_select, value_bytes);
   3187   if (result) {
   3188     return result;
   3189   }
   3190 
   3191   if (arraysize(value->pcr_select) < value->sizeof_select) {
   3192     return TPM_RC_INSUFFICIENT;
   3193   }
   3194   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   3195     result = Parse_BYTE(buffer, &value->pcr_select[i], value_bytes);
   3196     if (result) {
   3197       return result;
   3198     }
   3199   }
   3200   return result;
   3201 }
   3202 
   3203 TPM_RC Serialize_TPML_CC(const TPML_CC& value, std::string* buffer) {
   3204   TPM_RC result = TPM_RC_SUCCESS;
   3205   VLOG(3) << __func__;
   3206 
   3207   result = Serialize_UINT32(value.count, buffer);
   3208   if (result) {
   3209     return result;
   3210   }
   3211 
   3212   if (arraysize(value.command_codes) < value.count) {
   3213     return TPM_RC_INSUFFICIENT;
   3214   }
   3215   for (uint32_t i = 0; i < value.count; ++i) {
   3216     result = Serialize_TPM_CC(value.command_codes[i], buffer);
   3217     if (result) {
   3218       return result;
   3219     }
   3220   }
   3221   return result;
   3222 }
   3223 
   3224 TPM_RC Parse_TPML_CC(std::string* buffer,
   3225                      TPML_CC* value,
   3226                      std::string* value_bytes) {
   3227   TPM_RC result = TPM_RC_SUCCESS;
   3228   VLOG(3) << __func__;
   3229 
   3230   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3231   if (result) {
   3232     return result;
   3233   }
   3234 
   3235   if (arraysize(value->command_codes) < value->count) {
   3236     return TPM_RC_INSUFFICIENT;
   3237   }
   3238   for (uint32_t i = 0; i < value->count; ++i) {
   3239     result = Parse_TPM_CC(buffer, &value->command_codes[i], value_bytes);
   3240     if (result) {
   3241       return result;
   3242     }
   3243   }
   3244   return result;
   3245 }
   3246 
   3247 TPM_RC Serialize_TPML_CCA(const TPML_CCA& value, std::string* buffer) {
   3248   TPM_RC result = TPM_RC_SUCCESS;
   3249   VLOG(3) << __func__;
   3250 
   3251   result = Serialize_UINT32(value.count, buffer);
   3252   if (result) {
   3253     return result;
   3254   }
   3255 
   3256   if (arraysize(value.command_attributes) < value.count) {
   3257     return TPM_RC_INSUFFICIENT;
   3258   }
   3259   for (uint32_t i = 0; i < value.count; ++i) {
   3260     result = Serialize_TPMA_CC(value.command_attributes[i], buffer);
   3261     if (result) {
   3262       return result;
   3263     }
   3264   }
   3265   return result;
   3266 }
   3267 
   3268 TPM_RC Parse_TPML_CCA(std::string* buffer,
   3269                       TPML_CCA* value,
   3270                       std::string* value_bytes) {
   3271   TPM_RC result = TPM_RC_SUCCESS;
   3272   VLOG(3) << __func__;
   3273 
   3274   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3275   if (result) {
   3276     return result;
   3277   }
   3278 
   3279   if (arraysize(value->command_attributes) < value->count) {
   3280     return TPM_RC_INSUFFICIENT;
   3281   }
   3282   for (uint32_t i = 0; i < value->count; ++i) {
   3283     result = Parse_TPMA_CC(buffer, &value->command_attributes[i], value_bytes);
   3284     if (result) {
   3285       return result;
   3286     }
   3287   }
   3288   return result;
   3289 }
   3290 
   3291 TPM_RC Serialize_TPML_ALG(const TPML_ALG& value, std::string* buffer) {
   3292   TPM_RC result = TPM_RC_SUCCESS;
   3293   VLOG(3) << __func__;
   3294 
   3295   result = Serialize_UINT32(value.count, buffer);
   3296   if (result) {
   3297     return result;
   3298   }
   3299 
   3300   if (arraysize(value.algorithms) < value.count) {
   3301     return TPM_RC_INSUFFICIENT;
   3302   }
   3303   for (uint32_t i = 0; i < value.count; ++i) {
   3304     result = Serialize_TPM_ALG_ID(value.algorithms[i], buffer);
   3305     if (result) {
   3306       return result;
   3307     }
   3308   }
   3309   return result;
   3310 }
   3311 
   3312 TPM_RC Parse_TPML_ALG(std::string* buffer,
   3313                       TPML_ALG* value,
   3314                       std::string* value_bytes) {
   3315   TPM_RC result = TPM_RC_SUCCESS;
   3316   VLOG(3) << __func__;
   3317 
   3318   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3319   if (result) {
   3320     return result;
   3321   }
   3322 
   3323   if (arraysize(value->algorithms) < value->count) {
   3324     return TPM_RC_INSUFFICIENT;
   3325   }
   3326   for (uint32_t i = 0; i < value->count; ++i) {
   3327     result = Parse_TPM_ALG_ID(buffer, &value->algorithms[i], value_bytes);
   3328     if (result) {
   3329       return result;
   3330     }
   3331   }
   3332   return result;
   3333 }
   3334 
   3335 TPM_RC Serialize_TPML_HANDLE(const TPML_HANDLE& value, std::string* buffer) {
   3336   TPM_RC result = TPM_RC_SUCCESS;
   3337   VLOG(3) << __func__;
   3338 
   3339   result = Serialize_UINT32(value.count, buffer);
   3340   if (result) {
   3341     return result;
   3342   }
   3343 
   3344   if (arraysize(value.handle) < value.count) {
   3345     return TPM_RC_INSUFFICIENT;
   3346   }
   3347   for (uint32_t i = 0; i < value.count; ++i) {
   3348     result = Serialize_TPM_HANDLE(value.handle[i], buffer);
   3349     if (result) {
   3350       return result;
   3351     }
   3352   }
   3353   return result;
   3354 }
   3355 
   3356 TPM_RC Parse_TPML_HANDLE(std::string* buffer,
   3357                          TPML_HANDLE* value,
   3358                          std::string* value_bytes) {
   3359   TPM_RC result = TPM_RC_SUCCESS;
   3360   VLOG(3) << __func__;
   3361 
   3362   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3363   if (result) {
   3364     return result;
   3365   }
   3366 
   3367   if (arraysize(value->handle) < value->count) {
   3368     return TPM_RC_INSUFFICIENT;
   3369   }
   3370   for (uint32_t i = 0; i < value->count; ++i) {
   3371     result = Parse_TPM_HANDLE(buffer, &value->handle[i], value_bytes);
   3372     if (result) {
   3373       return result;
   3374     }
   3375   }
   3376   return result;
   3377 }
   3378 
   3379 TPM_RC Serialize_TPML_DIGEST(const TPML_DIGEST& value, std::string* buffer) {
   3380   TPM_RC result = TPM_RC_SUCCESS;
   3381   VLOG(3) << __func__;
   3382 
   3383   result = Serialize_UINT32(value.count, buffer);
   3384   if (result) {
   3385     return result;
   3386   }
   3387 
   3388   if (arraysize(value.digests) < value.count) {
   3389     return TPM_RC_INSUFFICIENT;
   3390   }
   3391   for (uint32_t i = 0; i < value.count; ++i) {
   3392     result = Serialize_TPM2B_DIGEST(value.digests[i], buffer);
   3393     if (result) {
   3394       return result;
   3395     }
   3396   }
   3397   return result;
   3398 }
   3399 
   3400 TPM_RC Parse_TPML_DIGEST(std::string* buffer,
   3401                          TPML_DIGEST* value,
   3402                          std::string* value_bytes) {
   3403   TPM_RC result = TPM_RC_SUCCESS;
   3404   VLOG(3) << __func__;
   3405 
   3406   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3407   if (result) {
   3408     return result;
   3409   }
   3410 
   3411   if (arraysize(value->digests) < value->count) {
   3412     return TPM_RC_INSUFFICIENT;
   3413   }
   3414   for (uint32_t i = 0; i < value->count; ++i) {
   3415     result = Parse_TPM2B_DIGEST(buffer, &value->digests[i], value_bytes);
   3416     if (result) {
   3417       return result;
   3418     }
   3419   }
   3420   return result;
   3421 }
   3422 
   3423 TPM_RC Serialize_TPML_DIGEST_VALUES(const TPML_DIGEST_VALUES& value,
   3424                                     std::string* buffer) {
   3425   TPM_RC result = TPM_RC_SUCCESS;
   3426   VLOG(3) << __func__;
   3427 
   3428   result = Serialize_UINT32(value.count, buffer);
   3429   if (result) {
   3430     return result;
   3431   }
   3432 
   3433   if (arraysize(value.digests) < value.count) {
   3434     return TPM_RC_INSUFFICIENT;
   3435   }
   3436   for (uint32_t i = 0; i < value.count; ++i) {
   3437     result = Serialize_TPMT_HA(value.digests[i], buffer);
   3438     if (result) {
   3439       return result;
   3440     }
   3441   }
   3442   return result;
   3443 }
   3444 
   3445 TPM_RC Parse_TPML_DIGEST_VALUES(std::string* buffer,
   3446                                 TPML_DIGEST_VALUES* value,
   3447                                 std::string* value_bytes) {
   3448   TPM_RC result = TPM_RC_SUCCESS;
   3449   VLOG(3) << __func__;
   3450 
   3451   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3452   if (result) {
   3453     return result;
   3454   }
   3455 
   3456   if (arraysize(value->digests) < value->count) {
   3457     return TPM_RC_INSUFFICIENT;
   3458   }
   3459   for (uint32_t i = 0; i < value->count; ++i) {
   3460     result = Parse_TPMT_HA(buffer, &value->digests[i], value_bytes);
   3461     if (result) {
   3462       return result;
   3463     }
   3464   }
   3465   return result;
   3466 }
   3467 
   3468 TPM_RC Serialize_TPM2B_DIGEST_VALUES(const TPM2B_DIGEST_VALUES& value,
   3469                                      std::string* buffer) {
   3470   TPM_RC result = TPM_RC_SUCCESS;
   3471   VLOG(3) << __func__;
   3472 
   3473   result = Serialize_UINT16(value.size, buffer);
   3474   if (result) {
   3475     return result;
   3476   }
   3477 
   3478   if (arraysize(value.buffer) < value.size) {
   3479     return TPM_RC_INSUFFICIENT;
   3480   }
   3481   for (uint32_t i = 0; i < value.size; ++i) {
   3482     result = Serialize_BYTE(value.buffer[i], buffer);
   3483     if (result) {
   3484       return result;
   3485     }
   3486   }
   3487   return result;
   3488 }
   3489 
   3490 TPM_RC Parse_TPM2B_DIGEST_VALUES(std::string* buffer,
   3491                                  TPM2B_DIGEST_VALUES* value,
   3492                                  std::string* value_bytes) {
   3493   TPM_RC result = TPM_RC_SUCCESS;
   3494   VLOG(3) << __func__;
   3495 
   3496   result = Parse_UINT16(buffer, &value->size, value_bytes);
   3497   if (result) {
   3498     return result;
   3499   }
   3500 
   3501   if (arraysize(value->buffer) < value->size) {
   3502     return TPM_RC_INSUFFICIENT;
   3503   }
   3504   for (uint32_t i = 0; i < value->size; ++i) {
   3505     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   3506     if (result) {
   3507       return result;
   3508     }
   3509   }
   3510   return result;
   3511 }
   3512 
   3513 TPM2B_DIGEST_VALUES Make_TPM2B_DIGEST_VALUES(const std::string& bytes) {
   3514   TPM2B_DIGEST_VALUES tpm2b;
   3515   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   3516   memset(&tpm2b, 0, sizeof(TPM2B_DIGEST_VALUES));
   3517   tpm2b.size = bytes.size();
   3518   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   3519   return tpm2b;
   3520 }
   3521 
   3522 std::string StringFrom_TPM2B_DIGEST_VALUES(const TPM2B_DIGEST_VALUES& tpm2b) {
   3523   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   3524   return std::string(char_buffer, tpm2b.size);
   3525 }
   3526 
   3527 TPM_RC Serialize_TPML_PCR_SELECTION(const TPML_PCR_SELECTION& value,
   3528                                     std::string* buffer) {
   3529   TPM_RC result = TPM_RC_SUCCESS;
   3530   VLOG(3) << __func__;
   3531 
   3532   result = Serialize_UINT32(value.count, buffer);
   3533   if (result) {
   3534     return result;
   3535   }
   3536 
   3537   if (arraysize(value.pcr_selections) < value.count) {
   3538     return TPM_RC_INSUFFICIENT;
   3539   }
   3540   for (uint32_t i = 0; i < value.count; ++i) {
   3541     result = Serialize_TPMS_PCR_SELECTION(value.pcr_selections[i], buffer);
   3542     if (result) {
   3543       return result;
   3544     }
   3545   }
   3546   return result;
   3547 }
   3548 
   3549 TPM_RC Parse_TPML_PCR_SELECTION(std::string* buffer,
   3550                                 TPML_PCR_SELECTION* value,
   3551                                 std::string* value_bytes) {
   3552   TPM_RC result = TPM_RC_SUCCESS;
   3553   VLOG(3) << __func__;
   3554 
   3555   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3556   if (result) {
   3557     return result;
   3558   }
   3559 
   3560   if (arraysize(value->pcr_selections) < value->count) {
   3561     return TPM_RC_INSUFFICIENT;
   3562   }
   3563   for (uint32_t i = 0; i < value->count; ++i) {
   3564     result = Parse_TPMS_PCR_SELECTION(buffer, &value->pcr_selections[i],
   3565                                       value_bytes);
   3566     if (result) {
   3567       return result;
   3568     }
   3569   }
   3570   return result;
   3571 }
   3572 
   3573 TPM_RC Serialize_TPML_ALG_PROPERTY(const TPML_ALG_PROPERTY& value,
   3574                                    std::string* buffer) {
   3575   TPM_RC result = TPM_RC_SUCCESS;
   3576   VLOG(3) << __func__;
   3577 
   3578   result = Serialize_UINT32(value.count, buffer);
   3579   if (result) {
   3580     return result;
   3581   }
   3582 
   3583   if (arraysize(value.alg_properties) < value.count) {
   3584     return TPM_RC_INSUFFICIENT;
   3585   }
   3586   for (uint32_t i = 0; i < value.count; ++i) {
   3587     result = Serialize_TPMS_ALG_PROPERTY(value.alg_properties[i], buffer);
   3588     if (result) {
   3589       return result;
   3590     }
   3591   }
   3592   return result;
   3593 }
   3594 
   3595 TPM_RC Parse_TPML_ALG_PROPERTY(std::string* buffer,
   3596                                TPML_ALG_PROPERTY* value,
   3597                                std::string* value_bytes) {
   3598   TPM_RC result = TPM_RC_SUCCESS;
   3599   VLOG(3) << __func__;
   3600 
   3601   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3602   if (result) {
   3603     return result;
   3604   }
   3605 
   3606   if (arraysize(value->alg_properties) < value->count) {
   3607     return TPM_RC_INSUFFICIENT;
   3608   }
   3609   for (uint32_t i = 0; i < value->count; ++i) {
   3610     result =
   3611         Parse_TPMS_ALG_PROPERTY(buffer, &value->alg_properties[i], value_bytes);
   3612     if (result) {
   3613       return result;
   3614     }
   3615   }
   3616   return result;
   3617 }
   3618 
   3619 TPM_RC Serialize_TPML_TAGGED_TPM_PROPERTY(const TPML_TAGGED_TPM_PROPERTY& value,
   3620                                           std::string* buffer) {
   3621   TPM_RC result = TPM_RC_SUCCESS;
   3622   VLOG(3) << __func__;
   3623 
   3624   result = Serialize_UINT32(value.count, buffer);
   3625   if (result) {
   3626     return result;
   3627   }
   3628 
   3629   if (arraysize(value.tpm_property) < value.count) {
   3630     return TPM_RC_INSUFFICIENT;
   3631   }
   3632   for (uint32_t i = 0; i < value.count; ++i) {
   3633     result = Serialize_TPMS_TAGGED_PROPERTY(value.tpm_property[i], buffer);
   3634     if (result) {
   3635       return result;
   3636     }
   3637   }
   3638   return result;
   3639 }
   3640 
   3641 TPM_RC Parse_TPML_TAGGED_TPM_PROPERTY(std::string* buffer,
   3642                                       TPML_TAGGED_TPM_PROPERTY* value,
   3643                                       std::string* value_bytes) {
   3644   TPM_RC result = TPM_RC_SUCCESS;
   3645   VLOG(3) << __func__;
   3646 
   3647   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3648   if (result) {
   3649     return result;
   3650   }
   3651 
   3652   if (arraysize(value->tpm_property) < value->count) {
   3653     return TPM_RC_INSUFFICIENT;
   3654   }
   3655   for (uint32_t i = 0; i < value->count; ++i) {
   3656     result = Parse_TPMS_TAGGED_PROPERTY(buffer, &value->tpm_property[i],
   3657                                         value_bytes);
   3658     if (result) {
   3659       return result;
   3660     }
   3661   }
   3662   return result;
   3663 }
   3664 
   3665 TPM_RC Serialize_TPML_TAGGED_PCR_PROPERTY(const TPML_TAGGED_PCR_PROPERTY& value,
   3666                                           std::string* buffer) {
   3667   TPM_RC result = TPM_RC_SUCCESS;
   3668   VLOG(3) << __func__;
   3669 
   3670   result = Serialize_UINT32(value.count, buffer);
   3671   if (result) {
   3672     return result;
   3673   }
   3674 
   3675   if (arraysize(value.pcr_property) < value.count) {
   3676     return TPM_RC_INSUFFICIENT;
   3677   }
   3678   for (uint32_t i = 0; i < value.count; ++i) {
   3679     result = Serialize_TPMS_TAGGED_PCR_SELECT(value.pcr_property[i], buffer);
   3680     if (result) {
   3681       return result;
   3682     }
   3683   }
   3684   return result;
   3685 }
   3686 
   3687 TPM_RC Parse_TPML_TAGGED_PCR_PROPERTY(std::string* buffer,
   3688                                       TPML_TAGGED_PCR_PROPERTY* value,
   3689                                       std::string* value_bytes) {
   3690   TPM_RC result = TPM_RC_SUCCESS;
   3691   VLOG(3) << __func__;
   3692 
   3693   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3694   if (result) {
   3695     return result;
   3696   }
   3697 
   3698   if (arraysize(value->pcr_property) < value->count) {
   3699     return TPM_RC_INSUFFICIENT;
   3700   }
   3701   for (uint32_t i = 0; i < value->count; ++i) {
   3702     result = Parse_TPMS_TAGGED_PCR_SELECT(buffer, &value->pcr_property[i],
   3703                                           value_bytes);
   3704     if (result) {
   3705       return result;
   3706     }
   3707   }
   3708   return result;
   3709 }
   3710 
   3711 TPM_RC Serialize_TPML_ECC_CURVE(const TPML_ECC_CURVE& value,
   3712                                 std::string* buffer) {
   3713   TPM_RC result = TPM_RC_SUCCESS;
   3714   VLOG(3) << __func__;
   3715 
   3716   result = Serialize_UINT32(value.count, buffer);
   3717   if (result) {
   3718     return result;
   3719   }
   3720 
   3721   if (arraysize(value.ecc_curves) < value.count) {
   3722     return TPM_RC_INSUFFICIENT;
   3723   }
   3724   for (uint32_t i = 0; i < value.count; ++i) {
   3725     result = Serialize_TPM_ECC_CURVE(value.ecc_curves[i], buffer);
   3726     if (result) {
   3727       return result;
   3728     }
   3729   }
   3730   return result;
   3731 }
   3732 
   3733 TPM_RC Parse_TPML_ECC_CURVE(std::string* buffer,
   3734                             TPML_ECC_CURVE* value,
   3735                             std::string* value_bytes) {
   3736   TPM_RC result = TPM_RC_SUCCESS;
   3737   VLOG(3) << __func__;
   3738 
   3739   result = Parse_UINT32(buffer, &value->count, value_bytes);
   3740   if (result) {
   3741     return result;
   3742   }
   3743 
   3744   if (arraysize(value->ecc_curves) < value->count) {
   3745     return TPM_RC_INSUFFICIENT;
   3746   }
   3747   for (uint32_t i = 0; i < value->count; ++i) {
   3748     result = Parse_TPM_ECC_CURVE(buffer, &value->ecc_curves[i], value_bytes);
   3749     if (result) {
   3750       return result;
   3751     }
   3752   }
   3753   return result;
   3754 }
   3755 
   3756 TPM_RC Serialize_TPMU_CAPABILITIES(const TPMU_CAPABILITIES& value,
   3757                                    TPM_CAP selector,
   3758                                    std::string* buffer) {
   3759   TPM_RC result = TPM_RC_SUCCESS;
   3760   VLOG(3) << __func__;
   3761 
   3762   if (selector == TPM_CAP_PCRS) {
   3763     result = Serialize_TPML_PCR_SELECTION(value.assigned_pcr, buffer);
   3764     if (result) {
   3765       return result;
   3766     }
   3767   }
   3768 
   3769   if (selector == TPM_CAP_TPM_PROPERTIES) {
   3770     result = Serialize_TPML_TAGGED_TPM_PROPERTY(value.tpm_properties, buffer);
   3771     if (result) {
   3772       return result;
   3773     }
   3774   }
   3775 
   3776   if (selector == TPM_CAP_PP_COMMANDS) {
   3777     result = Serialize_TPML_CC(value.pp_commands, buffer);
   3778     if (result) {
   3779       return result;
   3780     }
   3781   }
   3782 
   3783   if (selector == TPM_CAP_AUDIT_COMMANDS) {
   3784     result = Serialize_TPML_CC(value.audit_commands, buffer);
   3785     if (result) {
   3786       return result;
   3787     }
   3788   }
   3789 
   3790   if (selector == TPM_CAP_COMMANDS) {
   3791     result = Serialize_TPML_CCA(value.command, buffer);
   3792     if (result) {
   3793       return result;
   3794     }
   3795   }
   3796 
   3797   if (selector == TPM_CAP_ECC_CURVES) {
   3798     result = Serialize_TPML_ECC_CURVE(value.ecc_curves, buffer);
   3799     if (result) {
   3800       return result;
   3801     }
   3802   }
   3803 
   3804   if (selector == TPM_CAP_PCR_PROPERTIES) {
   3805     result = Serialize_TPML_TAGGED_PCR_PROPERTY(value.pcr_properties, buffer);
   3806     if (result) {
   3807       return result;
   3808     }
   3809   }
   3810 
   3811   if (selector == TPM_CAP_HANDLES) {
   3812     result = Serialize_TPML_HANDLE(value.handles, buffer);
   3813     if (result) {
   3814       return result;
   3815     }
   3816   }
   3817 
   3818   if (selector == TPM_CAP_ALGS) {
   3819     result = Serialize_TPML_ALG_PROPERTY(value.algorithms, buffer);
   3820     if (result) {
   3821       return result;
   3822     }
   3823   }
   3824   return result;
   3825 }
   3826 
   3827 TPM_RC Parse_TPMU_CAPABILITIES(std::string* buffer,
   3828                                TPM_CAP selector,
   3829                                TPMU_CAPABILITIES* value,
   3830                                std::string* value_bytes) {
   3831   TPM_RC result = TPM_RC_SUCCESS;
   3832   VLOG(3) << __func__;
   3833 
   3834   if (selector == TPM_CAP_PCRS) {
   3835     result =
   3836         Parse_TPML_PCR_SELECTION(buffer, &value->assigned_pcr, value_bytes);
   3837     if (result) {
   3838       return result;
   3839     }
   3840   }
   3841 
   3842   if (selector == TPM_CAP_TPM_PROPERTIES) {
   3843     result = Parse_TPML_TAGGED_TPM_PROPERTY(buffer, &value->tpm_properties,
   3844                                             value_bytes);
   3845     if (result) {
   3846       return result;
   3847     }
   3848   }
   3849 
   3850   if (selector == TPM_CAP_PP_COMMANDS) {
   3851     result = Parse_TPML_CC(buffer, &value->pp_commands, value_bytes);
   3852     if (result) {
   3853       return result;
   3854     }
   3855   }
   3856 
   3857   if (selector == TPM_CAP_AUDIT_COMMANDS) {
   3858     result = Parse_TPML_CC(buffer, &value->audit_commands, value_bytes);
   3859     if (result) {
   3860       return result;
   3861     }
   3862   }
   3863 
   3864   if (selector == TPM_CAP_COMMANDS) {
   3865     result = Parse_TPML_CCA(buffer, &value->command, value_bytes);
   3866     if (result) {
   3867       return result;
   3868     }
   3869   }
   3870 
   3871   if (selector == TPM_CAP_ECC_CURVES) {
   3872     result = Parse_TPML_ECC_CURVE(buffer, &value->ecc_curves, value_bytes);
   3873     if (result) {
   3874       return result;
   3875     }
   3876   }
   3877 
   3878   if (selector == TPM_CAP_PCR_PROPERTIES) {
   3879     result = Parse_TPML_TAGGED_PCR_PROPERTY(buffer, &value->pcr_properties,
   3880                                             value_bytes);
   3881     if (result) {
   3882       return result;
   3883     }
   3884   }
   3885 
   3886   if (selector == TPM_CAP_HANDLES) {
   3887     result = Parse_TPML_HANDLE(buffer, &value->handles, value_bytes);
   3888     if (result) {
   3889       return result;
   3890     }
   3891   }
   3892 
   3893   if (selector == TPM_CAP_ALGS) {
   3894     result = Parse_TPML_ALG_PROPERTY(buffer, &value->algorithms, value_bytes);
   3895     if (result) {
   3896       return result;
   3897     }
   3898   }
   3899   return result;
   3900 }
   3901 
   3902 TPM_RC Serialize_TPMS_CAPABILITY_DATA(const TPMS_CAPABILITY_DATA& value,
   3903                                       std::string* buffer) {
   3904   TPM_RC result = TPM_RC_SUCCESS;
   3905   VLOG(3) << __func__;
   3906 
   3907   result = Serialize_TPM_CAP(value.capability, buffer);
   3908   if (result) {
   3909     return result;
   3910   }
   3911 
   3912   result = Serialize_TPMU_CAPABILITIES(value.data, value.capability, buffer);
   3913   if (result) {
   3914     return result;
   3915   }
   3916   return result;
   3917 }
   3918 
   3919 TPM_RC Parse_TPMS_CAPABILITY_DATA(std::string* buffer,
   3920                                   TPMS_CAPABILITY_DATA* value,
   3921                                   std::string* value_bytes) {
   3922   TPM_RC result = TPM_RC_SUCCESS;
   3923   VLOG(3) << __func__;
   3924 
   3925   result = Parse_TPM_CAP(buffer, &value->capability, value_bytes);
   3926   if (result) {
   3927     return result;
   3928   }
   3929 
   3930   result = Parse_TPMU_CAPABILITIES(buffer, value->capability, &value->data,
   3931                                    value_bytes);
   3932   if (result) {
   3933     return result;
   3934   }
   3935   return result;
   3936 }
   3937 
   3938 TPM_RC Serialize_TPMS_CLOCK_INFO(const TPMS_CLOCK_INFO& value,
   3939                                  std::string* buffer) {
   3940   TPM_RC result = TPM_RC_SUCCESS;
   3941   VLOG(3) << __func__;
   3942 
   3943   result = Serialize_UINT64(value.clock, buffer);
   3944   if (result) {
   3945     return result;
   3946   }
   3947 
   3948   result = Serialize_UINT32(value.reset_count, buffer);
   3949   if (result) {
   3950     return result;
   3951   }
   3952 
   3953   result = Serialize_UINT32(value.restart_count, buffer);
   3954   if (result) {
   3955     return result;
   3956   }
   3957 
   3958   result = Serialize_TPMI_YES_NO(value.safe, buffer);
   3959   if (result) {
   3960     return result;
   3961   }
   3962   return result;
   3963 }
   3964 
   3965 TPM_RC Parse_TPMS_CLOCK_INFO(std::string* buffer,
   3966                              TPMS_CLOCK_INFO* value,
   3967                              std::string* value_bytes) {
   3968   TPM_RC result = TPM_RC_SUCCESS;
   3969   VLOG(3) << __func__;
   3970 
   3971   result = Parse_UINT64(buffer, &value->clock, value_bytes);
   3972   if (result) {
   3973     return result;
   3974   }
   3975 
   3976   result = Parse_UINT32(buffer, &value->reset_count, value_bytes);
   3977   if (result) {
   3978     return result;
   3979   }
   3980 
   3981   result = Parse_UINT32(buffer, &value->restart_count, value_bytes);
   3982   if (result) {
   3983     return result;
   3984   }
   3985 
   3986   result = Parse_TPMI_YES_NO(buffer, &value->safe, value_bytes);
   3987   if (result) {
   3988     return result;
   3989   }
   3990   return result;
   3991 }
   3992 
   3993 TPM_RC Serialize_TPMS_TIME_INFO(const TPMS_TIME_INFO& value,
   3994                                 std::string* buffer) {
   3995   TPM_RC result = TPM_RC_SUCCESS;
   3996   VLOG(3) << __func__;
   3997 
   3998   result = Serialize_UINT64(value.time, buffer);
   3999   if (result) {
   4000     return result;
   4001   }
   4002 
   4003   result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer);
   4004   if (result) {
   4005     return result;
   4006   }
   4007   return result;
   4008 }
   4009 
   4010 TPM_RC Parse_TPMS_TIME_INFO(std::string* buffer,
   4011                             TPMS_TIME_INFO* value,
   4012                             std::string* value_bytes) {
   4013   TPM_RC result = TPM_RC_SUCCESS;
   4014   VLOG(3) << __func__;
   4015 
   4016   result = Parse_UINT64(buffer, &value->time, value_bytes);
   4017   if (result) {
   4018     return result;
   4019   }
   4020 
   4021   result = Parse_TPMS_CLOCK_INFO(buffer, &value->clock_info, value_bytes);
   4022   if (result) {
   4023     return result;
   4024   }
   4025   return result;
   4026 }
   4027 
   4028 TPM_RC Serialize_TPMS_TIME_ATTEST_INFO(const TPMS_TIME_ATTEST_INFO& value,
   4029                                        std::string* buffer) {
   4030   TPM_RC result = TPM_RC_SUCCESS;
   4031   VLOG(3) << __func__;
   4032 
   4033   result = Serialize_TPMS_TIME_INFO(value.time, buffer);
   4034   if (result) {
   4035     return result;
   4036   }
   4037 
   4038   result = Serialize_UINT64(value.firmware_version, buffer);
   4039   if (result) {
   4040     return result;
   4041   }
   4042   return result;
   4043 }
   4044 
   4045 TPM_RC Parse_TPMS_TIME_ATTEST_INFO(std::string* buffer,
   4046                                    TPMS_TIME_ATTEST_INFO* value,
   4047                                    std::string* value_bytes) {
   4048   TPM_RC result = TPM_RC_SUCCESS;
   4049   VLOG(3) << __func__;
   4050 
   4051   result = Parse_TPMS_TIME_INFO(buffer, &value->time, value_bytes);
   4052   if (result) {
   4053     return result;
   4054   }
   4055 
   4056   result = Parse_UINT64(buffer, &value->firmware_version, value_bytes);
   4057   if (result) {
   4058     return result;
   4059   }
   4060   return result;
   4061 }
   4062 
   4063 TPM_RC Serialize_TPMS_CERTIFY_INFO(const TPMS_CERTIFY_INFO& value,
   4064                                    std::string* buffer) {
   4065   TPM_RC result = TPM_RC_SUCCESS;
   4066   VLOG(3) << __func__;
   4067 
   4068   result = Serialize_TPM2B_NAME(value.name, buffer);
   4069   if (result) {
   4070     return result;
   4071   }
   4072 
   4073   result = Serialize_TPM2B_NAME(value.qualified_name, buffer);
   4074   if (result) {
   4075     return result;
   4076   }
   4077   return result;
   4078 }
   4079 
   4080 TPM_RC Parse_TPMS_CERTIFY_INFO(std::string* buffer,
   4081                                TPMS_CERTIFY_INFO* value,
   4082                                std::string* value_bytes) {
   4083   TPM_RC result = TPM_RC_SUCCESS;
   4084   VLOG(3) << __func__;
   4085 
   4086   result = Parse_TPM2B_NAME(buffer, &value->name, value_bytes);
   4087   if (result) {
   4088     return result;
   4089   }
   4090 
   4091   result = Parse_TPM2B_NAME(buffer, &value->qualified_name, value_bytes);
   4092   if (result) {
   4093     return result;
   4094   }
   4095   return result;
   4096 }
   4097 
   4098 TPM_RC Serialize_TPMS_QUOTE_INFO(const TPMS_QUOTE_INFO& value,
   4099                                  std::string* buffer) {
   4100   TPM_RC result = TPM_RC_SUCCESS;
   4101   VLOG(3) << __func__;
   4102 
   4103   result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer);
   4104   if (result) {
   4105     return result;
   4106   }
   4107 
   4108   result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer);
   4109   if (result) {
   4110     return result;
   4111   }
   4112   return result;
   4113 }
   4114 
   4115 TPM_RC Parse_TPMS_QUOTE_INFO(std::string* buffer,
   4116                              TPMS_QUOTE_INFO* value,
   4117                              std::string* value_bytes) {
   4118   TPM_RC result = TPM_RC_SUCCESS;
   4119   VLOG(3) << __func__;
   4120 
   4121   result = Parse_TPML_PCR_SELECTION(buffer, &value->pcr_select, value_bytes);
   4122   if (result) {
   4123     return result;
   4124   }
   4125 
   4126   result = Parse_TPM2B_DIGEST(buffer, &value->pcr_digest, value_bytes);
   4127   if (result) {
   4128     return result;
   4129   }
   4130   return result;
   4131 }
   4132 
   4133 TPM_RC Serialize_TPMS_COMMAND_AUDIT_INFO(const TPMS_COMMAND_AUDIT_INFO& value,
   4134                                          std::string* buffer) {
   4135   TPM_RC result = TPM_RC_SUCCESS;
   4136   VLOG(3) << __func__;
   4137 
   4138   result = Serialize_UINT64(value.audit_counter, buffer);
   4139   if (result) {
   4140     return result;
   4141   }
   4142 
   4143   result = Serialize_TPM_ALG_ID(value.digest_alg, buffer);
   4144   if (result) {
   4145     return result;
   4146   }
   4147 
   4148   result = Serialize_TPM2B_DIGEST(value.audit_digest, buffer);
   4149   if (result) {
   4150     return result;
   4151   }
   4152 
   4153   result = Serialize_TPM2B_DIGEST(value.command_digest, buffer);
   4154   if (result) {
   4155     return result;
   4156   }
   4157   return result;
   4158 }
   4159 
   4160 TPM_RC Parse_TPMS_COMMAND_AUDIT_INFO(std::string* buffer,
   4161                                      TPMS_COMMAND_AUDIT_INFO* value,
   4162                                      std::string* value_bytes) {
   4163   TPM_RC result = TPM_RC_SUCCESS;
   4164   VLOG(3) << __func__;
   4165 
   4166   result = Parse_UINT64(buffer, &value->audit_counter, value_bytes);
   4167   if (result) {
   4168     return result;
   4169   }
   4170 
   4171   result = Parse_TPM_ALG_ID(buffer, &value->digest_alg, value_bytes);
   4172   if (result) {
   4173     return result;
   4174   }
   4175 
   4176   result = Parse_TPM2B_DIGEST(buffer, &value->audit_digest, value_bytes);
   4177   if (result) {
   4178     return result;
   4179   }
   4180 
   4181   result = Parse_TPM2B_DIGEST(buffer, &value->command_digest, value_bytes);
   4182   if (result) {
   4183     return result;
   4184   }
   4185   return result;
   4186 }
   4187 
   4188 TPM_RC Serialize_TPMS_SESSION_AUDIT_INFO(const TPMS_SESSION_AUDIT_INFO& value,
   4189                                          std::string* buffer) {
   4190   TPM_RC result = TPM_RC_SUCCESS;
   4191   VLOG(3) << __func__;
   4192 
   4193   result = Serialize_TPMI_YES_NO(value.exclusive_session, buffer);
   4194   if (result) {
   4195     return result;
   4196   }
   4197 
   4198   result = Serialize_TPM2B_DIGEST(value.session_digest, buffer);
   4199   if (result) {
   4200     return result;
   4201   }
   4202   return result;
   4203 }
   4204 
   4205 TPM_RC Parse_TPMS_SESSION_AUDIT_INFO(std::string* buffer,
   4206                                      TPMS_SESSION_AUDIT_INFO* value,
   4207                                      std::string* value_bytes) {
   4208   TPM_RC result = TPM_RC_SUCCESS;
   4209   VLOG(3) << __func__;
   4210 
   4211   result = Parse_TPMI_YES_NO(buffer, &value->exclusive_session, value_bytes);
   4212   if (result) {
   4213     return result;
   4214   }
   4215 
   4216   result = Parse_TPM2B_DIGEST(buffer, &value->session_digest, value_bytes);
   4217   if (result) {
   4218     return result;
   4219   }
   4220   return result;
   4221 }
   4222 
   4223 TPM_RC Serialize_TPMS_CREATION_INFO(const TPMS_CREATION_INFO& value,
   4224                                     std::string* buffer) {
   4225   TPM_RC result = TPM_RC_SUCCESS;
   4226   VLOG(3) << __func__;
   4227 
   4228   result = Serialize_TPM2B_NAME(value.object_name, buffer);
   4229   if (result) {
   4230     return result;
   4231   }
   4232 
   4233   result = Serialize_TPM2B_DIGEST(value.creation_hash, buffer);
   4234   if (result) {
   4235     return result;
   4236   }
   4237   return result;
   4238 }
   4239 
   4240 TPM_RC Parse_TPMS_CREATION_INFO(std::string* buffer,
   4241                                 TPMS_CREATION_INFO* value,
   4242                                 std::string* value_bytes) {
   4243   TPM_RC result = TPM_RC_SUCCESS;
   4244   VLOG(3) << __func__;
   4245 
   4246   result = Parse_TPM2B_NAME(buffer, &value->object_name, value_bytes);
   4247   if (result) {
   4248     return result;
   4249   }
   4250 
   4251   result = Parse_TPM2B_DIGEST(buffer, &value->creation_hash, value_bytes);
   4252   if (result) {
   4253     return result;
   4254   }
   4255   return result;
   4256 }
   4257 
   4258 TPM_RC Serialize_TPMS_NV_CERTIFY_INFO(const TPMS_NV_CERTIFY_INFO& value,
   4259                                       std::string* buffer) {
   4260   TPM_RC result = TPM_RC_SUCCESS;
   4261   VLOG(3) << __func__;
   4262 
   4263   result = Serialize_TPM2B_NAME(value.index_name, buffer);
   4264   if (result) {
   4265     return result;
   4266   }
   4267 
   4268   result = Serialize_UINT16(value.offset, buffer);
   4269   if (result) {
   4270     return result;
   4271   }
   4272 
   4273   result = Serialize_TPM2B_MAX_NV_BUFFER(value.nv_contents, buffer);
   4274   if (result) {
   4275     return result;
   4276   }
   4277   return result;
   4278 }
   4279 
   4280 TPM_RC Parse_TPMS_NV_CERTIFY_INFO(std::string* buffer,
   4281                                   TPMS_NV_CERTIFY_INFO* value,
   4282                                   std::string* value_bytes) {
   4283   TPM_RC result = TPM_RC_SUCCESS;
   4284   VLOG(3) << __func__;
   4285 
   4286   result = Parse_TPM2B_NAME(buffer, &value->index_name, value_bytes);
   4287   if (result) {
   4288     return result;
   4289   }
   4290 
   4291   result = Parse_UINT16(buffer, &value->offset, value_bytes);
   4292   if (result) {
   4293     return result;
   4294   }
   4295 
   4296   result = Parse_TPM2B_MAX_NV_BUFFER(buffer, &value->nv_contents, value_bytes);
   4297   if (result) {
   4298     return result;
   4299   }
   4300   return result;
   4301 }
   4302 
   4303 TPM_RC Serialize_TPMU_ATTEST(const TPMU_ATTEST& value,
   4304                              TPMI_ST_ATTEST selector,
   4305                              std::string* buffer) {
   4306   TPM_RC result = TPM_RC_SUCCESS;
   4307   VLOG(3) << __func__;
   4308 
   4309   if (selector == TPM_ST_ATTEST_SESSION_AUDIT) {
   4310     result = Serialize_TPMS_SESSION_AUDIT_INFO(value.session_audit, buffer);
   4311     if (result) {
   4312       return result;
   4313     }
   4314   }
   4315 
   4316   if (selector == TPM_ST_ATTEST_QUOTE) {
   4317     result = Serialize_TPMS_QUOTE_INFO(value.quote, buffer);
   4318     if (result) {
   4319       return result;
   4320     }
   4321   }
   4322 
   4323   if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) {
   4324     result = Serialize_TPMS_COMMAND_AUDIT_INFO(value.command_audit, buffer);
   4325     if (result) {
   4326       return result;
   4327     }
   4328   }
   4329 
   4330   if (selector == TPM_ST_ATTEST_CERTIFY) {
   4331     result = Serialize_TPMS_CERTIFY_INFO(value.certify, buffer);
   4332     if (result) {
   4333       return result;
   4334     }
   4335   }
   4336 
   4337   if (selector == TPM_ST_ATTEST_NV) {
   4338     result = Serialize_TPMS_NV_CERTIFY_INFO(value.nv, buffer);
   4339     if (result) {
   4340       return result;
   4341     }
   4342   }
   4343 
   4344   if (selector == TPM_ST_ATTEST_TIME) {
   4345     result = Serialize_TPMS_TIME_ATTEST_INFO(value.time, buffer);
   4346     if (result) {
   4347       return result;
   4348     }
   4349   }
   4350 
   4351   if (selector == TPM_ST_ATTEST_CREATION) {
   4352     result = Serialize_TPMS_CREATION_INFO(value.creation, buffer);
   4353     if (result) {
   4354       return result;
   4355     }
   4356   }
   4357   return result;
   4358 }
   4359 
   4360 TPM_RC Parse_TPMU_ATTEST(std::string* buffer,
   4361                          TPMI_ST_ATTEST selector,
   4362                          TPMU_ATTEST* value,
   4363                          std::string* value_bytes) {
   4364   TPM_RC result = TPM_RC_SUCCESS;
   4365   VLOG(3) << __func__;
   4366 
   4367   if (selector == TPM_ST_ATTEST_SESSION_AUDIT) {
   4368     result = Parse_TPMS_SESSION_AUDIT_INFO(buffer, &value->session_audit,
   4369                                            value_bytes);
   4370     if (result) {
   4371       return result;
   4372     }
   4373   }
   4374 
   4375   if (selector == TPM_ST_ATTEST_QUOTE) {
   4376     result = Parse_TPMS_QUOTE_INFO(buffer, &value->quote, value_bytes);
   4377     if (result) {
   4378       return result;
   4379     }
   4380   }
   4381 
   4382   if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) {
   4383     result = Parse_TPMS_COMMAND_AUDIT_INFO(buffer, &value->command_audit,
   4384                                            value_bytes);
   4385     if (result) {
   4386       return result;
   4387     }
   4388   }
   4389 
   4390   if (selector == TPM_ST_ATTEST_CERTIFY) {
   4391     result = Parse_TPMS_CERTIFY_INFO(buffer, &value->certify, value_bytes);
   4392     if (result) {
   4393       return result;
   4394     }
   4395   }
   4396 
   4397   if (selector == TPM_ST_ATTEST_NV) {
   4398     result = Parse_TPMS_NV_CERTIFY_INFO(buffer, &value->nv, value_bytes);
   4399     if (result) {
   4400       return result;
   4401     }
   4402   }
   4403 
   4404   if (selector == TPM_ST_ATTEST_TIME) {
   4405     result = Parse_TPMS_TIME_ATTEST_INFO(buffer, &value->time, value_bytes);
   4406     if (result) {
   4407       return result;
   4408     }
   4409   }
   4410 
   4411   if (selector == TPM_ST_ATTEST_CREATION) {
   4412     result = Parse_TPMS_CREATION_INFO(buffer, &value->creation, value_bytes);
   4413     if (result) {
   4414       return result;
   4415     }
   4416   }
   4417   return result;
   4418 }
   4419 
   4420 TPM_RC Serialize_TPMS_ATTEST(const TPMS_ATTEST& value, std::string* buffer) {
   4421   TPM_RC result = TPM_RC_SUCCESS;
   4422   VLOG(3) << __func__;
   4423 
   4424   result = Serialize_TPM_GENERATED(value.magic, buffer);
   4425   if (result) {
   4426     return result;
   4427   }
   4428 
   4429   result = Serialize_TPMI_ST_ATTEST(value.type, buffer);
   4430   if (result) {
   4431     return result;
   4432   }
   4433 
   4434   result = Serialize_TPM2B_NAME(value.qualified_signer, buffer);
   4435   if (result) {
   4436     return result;
   4437   }
   4438 
   4439   result = Serialize_TPM2B_DATA(value.extra_data, buffer);
   4440   if (result) {
   4441     return result;
   4442   }
   4443 
   4444   result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer);
   4445   if (result) {
   4446     return result;
   4447   }
   4448 
   4449   result = Serialize_UINT64(value.firmware_version, buffer);
   4450   if (result) {
   4451     return result;
   4452   }
   4453 
   4454   result = Serialize_TPMU_ATTEST(value.attested, value.type, buffer);
   4455   if (result) {
   4456     return result;
   4457   }
   4458   return result;
   4459 }
   4460 
   4461 TPM_RC Parse_TPMS_ATTEST(std::string* buffer,
   4462                          TPMS_ATTEST* value,
   4463                          std::string* value_bytes) {
   4464   TPM_RC result = TPM_RC_SUCCESS;
   4465   VLOG(3) << __func__;
   4466 
   4467   result = Parse_TPM_GENERATED(buffer, &value->magic, value_bytes);
   4468   if (result) {
   4469     return result;
   4470   }
   4471 
   4472   result = Parse_TPMI_ST_ATTEST(buffer, &value->type, value_bytes);
   4473   if (result) {
   4474     return result;
   4475   }
   4476 
   4477   result = Parse_TPM2B_NAME(buffer, &value->qualified_signer, value_bytes);
   4478   if (result) {
   4479     return result;
   4480   }
   4481 
   4482   result = Parse_TPM2B_DATA(buffer, &value->extra_data, value_bytes);
   4483   if (result) {
   4484     return result;
   4485   }
   4486 
   4487   result = Parse_TPMS_CLOCK_INFO(buffer, &value->clock_info, value_bytes);
   4488   if (result) {
   4489     return result;
   4490   }
   4491 
   4492   result = Parse_UINT64(buffer, &value->firmware_version, value_bytes);
   4493   if (result) {
   4494     return result;
   4495   }
   4496 
   4497   result =
   4498       Parse_TPMU_ATTEST(buffer, value->type, &value->attested, value_bytes);
   4499   if (result) {
   4500     return result;
   4501   }
   4502   return result;
   4503 }
   4504 
   4505 TPM_RC Serialize_TPM2B_ATTEST(const TPM2B_ATTEST& value, std::string* buffer) {
   4506   TPM_RC result = TPM_RC_SUCCESS;
   4507   VLOG(3) << __func__;
   4508 
   4509   result = Serialize_UINT16(value.size, buffer);
   4510   if (result) {
   4511     return result;
   4512   }
   4513 
   4514   if (arraysize(value.attestation_data) < value.size) {
   4515     return TPM_RC_INSUFFICIENT;
   4516   }
   4517   for (uint32_t i = 0; i < value.size; ++i) {
   4518     result = Serialize_BYTE(value.attestation_data[i], buffer);
   4519     if (result) {
   4520       return result;
   4521     }
   4522   }
   4523   return result;
   4524 }
   4525 
   4526 TPM_RC Parse_TPM2B_ATTEST(std::string* buffer,
   4527                           TPM2B_ATTEST* value,
   4528                           std::string* value_bytes) {
   4529   TPM_RC result = TPM_RC_SUCCESS;
   4530   VLOG(3) << __func__;
   4531 
   4532   result = Parse_UINT16(buffer, &value->size, value_bytes);
   4533   if (result) {
   4534     return result;
   4535   }
   4536 
   4537   if (arraysize(value->attestation_data) < value->size) {
   4538     return TPM_RC_INSUFFICIENT;
   4539   }
   4540   for (uint32_t i = 0; i < value->size; ++i) {
   4541     result = Parse_BYTE(buffer, &value->attestation_data[i], value_bytes);
   4542     if (result) {
   4543       return result;
   4544     }
   4545   }
   4546   return result;
   4547 }
   4548 
   4549 TPM2B_ATTEST Make_TPM2B_ATTEST(const std::string& bytes) {
   4550   TPM2B_ATTEST tpm2b;
   4551   CHECK(bytes.size() <= sizeof(tpm2b.attestation_data));
   4552   memset(&tpm2b, 0, sizeof(TPM2B_ATTEST));
   4553   tpm2b.size = bytes.size();
   4554   memcpy(tpm2b.attestation_data, bytes.data(), bytes.size());
   4555   return tpm2b;
   4556 }
   4557 
   4558 std::string StringFrom_TPM2B_ATTEST(const TPM2B_ATTEST& tpm2b) {
   4559   const char* char_buffer =
   4560       reinterpret_cast<const char*>(tpm2b.attestation_data);
   4561   return std::string(char_buffer, tpm2b.size);
   4562 }
   4563 
   4564 TPM_RC Serialize_TPMS_AUTH_COMMAND(const TPMS_AUTH_COMMAND& value,
   4565                                    std::string* buffer) {
   4566   TPM_RC result = TPM_RC_SUCCESS;
   4567   VLOG(3) << __func__;
   4568 
   4569   result = Serialize_TPMI_SH_AUTH_SESSION(value.session_handle, buffer);
   4570   if (result) {
   4571     return result;
   4572   }
   4573 
   4574   result = Serialize_TPM2B_NONCE(value.nonce, buffer);
   4575   if (result) {
   4576     return result;
   4577   }
   4578 
   4579   result = Serialize_TPMA_SESSION(value.session_attributes, buffer);
   4580   if (result) {
   4581     return result;
   4582   }
   4583 
   4584   result = Serialize_TPM2B_AUTH(value.hmac, buffer);
   4585   if (result) {
   4586     return result;
   4587   }
   4588   return result;
   4589 }
   4590 
   4591 TPM_RC Parse_TPMS_AUTH_COMMAND(std::string* buffer,
   4592                                TPMS_AUTH_COMMAND* value,
   4593                                std::string* value_bytes) {
   4594   TPM_RC result = TPM_RC_SUCCESS;
   4595   VLOG(3) << __func__;
   4596 
   4597   result =
   4598       Parse_TPMI_SH_AUTH_SESSION(buffer, &value->session_handle, value_bytes);
   4599   if (result) {
   4600     return result;
   4601   }
   4602 
   4603   result = Parse_TPM2B_NONCE(buffer, &value->nonce, value_bytes);
   4604   if (result) {
   4605     return result;
   4606   }
   4607 
   4608   result = Parse_TPMA_SESSION(buffer, &value->session_attributes, value_bytes);
   4609   if (result) {
   4610     return result;
   4611   }
   4612 
   4613   result = Parse_TPM2B_AUTH(buffer, &value->hmac, value_bytes);
   4614   if (result) {
   4615     return result;
   4616   }
   4617   return result;
   4618 }
   4619 
   4620 TPM_RC Serialize_TPMS_AUTH_RESPONSE(const TPMS_AUTH_RESPONSE& value,
   4621                                     std::string* buffer) {
   4622   TPM_RC result = TPM_RC_SUCCESS;
   4623   VLOG(3) << __func__;
   4624 
   4625   result = Serialize_TPM2B_NONCE(value.nonce, buffer);
   4626   if (result) {
   4627     return result;
   4628   }
   4629 
   4630   result = Serialize_TPMA_SESSION(value.session_attributes, buffer);
   4631   if (result) {
   4632     return result;
   4633   }
   4634 
   4635   result = Serialize_TPM2B_AUTH(value.hmac, buffer);
   4636   if (result) {
   4637     return result;
   4638   }
   4639   return result;
   4640 }
   4641 
   4642 TPM_RC Parse_TPMS_AUTH_RESPONSE(std::string* buffer,
   4643                                 TPMS_AUTH_RESPONSE* value,
   4644                                 std::string* value_bytes) {
   4645   TPM_RC result = TPM_RC_SUCCESS;
   4646   VLOG(3) << __func__;
   4647 
   4648   result = Parse_TPM2B_NONCE(buffer, &value->nonce, value_bytes);
   4649   if (result) {
   4650     return result;
   4651   }
   4652 
   4653   result = Parse_TPMA_SESSION(buffer, &value->session_attributes, value_bytes);
   4654   if (result) {
   4655     return result;
   4656   }
   4657 
   4658   result = Parse_TPM2B_AUTH(buffer, &value->hmac, value_bytes);
   4659   if (result) {
   4660     return result;
   4661   }
   4662   return result;
   4663 }
   4664 
   4665 TPM_RC Serialize_TPMU_SYM_KEY_BITS(const TPMU_SYM_KEY_BITS& value,
   4666                                    TPMI_ALG_SYM selector,
   4667                                    std::string* buffer) {
   4668   TPM_RC result = TPM_RC_SUCCESS;
   4669   VLOG(3) << __func__;
   4670 
   4671   if (selector == TPM_ALG_NULL) {
   4672     // Do nothing.
   4673   }
   4674 
   4675   if (selector == TPM_ALG_SM4) {
   4676     result = Serialize_TPMI_SM4_KEY_BITS(value.sm4, buffer);
   4677     if (result) {
   4678       return result;
   4679     }
   4680   }
   4681 
   4682   if (selector == TPM_ALG_AES) {
   4683     result = Serialize_TPMI_AES_KEY_BITS(value.aes, buffer);
   4684     if (result) {
   4685       return result;
   4686     }
   4687   }
   4688 
   4689   if (selector == TPM_ALG_XOR) {
   4690     result = Serialize_TPMI_ALG_HASH(value.xor_, buffer);
   4691     if (result) {
   4692       return result;
   4693     }
   4694   }
   4695   return result;
   4696 }
   4697 
   4698 TPM_RC Parse_TPMU_SYM_KEY_BITS(std::string* buffer,
   4699                                TPMI_ALG_SYM selector,
   4700                                TPMU_SYM_KEY_BITS* value,
   4701                                std::string* value_bytes) {
   4702   TPM_RC result = TPM_RC_SUCCESS;
   4703   VLOG(3) << __func__;
   4704 
   4705   if (selector == TPM_ALG_NULL) {
   4706     // Do nothing.
   4707   }
   4708 
   4709   if (selector == TPM_ALG_SM4) {
   4710     result = Parse_TPMI_SM4_KEY_BITS(buffer, &value->sm4, value_bytes);
   4711     if (result) {
   4712       return result;
   4713     }
   4714   }
   4715 
   4716   if (selector == TPM_ALG_AES) {
   4717     result = Parse_TPMI_AES_KEY_BITS(buffer, &value->aes, value_bytes);
   4718     if (result) {
   4719       return result;
   4720     }
   4721   }
   4722 
   4723   if (selector == TPM_ALG_XOR) {
   4724     result = Parse_TPMI_ALG_HASH(buffer, &value->xor_, value_bytes);
   4725     if (result) {
   4726       return result;
   4727     }
   4728   }
   4729   return result;
   4730 }
   4731 
   4732 TPM_RC Serialize_TPMU_SYM_MODE(const TPMU_SYM_MODE& value,
   4733                                TPMI_ALG_SYM selector,
   4734                                std::string* buffer) {
   4735   TPM_RC result = TPM_RC_SUCCESS;
   4736   VLOG(3) << __func__;
   4737 
   4738   if (selector == TPM_ALG_NULL) {
   4739     // Do nothing.
   4740   }
   4741 
   4742   if (selector == TPM_ALG_SM4) {
   4743     result = Serialize_TPMI_ALG_SYM_MODE(value.sm4, buffer);
   4744     if (result) {
   4745       return result;
   4746     }
   4747   }
   4748 
   4749   if (selector == TPM_ALG_AES) {
   4750     result = Serialize_TPMI_ALG_SYM_MODE(value.aes, buffer);
   4751     if (result) {
   4752       return result;
   4753     }
   4754   }
   4755 
   4756   if (selector == TPM_ALG_XOR) {
   4757     // Do nothing.
   4758   }
   4759   return result;
   4760 }
   4761 
   4762 TPM_RC Parse_TPMU_SYM_MODE(std::string* buffer,
   4763                            TPMI_ALG_SYM selector,
   4764                            TPMU_SYM_MODE* value,
   4765                            std::string* value_bytes) {
   4766   TPM_RC result = TPM_RC_SUCCESS;
   4767   VLOG(3) << __func__;
   4768 
   4769   if (selector == TPM_ALG_NULL) {
   4770     // Do nothing.
   4771   }
   4772 
   4773   if (selector == TPM_ALG_SM4) {
   4774     result = Parse_TPMI_ALG_SYM_MODE(buffer, &value->sm4, value_bytes);
   4775     if (result) {
   4776       return result;
   4777     }
   4778   }
   4779 
   4780   if (selector == TPM_ALG_AES) {
   4781     result = Parse_TPMI_ALG_SYM_MODE(buffer, &value->aes, value_bytes);
   4782     if (result) {
   4783       return result;
   4784     }
   4785   }
   4786 
   4787   if (selector == TPM_ALG_XOR) {
   4788     // Do nothing.
   4789   }
   4790   return result;
   4791 }
   4792 
   4793 TPM_RC Serialize_TPMU_SYM_DETAILS(const TPMU_SYM_DETAILS& value,
   4794                                   TPMI_ALG_SYM selector,
   4795                                   std::string* buffer) {
   4796   TPM_RC result = TPM_RC_SUCCESS;
   4797   VLOG(3) << __func__;
   4798   return result;
   4799 }
   4800 
   4801 TPM_RC Parse_TPMU_SYM_DETAILS(std::string* buffer,
   4802                               TPMI_ALG_SYM selector,
   4803                               TPMU_SYM_DETAILS* value,
   4804                               std::string* value_bytes) {
   4805   TPM_RC result = TPM_RC_SUCCESS;
   4806   VLOG(3) << __func__;
   4807   return result;
   4808 }
   4809 
   4810 TPM_RC Serialize_TPMT_SYM_DEF(const TPMT_SYM_DEF& value, std::string* buffer) {
   4811   TPM_RC result = TPM_RC_SUCCESS;
   4812   VLOG(3) << __func__;
   4813 
   4814   result = Serialize_TPMI_ALG_SYM(value.algorithm, buffer);
   4815   if (result) {
   4816     return result;
   4817   }
   4818 
   4819   result = Serialize_TPMU_SYM_KEY_BITS(value.key_bits, value.algorithm, buffer);
   4820   if (result) {
   4821     return result;
   4822   }
   4823 
   4824   result = Serialize_TPMU_SYM_MODE(value.mode, value.algorithm, buffer);
   4825   if (result) {
   4826     return result;
   4827   }
   4828 
   4829   result = Serialize_TPMU_SYM_DETAILS(value.details, value.algorithm, buffer);
   4830   if (result) {
   4831     return result;
   4832   }
   4833   return result;
   4834 }
   4835 
   4836 TPM_RC Parse_TPMT_SYM_DEF(std::string* buffer,
   4837                           TPMT_SYM_DEF* value,
   4838                           std::string* value_bytes) {
   4839   TPM_RC result = TPM_RC_SUCCESS;
   4840   VLOG(3) << __func__;
   4841 
   4842   result = Parse_TPMI_ALG_SYM(buffer, &value->algorithm, value_bytes);
   4843   if (result) {
   4844     return result;
   4845   }
   4846 
   4847   result = Parse_TPMU_SYM_KEY_BITS(buffer, value->algorithm, &value->key_bits,
   4848                                    value_bytes);
   4849   if (result) {
   4850     return result;
   4851   }
   4852 
   4853   result =
   4854       Parse_TPMU_SYM_MODE(buffer, value->algorithm, &value->mode, value_bytes);
   4855   if (result) {
   4856     return result;
   4857   }
   4858 
   4859   result = Parse_TPMU_SYM_DETAILS(buffer, value->algorithm, &value->details,
   4860                                   value_bytes);
   4861   if (result) {
   4862     return result;
   4863   }
   4864   return result;
   4865 }
   4866 
   4867 TPM_RC Serialize_TPMT_SYM_DEF_OBJECT(const TPMT_SYM_DEF_OBJECT& value,
   4868                                      std::string* buffer) {
   4869   TPM_RC result = TPM_RC_SUCCESS;
   4870   VLOG(3) << __func__;
   4871 
   4872   result = Serialize_TPMI_ALG_SYM_OBJECT(value.algorithm, buffer);
   4873   if (result) {
   4874     return result;
   4875   }
   4876 
   4877   result = Serialize_TPMU_SYM_KEY_BITS(value.key_bits, value.algorithm, buffer);
   4878   if (result) {
   4879     return result;
   4880   }
   4881 
   4882   result = Serialize_TPMU_SYM_MODE(value.mode, value.algorithm, buffer);
   4883   if (result) {
   4884     return result;
   4885   }
   4886 
   4887   result = Serialize_TPMU_SYM_DETAILS(value.details, value.algorithm, buffer);
   4888   if (result) {
   4889     return result;
   4890   }
   4891   return result;
   4892 }
   4893 
   4894 TPM_RC Parse_TPMT_SYM_DEF_OBJECT(std::string* buffer,
   4895                                  TPMT_SYM_DEF_OBJECT* value,
   4896                                  std::string* value_bytes) {
   4897   TPM_RC result = TPM_RC_SUCCESS;
   4898   VLOG(3) << __func__;
   4899 
   4900   result = Parse_TPMI_ALG_SYM_OBJECT(buffer, &value->algorithm, value_bytes);
   4901   if (result) {
   4902     return result;
   4903   }
   4904 
   4905   result = Parse_TPMU_SYM_KEY_BITS(buffer, value->algorithm, &value->key_bits,
   4906                                    value_bytes);
   4907   if (result) {
   4908     return result;
   4909   }
   4910 
   4911   result =
   4912       Parse_TPMU_SYM_MODE(buffer, value->algorithm, &value->mode, value_bytes);
   4913   if (result) {
   4914     return result;
   4915   }
   4916 
   4917   result = Parse_TPMU_SYM_DETAILS(buffer, value->algorithm, &value->details,
   4918                                   value_bytes);
   4919   if (result) {
   4920     return result;
   4921   }
   4922   return result;
   4923 }
   4924 
   4925 TPM_RC Serialize_TPM2B_SYM_KEY(const TPM2B_SYM_KEY& value,
   4926                                std::string* buffer) {
   4927   TPM_RC result = TPM_RC_SUCCESS;
   4928   VLOG(3) << __func__;
   4929 
   4930   result = Serialize_UINT16(value.size, buffer);
   4931   if (result) {
   4932     return result;
   4933   }
   4934 
   4935   if (arraysize(value.buffer) < value.size) {
   4936     return TPM_RC_INSUFFICIENT;
   4937   }
   4938   for (uint32_t i = 0; i < value.size; ++i) {
   4939     result = Serialize_BYTE(value.buffer[i], buffer);
   4940     if (result) {
   4941       return result;
   4942     }
   4943   }
   4944   return result;
   4945 }
   4946 
   4947 TPM_RC Parse_TPM2B_SYM_KEY(std::string* buffer,
   4948                            TPM2B_SYM_KEY* value,
   4949                            std::string* value_bytes) {
   4950   TPM_RC result = TPM_RC_SUCCESS;
   4951   VLOG(3) << __func__;
   4952 
   4953   result = Parse_UINT16(buffer, &value->size, value_bytes);
   4954   if (result) {
   4955     return result;
   4956   }
   4957 
   4958   if (arraysize(value->buffer) < value->size) {
   4959     return TPM_RC_INSUFFICIENT;
   4960   }
   4961   for (uint32_t i = 0; i < value->size; ++i) {
   4962     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   4963     if (result) {
   4964       return result;
   4965     }
   4966   }
   4967   return result;
   4968 }
   4969 
   4970 TPM2B_SYM_KEY Make_TPM2B_SYM_KEY(const std::string& bytes) {
   4971   TPM2B_SYM_KEY tpm2b;
   4972   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   4973   memset(&tpm2b, 0, sizeof(TPM2B_SYM_KEY));
   4974   tpm2b.size = bytes.size();
   4975   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   4976   return tpm2b;
   4977 }
   4978 
   4979 std::string StringFrom_TPM2B_SYM_KEY(const TPM2B_SYM_KEY& tpm2b) {
   4980   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   4981   return std::string(char_buffer, tpm2b.size);
   4982 }
   4983 
   4984 TPM_RC Serialize_TPMS_SYMCIPHER_PARMS(const TPMS_SYMCIPHER_PARMS& value,
   4985                                       std::string* buffer) {
   4986   TPM_RC result = TPM_RC_SUCCESS;
   4987   VLOG(3) << __func__;
   4988 
   4989   result = Serialize_TPMT_SYM_DEF_OBJECT(value.sym, buffer);
   4990   if (result) {
   4991     return result;
   4992   }
   4993   return result;
   4994 }
   4995 
   4996 TPM_RC Parse_TPMS_SYMCIPHER_PARMS(std::string* buffer,
   4997                                   TPMS_SYMCIPHER_PARMS* value,
   4998                                   std::string* value_bytes) {
   4999   TPM_RC result = TPM_RC_SUCCESS;
   5000   VLOG(3) << __func__;
   5001 
   5002   result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->sym, value_bytes);
   5003   if (result) {
   5004     return result;
   5005   }
   5006   return result;
   5007 }
   5008 
   5009 TPM_RC Serialize_TPM2B_SENSITIVE_DATA(const TPM2B_SENSITIVE_DATA& value,
   5010                                       std::string* buffer) {
   5011   TPM_RC result = TPM_RC_SUCCESS;
   5012   VLOG(3) << __func__;
   5013 
   5014   result = Serialize_UINT16(value.size, buffer);
   5015   if (result) {
   5016     return result;
   5017   }
   5018 
   5019   if (arraysize(value.buffer) < value.size) {
   5020     return TPM_RC_INSUFFICIENT;
   5021   }
   5022   for (uint32_t i = 0; i < value.size; ++i) {
   5023     result = Serialize_BYTE(value.buffer[i], buffer);
   5024     if (result) {
   5025       return result;
   5026     }
   5027   }
   5028   return result;
   5029 }
   5030 
   5031 TPM_RC Parse_TPM2B_SENSITIVE_DATA(std::string* buffer,
   5032                                   TPM2B_SENSITIVE_DATA* value,
   5033                                   std::string* value_bytes) {
   5034   TPM_RC result = TPM_RC_SUCCESS;
   5035   VLOG(3) << __func__;
   5036 
   5037   result = Parse_UINT16(buffer, &value->size, value_bytes);
   5038   if (result) {
   5039     return result;
   5040   }
   5041 
   5042   if (arraysize(value->buffer) < value->size) {
   5043     return TPM_RC_INSUFFICIENT;
   5044   }
   5045   for (uint32_t i = 0; i < value->size; ++i) {
   5046     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   5047     if (result) {
   5048       return result;
   5049     }
   5050   }
   5051   return result;
   5052 }
   5053 
   5054 TPM2B_SENSITIVE_DATA Make_TPM2B_SENSITIVE_DATA(const std::string& bytes) {
   5055   TPM2B_SENSITIVE_DATA tpm2b;
   5056   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   5057   memset(&tpm2b, 0, sizeof(TPM2B_SENSITIVE_DATA));
   5058   tpm2b.size = bytes.size();
   5059   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   5060   return tpm2b;
   5061 }
   5062 
   5063 std::string StringFrom_TPM2B_SENSITIVE_DATA(const TPM2B_SENSITIVE_DATA& tpm2b) {
   5064   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   5065   return std::string(char_buffer, tpm2b.size);
   5066 }
   5067 
   5068 TPM_RC Serialize_TPMS_SENSITIVE_CREATE(const TPMS_SENSITIVE_CREATE& value,
   5069                                        std::string* buffer) {
   5070   TPM_RC result = TPM_RC_SUCCESS;
   5071   VLOG(3) << __func__;
   5072 
   5073   result = Serialize_TPM2B_AUTH(value.user_auth, buffer);
   5074   if (result) {
   5075     return result;
   5076   }
   5077 
   5078   result = Serialize_TPM2B_SENSITIVE_DATA(value.data, buffer);
   5079   if (result) {
   5080     return result;
   5081   }
   5082   return result;
   5083 }
   5084 
   5085 TPM_RC Parse_TPMS_SENSITIVE_CREATE(std::string* buffer,
   5086                                    TPMS_SENSITIVE_CREATE* value,
   5087                                    std::string* value_bytes) {
   5088   TPM_RC result = TPM_RC_SUCCESS;
   5089   VLOG(3) << __func__;
   5090 
   5091   result = Parse_TPM2B_AUTH(buffer, &value->user_auth, value_bytes);
   5092   if (result) {
   5093     return result;
   5094   }
   5095 
   5096   result = Parse_TPM2B_SENSITIVE_DATA(buffer, &value->data, value_bytes);
   5097   if (result) {
   5098     return result;
   5099   }
   5100   return result;
   5101 }
   5102 
   5103 TPM_RC Serialize_TPM2B_SENSITIVE_CREATE(const TPM2B_SENSITIVE_CREATE& value,
   5104                                         std::string* buffer) {
   5105   TPM_RC result = TPM_RC_SUCCESS;
   5106   VLOG(3) << __func__;
   5107 
   5108   std::string field_bytes;
   5109   result = Serialize_TPMS_SENSITIVE_CREATE(value.sensitive, &field_bytes);
   5110   if (result) {
   5111     return result;
   5112   }
   5113   std::string size_bytes;
   5114   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   5115   if (result) {
   5116     return result;
   5117   }
   5118   buffer->append(size_bytes + field_bytes);
   5119   return result;
   5120 }
   5121 
   5122 TPM_RC Parse_TPM2B_SENSITIVE_CREATE(std::string* buffer,
   5123                                     TPM2B_SENSITIVE_CREATE* value,
   5124                                     std::string* value_bytes) {
   5125   TPM_RC result = TPM_RC_SUCCESS;
   5126   VLOG(3) << __func__;
   5127 
   5128   result = Parse_UINT16(buffer, &value->size, value_bytes);
   5129   if (result) {
   5130     return result;
   5131   }
   5132 
   5133   result = Parse_TPMS_SENSITIVE_CREATE(buffer, &value->sensitive, value_bytes);
   5134   if (result) {
   5135     return result;
   5136   }
   5137   return result;
   5138 }
   5139 
   5140 TPM2B_SENSITIVE_CREATE Make_TPM2B_SENSITIVE_CREATE(
   5141     const TPMS_SENSITIVE_CREATE& inner) {
   5142   TPM2B_SENSITIVE_CREATE tpm2b;
   5143   tpm2b.size = sizeof(TPMS_SENSITIVE_CREATE);
   5144   tpm2b.sensitive = inner;
   5145   return tpm2b;
   5146 }
   5147 
   5148 TPM_RC Serialize_TPMS_SCHEME_XOR(const TPMS_SCHEME_XOR& value,
   5149                                  std::string* buffer) {
   5150   TPM_RC result = TPM_RC_SUCCESS;
   5151   VLOG(3) << __func__;
   5152 
   5153   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5154   if (result) {
   5155     return result;
   5156   }
   5157 
   5158   result = Serialize_TPMI_ALG_KDF(value.kdf, buffer);
   5159   if (result) {
   5160     return result;
   5161   }
   5162   return result;
   5163 }
   5164 
   5165 TPM_RC Parse_TPMS_SCHEME_XOR(std::string* buffer,
   5166                              TPMS_SCHEME_XOR* value,
   5167                              std::string* value_bytes) {
   5168   TPM_RC result = TPM_RC_SUCCESS;
   5169   VLOG(3) << __func__;
   5170 
   5171   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5172   if (result) {
   5173     return result;
   5174   }
   5175 
   5176   result = Parse_TPMI_ALG_KDF(buffer, &value->kdf, value_bytes);
   5177   if (result) {
   5178     return result;
   5179   }
   5180   return result;
   5181 }
   5182 
   5183 TPM_RC Serialize_TPMU_SCHEME_KEYEDHASH(const TPMU_SCHEME_KEYEDHASH& value,
   5184                                        TPMI_ALG_KEYEDHASH_SCHEME selector,
   5185                                        std::string* buffer) {
   5186   TPM_RC result = TPM_RC_SUCCESS;
   5187   VLOG(3) << __func__;
   5188 
   5189   if (selector == TPM_ALG_NULL) {
   5190     // Do nothing.
   5191   }
   5192 
   5193   if (selector == TPM_ALG_HMAC) {
   5194     result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer);
   5195     if (result) {
   5196       return result;
   5197     }
   5198   }
   5199 
   5200   if (selector == TPM_ALG_XOR) {
   5201     result = Serialize_TPMS_SCHEME_XOR(value.xor_, buffer);
   5202     if (result) {
   5203       return result;
   5204     }
   5205   }
   5206   return result;
   5207 }
   5208 
   5209 TPM_RC Parse_TPMU_SCHEME_KEYEDHASH(std::string* buffer,
   5210                                    TPMI_ALG_KEYEDHASH_SCHEME selector,
   5211                                    TPMU_SCHEME_KEYEDHASH* value,
   5212                                    std::string* value_bytes) {
   5213   TPM_RC result = TPM_RC_SUCCESS;
   5214   VLOG(3) << __func__;
   5215 
   5216   if (selector == TPM_ALG_NULL) {
   5217     // Do nothing.
   5218   }
   5219 
   5220   if (selector == TPM_ALG_HMAC) {
   5221     result = Parse_TPMS_SCHEME_HMAC(buffer, &value->hmac, value_bytes);
   5222     if (result) {
   5223       return result;
   5224     }
   5225   }
   5226 
   5227   if (selector == TPM_ALG_XOR) {
   5228     result = Parse_TPMS_SCHEME_XOR(buffer, &value->xor_, value_bytes);
   5229     if (result) {
   5230       return result;
   5231     }
   5232   }
   5233   return result;
   5234 }
   5235 
   5236 TPM_RC Serialize_TPMT_KEYEDHASH_SCHEME(const TPMT_KEYEDHASH_SCHEME& value,
   5237                                        std::string* buffer) {
   5238   TPM_RC result = TPM_RC_SUCCESS;
   5239   VLOG(3) << __func__;
   5240 
   5241   result = Serialize_TPMI_ALG_KEYEDHASH_SCHEME(value.scheme, buffer);
   5242   if (result) {
   5243     return result;
   5244   }
   5245 
   5246   result = Serialize_TPMU_SCHEME_KEYEDHASH(value.details, value.scheme, buffer);
   5247   if (result) {
   5248     return result;
   5249   }
   5250   return result;
   5251 }
   5252 
   5253 TPM_RC Parse_TPMT_KEYEDHASH_SCHEME(std::string* buffer,
   5254                                    TPMT_KEYEDHASH_SCHEME* value,
   5255                                    std::string* value_bytes) {
   5256   TPM_RC result = TPM_RC_SUCCESS;
   5257   VLOG(3) << __func__;
   5258 
   5259   result = Parse_TPMI_ALG_KEYEDHASH_SCHEME(buffer, &value->scheme, value_bytes);
   5260   if (result) {
   5261     return result;
   5262   }
   5263 
   5264   result = Parse_TPMU_SCHEME_KEYEDHASH(buffer, value->scheme, &value->details,
   5265                                        value_bytes);
   5266   if (result) {
   5267     return result;
   5268   }
   5269   return result;
   5270 }
   5271 
   5272 TPM_RC Serialize_TPMS_SCHEME_ECDAA(const TPMS_SCHEME_ECDAA& value,
   5273                                    std::string* buffer) {
   5274   TPM_RC result = TPM_RC_SUCCESS;
   5275   VLOG(3) << __func__;
   5276 
   5277   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5278   if (result) {
   5279     return result;
   5280   }
   5281 
   5282   result = Serialize_UINT16(value.count, buffer);
   5283   if (result) {
   5284     return result;
   5285   }
   5286   return result;
   5287 }
   5288 
   5289 TPM_RC Parse_TPMS_SCHEME_ECDAA(std::string* buffer,
   5290                                TPMS_SCHEME_ECDAA* value,
   5291                                std::string* value_bytes) {
   5292   TPM_RC result = TPM_RC_SUCCESS;
   5293   VLOG(3) << __func__;
   5294 
   5295   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5296   if (result) {
   5297     return result;
   5298   }
   5299 
   5300   result = Parse_UINT16(buffer, &value->count, value_bytes);
   5301   if (result) {
   5302     return result;
   5303   }
   5304   return result;
   5305 }
   5306 
   5307 TPM_RC Serialize_TPMU_SIG_SCHEME(const TPMU_SIG_SCHEME& value,
   5308                                  TPMI_ALG_SIG_SCHEME selector,
   5309                                  std::string* buffer) {
   5310   TPM_RC result = TPM_RC_SUCCESS;
   5311   VLOG(3) << __func__;
   5312 
   5313   if (selector == TPM_ALG_HMAC) {
   5314     result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer);
   5315     if (result) {
   5316       return result;
   5317     }
   5318   }
   5319 
   5320   if (selector == TPM_ALG_ECSCHNORR) {
   5321     result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer);
   5322     if (result) {
   5323       return result;
   5324     }
   5325   }
   5326 
   5327   if (selector == TPM_ALG_RSAPSS) {
   5328     result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer);
   5329     if (result) {
   5330       return result;
   5331     }
   5332   }
   5333 
   5334   if (selector == TPM_ALG_ECDAA) {
   5335     result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer);
   5336     if (result) {
   5337       return result;
   5338     }
   5339   }
   5340 
   5341   if (selector == TPM_ALG_RSASSA) {
   5342     result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer);
   5343     if (result) {
   5344       return result;
   5345     }
   5346   }
   5347 
   5348   if (selector == TPM_ALG_SM2) {
   5349     result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer);
   5350     if (result) {
   5351       return result;
   5352     }
   5353   }
   5354 
   5355   if (selector == TPM_ALG_ECDSA) {
   5356     result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer);
   5357     if (result) {
   5358       return result;
   5359     }
   5360   }
   5361 
   5362   if (selector == TPM_ALG_NULL) {
   5363     // Do nothing.
   5364   }
   5365   return result;
   5366 }
   5367 
   5368 TPM_RC Parse_TPMU_SIG_SCHEME(std::string* buffer,
   5369                              TPMI_ALG_SIG_SCHEME selector,
   5370                              TPMU_SIG_SCHEME* value,
   5371                              std::string* value_bytes) {
   5372   TPM_RC result = TPM_RC_SUCCESS;
   5373   VLOG(3) << __func__;
   5374 
   5375   if (selector == TPM_ALG_HMAC) {
   5376     result = Parse_TPMS_SCHEME_HMAC(buffer, &value->hmac, value_bytes);
   5377     if (result) {
   5378       return result;
   5379     }
   5380   }
   5381 
   5382   if (selector == TPM_ALG_ECSCHNORR) {
   5383     result =
   5384         Parse_TPMS_SCHEME_ECSCHNORR(buffer, &value->ec_schnorr, value_bytes);
   5385     if (result) {
   5386       return result;
   5387     }
   5388   }
   5389 
   5390   if (selector == TPM_ALG_RSAPSS) {
   5391     result = Parse_TPMS_SCHEME_RSAPSS(buffer, &value->rsapss, value_bytes);
   5392     if (result) {
   5393       return result;
   5394     }
   5395   }
   5396 
   5397   if (selector == TPM_ALG_ECDAA) {
   5398     result = Parse_TPMS_SCHEME_ECDAA(buffer, &value->ecdaa, value_bytes);
   5399     if (result) {
   5400       return result;
   5401     }
   5402   }
   5403 
   5404   if (selector == TPM_ALG_RSASSA) {
   5405     result = Parse_TPMS_SCHEME_RSASSA(buffer, &value->rsassa, value_bytes);
   5406     if (result) {
   5407       return result;
   5408     }
   5409   }
   5410 
   5411   if (selector == TPM_ALG_SM2) {
   5412     result = Parse_TPMS_SCHEME_SM2(buffer, &value->sm2, value_bytes);
   5413     if (result) {
   5414       return result;
   5415     }
   5416   }
   5417 
   5418   if (selector == TPM_ALG_ECDSA) {
   5419     result = Parse_TPMS_SCHEME_ECDSA(buffer, &value->ecdsa, value_bytes);
   5420     if (result) {
   5421       return result;
   5422     }
   5423   }
   5424 
   5425   if (selector == TPM_ALG_NULL) {
   5426     // Do nothing.
   5427   }
   5428   return result;
   5429 }
   5430 
   5431 TPM_RC Serialize_TPMT_SIG_SCHEME(const TPMT_SIG_SCHEME& value,
   5432                                  std::string* buffer) {
   5433   TPM_RC result = TPM_RC_SUCCESS;
   5434   VLOG(3) << __func__;
   5435 
   5436   result = Serialize_TPMI_ALG_SIG_SCHEME(value.scheme, buffer);
   5437   if (result) {
   5438     return result;
   5439   }
   5440 
   5441   result = Serialize_TPMU_SIG_SCHEME(value.details, value.scheme, buffer);
   5442   if (result) {
   5443     return result;
   5444   }
   5445   return result;
   5446 }
   5447 
   5448 TPM_RC Parse_TPMT_SIG_SCHEME(std::string* buffer,
   5449                              TPMT_SIG_SCHEME* value,
   5450                              std::string* value_bytes) {
   5451   TPM_RC result = TPM_RC_SUCCESS;
   5452   VLOG(3) << __func__;
   5453 
   5454   result = Parse_TPMI_ALG_SIG_SCHEME(buffer, &value->scheme, value_bytes);
   5455   if (result) {
   5456     return result;
   5457   }
   5458 
   5459   result = Parse_TPMU_SIG_SCHEME(buffer, value->scheme, &value->details,
   5460                                  value_bytes);
   5461   if (result) {
   5462     return result;
   5463   }
   5464   return result;
   5465 }
   5466 
   5467 TPM_RC Serialize_TPMS_SCHEME_OAEP(const TPMS_SCHEME_OAEP& value,
   5468                                   std::string* buffer) {
   5469   TPM_RC result = TPM_RC_SUCCESS;
   5470   VLOG(3) << __func__;
   5471 
   5472   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5473   if (result) {
   5474     return result;
   5475   }
   5476   return result;
   5477 }
   5478 
   5479 TPM_RC Parse_TPMS_SCHEME_OAEP(std::string* buffer,
   5480                               TPMS_SCHEME_OAEP* value,
   5481                               std::string* value_bytes) {
   5482   TPM_RC result = TPM_RC_SUCCESS;
   5483   VLOG(3) << __func__;
   5484 
   5485   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5486   if (result) {
   5487     return result;
   5488   }
   5489   return result;
   5490 }
   5491 
   5492 TPM_RC Serialize_TPMS_SCHEME_ECDH(const TPMS_SCHEME_ECDH& value,
   5493                                   std::string* buffer) {
   5494   TPM_RC result = TPM_RC_SUCCESS;
   5495   VLOG(3) << __func__;
   5496 
   5497   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5498   if (result) {
   5499     return result;
   5500   }
   5501   return result;
   5502 }
   5503 
   5504 TPM_RC Parse_TPMS_SCHEME_ECDH(std::string* buffer,
   5505                               TPMS_SCHEME_ECDH* value,
   5506                               std::string* value_bytes) {
   5507   TPM_RC result = TPM_RC_SUCCESS;
   5508   VLOG(3) << __func__;
   5509 
   5510   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5511   if (result) {
   5512     return result;
   5513   }
   5514   return result;
   5515 }
   5516 
   5517 TPM_RC Serialize_TPMS_SCHEME_MGF1(const TPMS_SCHEME_MGF1& value,
   5518                                   std::string* buffer) {
   5519   TPM_RC result = TPM_RC_SUCCESS;
   5520   VLOG(3) << __func__;
   5521 
   5522   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5523   if (result) {
   5524     return result;
   5525   }
   5526   return result;
   5527 }
   5528 
   5529 TPM_RC Parse_TPMS_SCHEME_MGF1(std::string* buffer,
   5530                               TPMS_SCHEME_MGF1* value,
   5531                               std::string* value_bytes) {
   5532   TPM_RC result = TPM_RC_SUCCESS;
   5533   VLOG(3) << __func__;
   5534 
   5535   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5536   if (result) {
   5537     return result;
   5538   }
   5539   return result;
   5540 }
   5541 
   5542 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_56a(
   5543     const TPMS_SCHEME_KDF1_SP800_56a& value,
   5544     std::string* buffer) {
   5545   TPM_RC result = TPM_RC_SUCCESS;
   5546   VLOG(3) << __func__;
   5547 
   5548   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5549   if (result) {
   5550     return result;
   5551   }
   5552   return result;
   5553 }
   5554 
   5555 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_56a(std::string* buffer,
   5556                                         TPMS_SCHEME_KDF1_SP800_56a* value,
   5557                                         std::string* value_bytes) {
   5558   TPM_RC result = TPM_RC_SUCCESS;
   5559   VLOG(3) << __func__;
   5560 
   5561   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5562   if (result) {
   5563     return result;
   5564   }
   5565   return result;
   5566 }
   5567 
   5568 TPM_RC Serialize_TPMS_SCHEME_KDF2(const TPMS_SCHEME_KDF2& value,
   5569                                   std::string* buffer) {
   5570   TPM_RC result = TPM_RC_SUCCESS;
   5571   VLOG(3) << __func__;
   5572 
   5573   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5574   if (result) {
   5575     return result;
   5576   }
   5577   return result;
   5578 }
   5579 
   5580 TPM_RC Parse_TPMS_SCHEME_KDF2(std::string* buffer,
   5581                               TPMS_SCHEME_KDF2* value,
   5582                               std::string* value_bytes) {
   5583   TPM_RC result = TPM_RC_SUCCESS;
   5584   VLOG(3) << __func__;
   5585 
   5586   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5587   if (result) {
   5588     return result;
   5589   }
   5590   return result;
   5591 }
   5592 
   5593 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_108(
   5594     const TPMS_SCHEME_KDF1_SP800_108& value,
   5595     std::string* buffer) {
   5596   TPM_RC result = TPM_RC_SUCCESS;
   5597   VLOG(3) << __func__;
   5598 
   5599   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5600   if (result) {
   5601     return result;
   5602   }
   5603   return result;
   5604 }
   5605 
   5606 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_108(std::string* buffer,
   5607                                         TPMS_SCHEME_KDF1_SP800_108* value,
   5608                                         std::string* value_bytes) {
   5609   TPM_RC result = TPM_RC_SUCCESS;
   5610   VLOG(3) << __func__;
   5611 
   5612   result = Parse_TPMI_ALG_HASH(buffer, &value->hash_alg, value_bytes);
   5613   if (result) {
   5614     return result;
   5615   }
   5616   return result;
   5617 }
   5618 
   5619 TPM_RC Serialize_TPMU_KDF_SCHEME(const TPMU_KDF_SCHEME& value,
   5620                                  TPMI_ALG_KDF selector,
   5621                                  std::string* buffer) {
   5622   TPM_RC result = TPM_RC_SUCCESS;
   5623   VLOG(3) << __func__;
   5624 
   5625   if (selector == TPM_ALG_KDF1_SP800_56a) {
   5626     result = Serialize_TPMS_SCHEME_KDF1_SP800_56a(value.kdf1_sp800_56a, buffer);
   5627     if (result) {
   5628       return result;
   5629     }
   5630   }
   5631 
   5632   if (selector == TPM_ALG_MGF1) {
   5633     result = Serialize_TPMS_SCHEME_MGF1(value.mgf1, buffer);
   5634     if (result) {
   5635       return result;
   5636     }
   5637   }
   5638 
   5639   if (selector == TPM_ALG_KDF1_SP800_108) {
   5640     result = Serialize_TPMS_SCHEME_KDF1_SP800_108(value.kdf1_sp800_108, buffer);
   5641     if (result) {
   5642       return result;
   5643     }
   5644   }
   5645 
   5646   if (selector == TPM_ALG_KDF2) {
   5647     result = Serialize_TPMS_SCHEME_KDF2(value.kdf2, buffer);
   5648     if (result) {
   5649       return result;
   5650     }
   5651   }
   5652 
   5653   if (selector == TPM_ALG_NULL) {
   5654     // Do nothing.
   5655   }
   5656   return result;
   5657 }
   5658 
   5659 TPM_RC Parse_TPMU_KDF_SCHEME(std::string* buffer,
   5660                              TPMI_ALG_KDF selector,
   5661                              TPMU_KDF_SCHEME* value,
   5662                              std::string* value_bytes) {
   5663   TPM_RC result = TPM_RC_SUCCESS;
   5664   VLOG(3) << __func__;
   5665 
   5666   if (selector == TPM_ALG_KDF1_SP800_56a) {
   5667     result = Parse_TPMS_SCHEME_KDF1_SP800_56a(buffer, &value->kdf1_sp800_56a,
   5668                                               value_bytes);
   5669     if (result) {
   5670       return result;
   5671     }
   5672   }
   5673 
   5674   if (selector == TPM_ALG_MGF1) {
   5675     result = Parse_TPMS_SCHEME_MGF1(buffer, &value->mgf1, value_bytes);
   5676     if (result) {
   5677       return result;
   5678     }
   5679   }
   5680 
   5681   if (selector == TPM_ALG_KDF1_SP800_108) {
   5682     result = Parse_TPMS_SCHEME_KDF1_SP800_108(buffer, &value->kdf1_sp800_108,
   5683                                               value_bytes);
   5684     if (result) {
   5685       return result;
   5686     }
   5687   }
   5688 
   5689   if (selector == TPM_ALG_KDF2) {
   5690     result = Parse_TPMS_SCHEME_KDF2(buffer, &value->kdf2, value_bytes);
   5691     if (result) {
   5692       return result;
   5693     }
   5694   }
   5695 
   5696   if (selector == TPM_ALG_NULL) {
   5697     // Do nothing.
   5698   }
   5699   return result;
   5700 }
   5701 
   5702 TPM_RC Serialize_TPMT_KDF_SCHEME(const TPMT_KDF_SCHEME& value,
   5703                                  std::string* buffer) {
   5704   TPM_RC result = TPM_RC_SUCCESS;
   5705   VLOG(3) << __func__;
   5706 
   5707   result = Serialize_TPMI_ALG_KDF(value.scheme, buffer);
   5708   if (result) {
   5709     return result;
   5710   }
   5711 
   5712   result = Serialize_TPMU_KDF_SCHEME(value.details, value.scheme, buffer);
   5713   if (result) {
   5714     return result;
   5715   }
   5716   return result;
   5717 }
   5718 
   5719 TPM_RC Parse_TPMT_KDF_SCHEME(std::string* buffer,
   5720                              TPMT_KDF_SCHEME* value,
   5721                              std::string* value_bytes) {
   5722   TPM_RC result = TPM_RC_SUCCESS;
   5723   VLOG(3) << __func__;
   5724 
   5725   result = Parse_TPMI_ALG_KDF(buffer, &value->scheme, value_bytes);
   5726   if (result) {
   5727     return result;
   5728   }
   5729 
   5730   result = Parse_TPMU_KDF_SCHEME(buffer, value->scheme, &value->details,
   5731                                  value_bytes);
   5732   if (result) {
   5733     return result;
   5734   }
   5735   return result;
   5736 }
   5737 
   5738 TPM_RC Serialize_TPMU_ASYM_SCHEME(const TPMU_ASYM_SCHEME& value,
   5739                                   TPMI_ALG_ASYM_SCHEME selector,
   5740                                   std::string* buffer) {
   5741   TPM_RC result = TPM_RC_SUCCESS;
   5742   VLOG(3) << __func__;
   5743 
   5744   if (selector == TPM_ALG_RSAES) {
   5745     // Do nothing.
   5746   }
   5747 
   5748   if (selector == TPM_ALG_ECSCHNORR) {
   5749     result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer);
   5750     if (result) {
   5751       return result;
   5752     }
   5753   }
   5754 
   5755   if (selector == TPM_ALG_NULL) {
   5756     // Do nothing.
   5757   }
   5758 
   5759   if (selector == TPM_ALG_ECDH) {
   5760     result = Serialize_TPMS_SCHEME_ECDH(value.ecdh, buffer);
   5761     if (result) {
   5762       return result;
   5763     }
   5764   }
   5765 
   5766   if (selector == TPM_ALG_OAEP) {
   5767     result = Serialize_TPMS_SCHEME_OAEP(value.oaep, buffer);
   5768     if (result) {
   5769       return result;
   5770     }
   5771   }
   5772 
   5773   if (selector == TPM_ALG_RSAPSS) {
   5774     result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer);
   5775     if (result) {
   5776       return result;
   5777     }
   5778   }
   5779 
   5780   if (selector == TPM_ALG_ECDAA) {
   5781     result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer);
   5782     if (result) {
   5783       return result;
   5784     }
   5785   }
   5786 
   5787   if (selector == TPM_ALG_RSASSA) {
   5788     result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer);
   5789     if (result) {
   5790       return result;
   5791     }
   5792   }
   5793 
   5794   if (selector == TPM_ALG_SM2) {
   5795     result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer);
   5796     if (result) {
   5797       return result;
   5798     }
   5799   }
   5800 
   5801   if (selector == TPM_ALG_ECDSA) {
   5802     result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer);
   5803     if (result) {
   5804       return result;
   5805     }
   5806   }
   5807   return result;
   5808 }
   5809 
   5810 TPM_RC Parse_TPMU_ASYM_SCHEME(std::string* buffer,
   5811                               TPMI_ALG_ASYM_SCHEME selector,
   5812                               TPMU_ASYM_SCHEME* value,
   5813                               std::string* value_bytes) {
   5814   TPM_RC result = TPM_RC_SUCCESS;
   5815   VLOG(3) << __func__;
   5816 
   5817   if (selector == TPM_ALG_RSAES) {
   5818     // Do nothing.
   5819   }
   5820 
   5821   if (selector == TPM_ALG_ECSCHNORR) {
   5822     result =
   5823         Parse_TPMS_SCHEME_ECSCHNORR(buffer, &value->ec_schnorr, value_bytes);
   5824     if (result) {
   5825       return result;
   5826     }
   5827   }
   5828 
   5829   if (selector == TPM_ALG_NULL) {
   5830     // Do nothing.
   5831   }
   5832 
   5833   if (selector == TPM_ALG_ECDH) {
   5834     result = Parse_TPMS_SCHEME_ECDH(buffer, &value->ecdh, value_bytes);
   5835     if (result) {
   5836       return result;
   5837     }
   5838   }
   5839 
   5840   if (selector == TPM_ALG_OAEP) {
   5841     result = Parse_TPMS_SCHEME_OAEP(buffer, &value->oaep, value_bytes);
   5842     if (result) {
   5843       return result;
   5844     }
   5845   }
   5846 
   5847   if (selector == TPM_ALG_RSAPSS) {
   5848     result = Parse_TPMS_SCHEME_RSAPSS(buffer, &value->rsapss, value_bytes);
   5849     if (result) {
   5850       return result;
   5851     }
   5852   }
   5853 
   5854   if (selector == TPM_ALG_ECDAA) {
   5855     result = Parse_TPMS_SCHEME_ECDAA(buffer, &value->ecdaa, value_bytes);
   5856     if (result) {
   5857       return result;
   5858     }
   5859   }
   5860 
   5861   if (selector == TPM_ALG_RSASSA) {
   5862     result = Parse_TPMS_SCHEME_RSASSA(buffer, &value->rsassa, value_bytes);
   5863     if (result) {
   5864       return result;
   5865     }
   5866   }
   5867 
   5868   if (selector == TPM_ALG_SM2) {
   5869     result = Parse_TPMS_SCHEME_SM2(buffer, &value->sm2, value_bytes);
   5870     if (result) {
   5871       return result;
   5872     }
   5873   }
   5874 
   5875   if (selector == TPM_ALG_ECDSA) {
   5876     result = Parse_TPMS_SCHEME_ECDSA(buffer, &value->ecdsa, value_bytes);
   5877     if (result) {
   5878       return result;
   5879     }
   5880   }
   5881   return result;
   5882 }
   5883 
   5884 TPM_RC Serialize_TPMT_ASYM_SCHEME(const TPMT_ASYM_SCHEME& value,
   5885                                   std::string* buffer) {
   5886   TPM_RC result = TPM_RC_SUCCESS;
   5887   VLOG(3) << __func__;
   5888 
   5889   result = Serialize_TPMI_ALG_ASYM_SCHEME(value.scheme, buffer);
   5890   if (result) {
   5891     return result;
   5892   }
   5893 
   5894   result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer);
   5895   if (result) {
   5896     return result;
   5897   }
   5898   return result;
   5899 }
   5900 
   5901 TPM_RC Parse_TPMT_ASYM_SCHEME(std::string* buffer,
   5902                               TPMT_ASYM_SCHEME* value,
   5903                               std::string* value_bytes) {
   5904   TPM_RC result = TPM_RC_SUCCESS;
   5905   VLOG(3) << __func__;
   5906 
   5907   result = Parse_TPMI_ALG_ASYM_SCHEME(buffer, &value->scheme, value_bytes);
   5908   if (result) {
   5909     return result;
   5910   }
   5911 
   5912   result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details,
   5913                                   value_bytes);
   5914   if (result) {
   5915     return result;
   5916   }
   5917   return result;
   5918 }
   5919 
   5920 TPM_RC Serialize_TPMT_RSA_SCHEME(const TPMT_RSA_SCHEME& value,
   5921                                  std::string* buffer) {
   5922   TPM_RC result = TPM_RC_SUCCESS;
   5923   VLOG(3) << __func__;
   5924 
   5925   result = Serialize_TPMI_ALG_RSA_SCHEME(value.scheme, buffer);
   5926   if (result) {
   5927     return result;
   5928   }
   5929 
   5930   result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer);
   5931   if (result) {
   5932     return result;
   5933   }
   5934   return result;
   5935 }
   5936 
   5937 TPM_RC Parse_TPMT_RSA_SCHEME(std::string* buffer,
   5938                              TPMT_RSA_SCHEME* value,
   5939                              std::string* value_bytes) {
   5940   TPM_RC result = TPM_RC_SUCCESS;
   5941   VLOG(3) << __func__;
   5942 
   5943   result = Parse_TPMI_ALG_RSA_SCHEME(buffer, &value->scheme, value_bytes);
   5944   if (result) {
   5945     return result;
   5946   }
   5947 
   5948   result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details,
   5949                                   value_bytes);
   5950   if (result) {
   5951     return result;
   5952   }
   5953   return result;
   5954 }
   5955 
   5956 TPM_RC Serialize_TPMT_RSA_DECRYPT(const TPMT_RSA_DECRYPT& value,
   5957                                   std::string* buffer) {
   5958   TPM_RC result = TPM_RC_SUCCESS;
   5959   VLOG(3) << __func__;
   5960 
   5961   result = Serialize_TPMI_ALG_RSA_DECRYPT(value.scheme, buffer);
   5962   if (result) {
   5963     return result;
   5964   }
   5965 
   5966   result = Serialize_TPMU_ASYM_SCHEME(value.details, value.scheme, buffer);
   5967   if (result) {
   5968     return result;
   5969   }
   5970   return result;
   5971 }
   5972 
   5973 TPM_RC Parse_TPMT_RSA_DECRYPT(std::string* buffer,
   5974                               TPMT_RSA_DECRYPT* value,
   5975                               std::string* value_bytes) {
   5976   TPM_RC result = TPM_RC_SUCCESS;
   5977   VLOG(3) << __func__;
   5978 
   5979   result = Parse_TPMI_ALG_RSA_DECRYPT(buffer, &value->scheme, value_bytes);
   5980   if (result) {
   5981     return result;
   5982   }
   5983 
   5984   result = Parse_TPMU_ASYM_SCHEME(buffer, value->scheme, &value->details,
   5985                                   value_bytes);
   5986   if (result) {
   5987     return result;
   5988   }
   5989   return result;
   5990 }
   5991 
   5992 TPM_RC Serialize_TPM2B_PUBLIC_KEY_RSA(const TPM2B_PUBLIC_KEY_RSA& value,
   5993                                       std::string* buffer) {
   5994   TPM_RC result = TPM_RC_SUCCESS;
   5995   VLOG(3) << __func__;
   5996 
   5997   result = Serialize_UINT16(value.size, buffer);
   5998   if (result) {
   5999     return result;
   6000   }
   6001 
   6002   if (arraysize(value.buffer) < value.size) {
   6003     return TPM_RC_INSUFFICIENT;
   6004   }
   6005   for (uint32_t i = 0; i < value.size; ++i) {
   6006     result = Serialize_BYTE(value.buffer[i], buffer);
   6007     if (result) {
   6008       return result;
   6009     }
   6010   }
   6011   return result;
   6012 }
   6013 
   6014 TPM_RC Parse_TPM2B_PUBLIC_KEY_RSA(std::string* buffer,
   6015                                   TPM2B_PUBLIC_KEY_RSA* value,
   6016                                   std::string* value_bytes) {
   6017   TPM_RC result = TPM_RC_SUCCESS;
   6018   VLOG(3) << __func__;
   6019 
   6020   result = Parse_UINT16(buffer, &value->size, value_bytes);
   6021   if (result) {
   6022     return result;
   6023   }
   6024 
   6025   if (arraysize(value->buffer) < value->size) {
   6026     return TPM_RC_INSUFFICIENT;
   6027   }
   6028   for (uint32_t i = 0; i < value->size; ++i) {
   6029     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   6030     if (result) {
   6031       return result;
   6032     }
   6033   }
   6034   return result;
   6035 }
   6036 
   6037 TPM2B_PUBLIC_KEY_RSA Make_TPM2B_PUBLIC_KEY_RSA(const std::string& bytes) {
   6038   TPM2B_PUBLIC_KEY_RSA tpm2b;
   6039   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   6040   memset(&tpm2b, 0, sizeof(TPM2B_PUBLIC_KEY_RSA));
   6041   tpm2b.size = bytes.size();
   6042   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   6043   return tpm2b;
   6044 }
   6045 
   6046 std::string StringFrom_TPM2B_PUBLIC_KEY_RSA(const TPM2B_PUBLIC_KEY_RSA& tpm2b) {
   6047   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   6048   return std::string(char_buffer, tpm2b.size);
   6049 }
   6050 
   6051 TPM_RC Serialize_TPM2B_PRIVATE_KEY_RSA(const TPM2B_PRIVATE_KEY_RSA& value,
   6052                                        std::string* buffer) {
   6053   TPM_RC result = TPM_RC_SUCCESS;
   6054   VLOG(3) << __func__;
   6055 
   6056   result = Serialize_UINT16(value.size, buffer);
   6057   if (result) {
   6058     return result;
   6059   }
   6060 
   6061   if (arraysize(value.buffer) < value.size) {
   6062     return TPM_RC_INSUFFICIENT;
   6063   }
   6064   for (uint32_t i = 0; i < value.size; ++i) {
   6065     result = Serialize_BYTE(value.buffer[i], buffer);
   6066     if (result) {
   6067       return result;
   6068     }
   6069   }
   6070   return result;
   6071 }
   6072 
   6073 TPM_RC Parse_TPM2B_PRIVATE_KEY_RSA(std::string* buffer,
   6074                                    TPM2B_PRIVATE_KEY_RSA* value,
   6075                                    std::string* value_bytes) {
   6076   TPM_RC result = TPM_RC_SUCCESS;
   6077   VLOG(3) << __func__;
   6078 
   6079   result = Parse_UINT16(buffer, &value->size, value_bytes);
   6080   if (result) {
   6081     return result;
   6082   }
   6083 
   6084   if (arraysize(value->buffer) < value->size) {
   6085     return TPM_RC_INSUFFICIENT;
   6086   }
   6087   for (uint32_t i = 0; i < value->size; ++i) {
   6088     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   6089     if (result) {
   6090       return result;
   6091     }
   6092   }
   6093   return result;
   6094 }
   6095 
   6096 TPM2B_PRIVATE_KEY_RSA Make_TPM2B_PRIVATE_KEY_RSA(const std::string& bytes) {
   6097   TPM2B_PRIVATE_KEY_RSA tpm2b;
   6098   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   6099   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_KEY_RSA));
   6100   tpm2b.size = bytes.size();
   6101   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   6102   return tpm2b;
   6103 }
   6104 
   6105 std::string StringFrom_TPM2B_PRIVATE_KEY_RSA(
   6106     const TPM2B_PRIVATE_KEY_RSA& tpm2b) {
   6107   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   6108   return std::string(char_buffer, tpm2b.size);
   6109 }
   6110 
   6111 TPM_RC Serialize_TPM2B_ECC_PARAMETER(const TPM2B_ECC_PARAMETER& value,
   6112                                      std::string* buffer) {
   6113   TPM_RC result = TPM_RC_SUCCESS;
   6114   VLOG(3) << __func__;
   6115 
   6116   result = Serialize_UINT16(value.size, buffer);
   6117   if (result) {
   6118     return result;
   6119   }
   6120 
   6121   if (arraysize(value.buffer) < value.size) {
   6122     return TPM_RC_INSUFFICIENT;
   6123   }
   6124   for (uint32_t i = 0; i < value.size; ++i) {
   6125     result = Serialize_BYTE(value.buffer[i], buffer);
   6126     if (result) {
   6127       return result;
   6128     }
   6129   }
   6130   return result;
   6131 }
   6132 
   6133 TPM_RC Parse_TPM2B_ECC_PARAMETER(std::string* buffer,
   6134                                  TPM2B_ECC_PARAMETER* value,
   6135                                  std::string* value_bytes) {
   6136   TPM_RC result = TPM_RC_SUCCESS;
   6137   VLOG(3) << __func__;
   6138 
   6139   result = Parse_UINT16(buffer, &value->size, value_bytes);
   6140   if (result) {
   6141     return result;
   6142   }
   6143 
   6144   if (arraysize(value->buffer) < value->size) {
   6145     return TPM_RC_INSUFFICIENT;
   6146   }
   6147   for (uint32_t i = 0; i < value->size; ++i) {
   6148     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   6149     if (result) {
   6150       return result;
   6151     }
   6152   }
   6153   return result;
   6154 }
   6155 
   6156 TPM2B_ECC_PARAMETER Make_TPM2B_ECC_PARAMETER(const std::string& bytes) {
   6157   TPM2B_ECC_PARAMETER tpm2b;
   6158   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   6159   memset(&tpm2b, 0, sizeof(TPM2B_ECC_PARAMETER));
   6160   tpm2b.size = bytes.size();
   6161   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   6162   return tpm2b;
   6163 }
   6164 
   6165 std::string StringFrom_TPM2B_ECC_PARAMETER(const TPM2B_ECC_PARAMETER& tpm2b) {
   6166   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   6167   return std::string(char_buffer, tpm2b.size);
   6168 }
   6169 
   6170 TPM_RC Serialize_TPMS_ECC_POINT(const TPMS_ECC_POINT& value,
   6171                                 std::string* buffer) {
   6172   TPM_RC result = TPM_RC_SUCCESS;
   6173   VLOG(3) << __func__;
   6174 
   6175   result = Serialize_TPM2B_ECC_PARAMETER(value.x, buffer);
   6176   if (result) {
   6177     return result;
   6178   }
   6179 
   6180   result = Serialize_TPM2B_ECC_PARAMETER(value.y, buffer);
   6181   if (result) {
   6182     return result;
   6183   }
   6184   return result;
   6185 }
   6186 
   6187 TPM_RC Parse_TPMS_ECC_POINT(std::string* buffer,
   6188                             TPMS_ECC_POINT* value,
   6189                             std::string* value_bytes) {
   6190   TPM_RC result = TPM_RC_SUCCESS;
   6191   VLOG(3) << __func__;
   6192 
   6193   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->x, value_bytes);
   6194   if (result) {
   6195     return result;
   6196   }
   6197 
   6198   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->y, value_bytes);
   6199   if (result) {
   6200     return result;
   6201   }
   6202   return result;
   6203 }
   6204 
   6205 TPM_RC Serialize_TPM2B_ECC_POINT(const TPM2B_ECC_POINT& value,
   6206                                  std::string* buffer) {
   6207   TPM_RC result = TPM_RC_SUCCESS;
   6208   VLOG(3) << __func__;
   6209 
   6210   std::string field_bytes;
   6211   result = Serialize_TPMS_ECC_POINT(value.point, &field_bytes);
   6212   if (result) {
   6213     return result;
   6214   }
   6215   std::string size_bytes;
   6216   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   6217   if (result) {
   6218     return result;
   6219   }
   6220   buffer->append(size_bytes + field_bytes);
   6221   return result;
   6222 }
   6223 
   6224 TPM_RC Parse_TPM2B_ECC_POINT(std::string* buffer,
   6225                              TPM2B_ECC_POINT* value,
   6226                              std::string* value_bytes) {
   6227   TPM_RC result = TPM_RC_SUCCESS;
   6228   VLOG(3) << __func__;
   6229 
   6230   result = Parse_UINT16(buffer, &value->size, value_bytes);
   6231   if (result) {
   6232     return result;
   6233   }
   6234 
   6235   result = Parse_TPMS_ECC_POINT(buffer, &value->point, value_bytes);
   6236   if (result) {
   6237     return result;
   6238   }
   6239   return result;
   6240 }
   6241 
   6242 TPM2B_ECC_POINT Make_TPM2B_ECC_POINT(const TPMS_ECC_POINT& inner) {
   6243   TPM2B_ECC_POINT tpm2b;
   6244   tpm2b.size = sizeof(TPMS_ECC_POINT);
   6245   tpm2b.point = inner;
   6246   return tpm2b;
   6247 }
   6248 
   6249 TPM_RC Serialize_TPMT_ECC_SCHEME(const TPMT_ECC_SCHEME& value,
   6250                                  std::string* buffer) {
   6251   TPM_RC result = TPM_RC_SUCCESS;
   6252   VLOG(3) << __func__;
   6253 
   6254   result = Serialize_TPMI_ALG_ECC_SCHEME(value.scheme, buffer);
   6255   if (result) {
   6256     return result;
   6257   }
   6258 
   6259   result = Serialize_TPMU_SIG_SCHEME(value.details, value.scheme, buffer);
   6260   if (result) {
   6261     return result;
   6262   }
   6263   return result;
   6264 }
   6265 
   6266 TPM_RC Parse_TPMT_ECC_SCHEME(std::string* buffer,
   6267                              TPMT_ECC_SCHEME* value,
   6268                              std::string* value_bytes) {
   6269   TPM_RC result = TPM_RC_SUCCESS;
   6270   VLOG(3) << __func__;
   6271 
   6272   result = Parse_TPMI_ALG_ECC_SCHEME(buffer, &value->scheme, value_bytes);
   6273   if (result) {
   6274     return result;
   6275   }
   6276 
   6277   result = Parse_TPMU_SIG_SCHEME(buffer, value->scheme, &value->details,
   6278                                  value_bytes);
   6279   if (result) {
   6280     return result;
   6281   }
   6282   return result;
   6283 }
   6284 
   6285 TPM_RC Serialize_TPMS_ALGORITHM_DETAIL_ECC(
   6286     const TPMS_ALGORITHM_DETAIL_ECC& value,
   6287     std::string* buffer) {
   6288   TPM_RC result = TPM_RC_SUCCESS;
   6289   VLOG(3) << __func__;
   6290 
   6291   result = Serialize_TPM_ECC_CURVE(value.curve_id, buffer);
   6292   if (result) {
   6293     return result;
   6294   }
   6295 
   6296   result = Serialize_UINT16(value.key_size, buffer);
   6297   if (result) {
   6298     return result;
   6299   }
   6300 
   6301   result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer);
   6302   if (result) {
   6303     return result;
   6304   }
   6305 
   6306   result = Serialize_TPMT_ECC_SCHEME(value.sign, buffer);
   6307   if (result) {
   6308     return result;
   6309   }
   6310 
   6311   result = Serialize_TPM2B_ECC_PARAMETER(value.p, buffer);
   6312   if (result) {
   6313     return result;
   6314   }
   6315 
   6316   result = Serialize_TPM2B_ECC_PARAMETER(value.a, buffer);
   6317   if (result) {
   6318     return result;
   6319   }
   6320 
   6321   result = Serialize_TPM2B_ECC_PARAMETER(value.b, buffer);
   6322   if (result) {
   6323     return result;
   6324   }
   6325 
   6326   result = Serialize_TPM2B_ECC_PARAMETER(value.g_x, buffer);
   6327   if (result) {
   6328     return result;
   6329   }
   6330 
   6331   result = Serialize_TPM2B_ECC_PARAMETER(value.g_y, buffer);
   6332   if (result) {
   6333     return result;
   6334   }
   6335 
   6336   result = Serialize_TPM2B_ECC_PARAMETER(value.n, buffer);
   6337   if (result) {
   6338     return result;
   6339   }
   6340 
   6341   result = Serialize_TPM2B_ECC_PARAMETER(value.h, buffer);
   6342   if (result) {
   6343     return result;
   6344   }
   6345   return result;
   6346 }
   6347 
   6348 TPM_RC Parse_TPMS_ALGORITHM_DETAIL_ECC(std::string* buffer,
   6349                                        TPMS_ALGORITHM_DETAIL_ECC* value,
   6350                                        std::string* value_bytes) {
   6351   TPM_RC result = TPM_RC_SUCCESS;
   6352   VLOG(3) << __func__;
   6353 
   6354   result = Parse_TPM_ECC_CURVE(buffer, &value->curve_id, value_bytes);
   6355   if (result) {
   6356     return result;
   6357   }
   6358 
   6359   result = Parse_UINT16(buffer, &value->key_size, value_bytes);
   6360   if (result) {
   6361     return result;
   6362   }
   6363 
   6364   result = Parse_TPMT_KDF_SCHEME(buffer, &value->kdf, value_bytes);
   6365   if (result) {
   6366     return result;
   6367   }
   6368 
   6369   result = Parse_TPMT_ECC_SCHEME(buffer, &value->sign, value_bytes);
   6370   if (result) {
   6371     return result;
   6372   }
   6373 
   6374   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->p, value_bytes);
   6375   if (result) {
   6376     return result;
   6377   }
   6378 
   6379   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->a, value_bytes);
   6380   if (result) {
   6381     return result;
   6382   }
   6383 
   6384   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->b, value_bytes);
   6385   if (result) {
   6386     return result;
   6387   }
   6388 
   6389   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->g_x, value_bytes);
   6390   if (result) {
   6391     return result;
   6392   }
   6393 
   6394   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->g_y, value_bytes);
   6395   if (result) {
   6396     return result;
   6397   }
   6398 
   6399   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->n, value_bytes);
   6400   if (result) {
   6401     return result;
   6402   }
   6403 
   6404   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->h, value_bytes);
   6405   if (result) {
   6406     return result;
   6407   }
   6408   return result;
   6409 }
   6410 
   6411 TPM_RC Serialize_TPMS_SIGNATURE_RSASSA(const TPMS_SIGNATURE_RSASSA& value,
   6412                                        std::string* buffer) {
   6413   TPM_RC result = TPM_RC_SUCCESS;
   6414   VLOG(3) << __func__;
   6415 
   6416   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   6417   if (result) {
   6418     return result;
   6419   }
   6420 
   6421   result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer);
   6422   if (result) {
   6423     return result;
   6424   }
   6425   return result;
   6426 }
   6427 
   6428 TPM_RC Parse_TPMS_SIGNATURE_RSASSA(std::string* buffer,
   6429                                    TPMS_SIGNATURE_RSASSA* value,
   6430                                    std::string* value_bytes) {
   6431   TPM_RC result = TPM_RC_SUCCESS;
   6432   VLOG(3) << __func__;
   6433 
   6434   result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes);
   6435   if (result) {
   6436     return result;
   6437   }
   6438 
   6439   result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->sig, value_bytes);
   6440   if (result) {
   6441     return result;
   6442   }
   6443   return result;
   6444 }
   6445 
   6446 TPM_RC Serialize_TPMS_SIGNATURE_RSAPSS(const TPMS_SIGNATURE_RSAPSS& value,
   6447                                        std::string* buffer) {
   6448   TPM_RC result = TPM_RC_SUCCESS;
   6449   VLOG(3) << __func__;
   6450 
   6451   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   6452   if (result) {
   6453     return result;
   6454   }
   6455 
   6456   result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer);
   6457   if (result) {
   6458     return result;
   6459   }
   6460   return result;
   6461 }
   6462 
   6463 TPM_RC Parse_TPMS_SIGNATURE_RSAPSS(std::string* buffer,
   6464                                    TPMS_SIGNATURE_RSAPSS* value,
   6465                                    std::string* value_bytes) {
   6466   TPM_RC result = TPM_RC_SUCCESS;
   6467   VLOG(3) << __func__;
   6468 
   6469   result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes);
   6470   if (result) {
   6471     return result;
   6472   }
   6473 
   6474   result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->sig, value_bytes);
   6475   if (result) {
   6476     return result;
   6477   }
   6478   return result;
   6479 }
   6480 
   6481 TPM_RC Serialize_TPMS_SIGNATURE_ECDSA(const TPMS_SIGNATURE_ECDSA& value,
   6482                                       std::string* buffer) {
   6483   TPM_RC result = TPM_RC_SUCCESS;
   6484   VLOG(3) << __func__;
   6485 
   6486   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   6487   if (result) {
   6488     return result;
   6489   }
   6490 
   6491   result = Serialize_TPM2B_ECC_PARAMETER(value.signature_r, buffer);
   6492   if (result) {
   6493     return result;
   6494   }
   6495 
   6496   result = Serialize_TPM2B_ECC_PARAMETER(value.signature_s, buffer);
   6497   if (result) {
   6498     return result;
   6499   }
   6500   return result;
   6501 }
   6502 
   6503 TPM_RC Parse_TPMS_SIGNATURE_ECDSA(std::string* buffer,
   6504                                   TPMS_SIGNATURE_ECDSA* value,
   6505                                   std::string* value_bytes) {
   6506   TPM_RC result = TPM_RC_SUCCESS;
   6507   VLOG(3) << __func__;
   6508 
   6509   result = Parse_TPMI_ALG_HASH(buffer, &value->hash, value_bytes);
   6510   if (result) {
   6511     return result;
   6512   }
   6513 
   6514   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->signature_r, value_bytes);
   6515   if (result) {
   6516     return result;
   6517   }
   6518 
   6519   result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->signature_s, value_bytes);
   6520   if (result) {
   6521     return result;
   6522   }
   6523   return result;
   6524 }
   6525 
   6526 TPM_RC Serialize_TPMU_SIGNATURE(const TPMU_SIGNATURE& value,
   6527                                 TPMI_ALG_SIG_SCHEME selector,
   6528                                 std::string* buffer) {
   6529   TPM_RC result = TPM_RC_SUCCESS;
   6530   VLOG(3) << __func__;
   6531 
   6532   if (selector == TPM_ALG_HMAC) {
   6533     result = Serialize_TPMT_HA(value.hmac, buffer);
   6534     if (result) {
   6535       return result;
   6536     }
   6537   }
   6538 
   6539   if (selector == TPM_ALG_ECSCHNORR) {
   6540     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecschnorr, buffer);
   6541     if (result) {
   6542       return result;
   6543     }
   6544   }
   6545 
   6546   if (selector == TPM_ALG_RSAPSS) {
   6547     result = Serialize_TPMS_SIGNATURE_RSAPSS(value.rsapss, buffer);
   6548     if (result) {
   6549       return result;
   6550     }
   6551   }
   6552 
   6553   if (selector == TPM_ALG_ECDAA) {
   6554     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdaa, buffer);
   6555     if (result) {
   6556       return result;
   6557     }
   6558   }
   6559 
   6560   if (selector == TPM_ALG_RSASSA) {
   6561     result = Serialize_TPMS_SIGNATURE_RSASSA(value.rsassa, buffer);
   6562     if (result) {
   6563       return result;
   6564     }
   6565   }
   6566 
   6567   if (selector == TPM_ALG_SM2) {
   6568     result = Serialize_TPMS_SIGNATURE_ECDSA(value.sm2, buffer);
   6569     if (result) {
   6570       return result;
   6571     }
   6572   }
   6573 
   6574   if (selector == TPM_ALG_ECDSA) {
   6575     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdsa, buffer);
   6576     if (result) {
   6577       return result;
   6578     }
   6579   }
   6580 
   6581   if (selector == TPM_ALG_NULL) {
   6582     // Do nothing.
   6583   }
   6584   return result;
   6585 }
   6586 
   6587 TPM_RC Parse_TPMU_SIGNATURE(std::string* buffer,
   6588                             TPMI_ALG_SIG_SCHEME selector,
   6589                             TPMU_SIGNATURE* value,
   6590                             std::string* value_bytes) {
   6591   TPM_RC result = TPM_RC_SUCCESS;
   6592   VLOG(3) << __func__;
   6593 
   6594   if (selector == TPM_ALG_HMAC) {
   6595     result = Parse_TPMT_HA(buffer, &value->hmac, value_bytes);
   6596     if (result) {
   6597       return result;
   6598     }
   6599   }
   6600 
   6601   if (selector == TPM_ALG_ECSCHNORR) {
   6602     result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecschnorr, value_bytes);
   6603     if (result) {
   6604       return result;
   6605     }
   6606   }
   6607 
   6608   if (selector == TPM_ALG_RSAPSS) {
   6609     result = Parse_TPMS_SIGNATURE_RSAPSS(buffer, &value->rsapss, value_bytes);
   6610     if (result) {
   6611       return result;
   6612     }
   6613   }
   6614 
   6615   if (selector == TPM_ALG_ECDAA) {
   6616     result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecdaa, value_bytes);
   6617     if (result) {
   6618       return result;
   6619     }
   6620   }
   6621 
   6622   if (selector == TPM_ALG_RSASSA) {
   6623     result = Parse_TPMS_SIGNATURE_RSASSA(buffer, &value->rsassa, value_bytes);
   6624     if (result) {
   6625       return result;
   6626     }
   6627   }
   6628 
   6629   if (selector == TPM_ALG_SM2) {
   6630     result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->sm2, value_bytes);
   6631     if (result) {
   6632       return result;
   6633     }
   6634   }
   6635 
   6636   if (selector == TPM_ALG_ECDSA) {
   6637     result = Parse_TPMS_SIGNATURE_ECDSA(buffer, &value->ecdsa, value_bytes);
   6638     if (result) {
   6639       return result;
   6640     }
   6641   }
   6642 
   6643   if (selector == TPM_ALG_NULL) {
   6644     // Do nothing.
   6645   }
   6646   return result;
   6647 }
   6648 
   6649 TPM_RC Serialize_TPMT_SIGNATURE(const TPMT_SIGNATURE& value,
   6650                                 std::string* buffer) {
   6651   TPM_RC result = TPM_RC_SUCCESS;
   6652   VLOG(3) << __func__;
   6653 
   6654   result = Serialize_TPMI_ALG_SIG_SCHEME(value.sig_alg, buffer);
   6655   if (result) {
   6656     return result;
   6657   }
   6658 
   6659   result = Serialize_TPMU_SIGNATURE(value.signature, value.sig_alg, buffer);
   6660   if (result) {
   6661     return result;
   6662   }
   6663   return result;
   6664 }
   6665 
   6666 TPM_RC Parse_TPMT_SIGNATURE(std::string* buffer,
   6667                             TPMT_SIGNATURE* value,
   6668                             std::string* value_bytes) {
   6669   TPM_RC result = TPM_RC_SUCCESS;
   6670   VLOG(3) << __func__;
   6671 
   6672   result = Parse_TPMI_ALG_SIG_SCHEME(buffer, &value->sig_alg, value_bytes);
   6673   if (result) {
   6674     return result;
   6675   }
   6676 
   6677   result = Parse_TPMU_SIGNATURE(buffer, value->sig_alg, &value->signature,
   6678                                 value_bytes);
   6679   if (result) {
   6680     return result;
   6681   }
   6682   return result;
   6683 }
   6684 
   6685 TPM_RC Serialize_TPM2B_ENCRYPTED_SECRET(const TPM2B_ENCRYPTED_SECRET& value,
   6686                                         std::string* buffer) {
   6687   TPM_RC result = TPM_RC_SUCCESS;
   6688   VLOG(3) << __func__;
   6689 
   6690   result = Serialize_UINT16(value.size, buffer);
   6691   if (result) {
   6692     return result;
   6693   }
   6694 
   6695   if (arraysize(value.secret) < value.size) {
   6696     return TPM_RC_INSUFFICIENT;
   6697   }
   6698   for (uint32_t i = 0; i < value.size; ++i) {
   6699     result = Serialize_BYTE(value.secret[i], buffer);
   6700     if (result) {
   6701       return result;
   6702     }
   6703   }
   6704   return result;
   6705 }
   6706 
   6707 TPM_RC Parse_TPM2B_ENCRYPTED_SECRET(std::string* buffer,
   6708                                     TPM2B_ENCRYPTED_SECRET* value,
   6709                                     std::string* value_bytes) {
   6710   TPM_RC result = TPM_RC_SUCCESS;
   6711   VLOG(3) << __func__;
   6712 
   6713   result = Parse_UINT16(buffer, &value->size, value_bytes);
   6714   if (result) {
   6715     return result;
   6716   }
   6717 
   6718   if (arraysize(value->secret) < value->size) {
   6719     return TPM_RC_INSUFFICIENT;
   6720   }
   6721   for (uint32_t i = 0; i < value->size; ++i) {
   6722     result = Parse_BYTE(buffer, &value->secret[i], value_bytes);
   6723     if (result) {
   6724       return result;
   6725     }
   6726   }
   6727   return result;
   6728 }
   6729 
   6730 TPM2B_ENCRYPTED_SECRET Make_TPM2B_ENCRYPTED_SECRET(const std::string& bytes) {
   6731   TPM2B_ENCRYPTED_SECRET tpm2b;
   6732   CHECK(bytes.size() <= sizeof(tpm2b.secret));
   6733   memset(&tpm2b, 0, sizeof(TPM2B_ENCRYPTED_SECRET));
   6734   tpm2b.size = bytes.size();
   6735   memcpy(tpm2b.secret, bytes.data(), bytes.size());
   6736   return tpm2b;
   6737 }
   6738 
   6739 std::string StringFrom_TPM2B_ENCRYPTED_SECRET(
   6740     const TPM2B_ENCRYPTED_SECRET& tpm2b) {
   6741   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.secret);
   6742   return std::string(char_buffer, tpm2b.size);
   6743 }
   6744 
   6745 TPM_RC Serialize_TPMS_KEYEDHASH_PARMS(const TPMS_KEYEDHASH_PARMS& value,
   6746                                       std::string* buffer) {
   6747   TPM_RC result = TPM_RC_SUCCESS;
   6748   VLOG(3) << __func__;
   6749 
   6750   result = Serialize_TPMT_KEYEDHASH_SCHEME(value.scheme, buffer);
   6751   if (result) {
   6752     return result;
   6753   }
   6754   return result;
   6755 }
   6756 
   6757 TPM_RC Parse_TPMS_KEYEDHASH_PARMS(std::string* buffer,
   6758                                   TPMS_KEYEDHASH_PARMS* value,
   6759                                   std::string* value_bytes) {
   6760   TPM_RC result = TPM_RC_SUCCESS;
   6761   VLOG(3) << __func__;
   6762 
   6763   result = Parse_TPMT_KEYEDHASH_SCHEME(buffer, &value->scheme, value_bytes);
   6764   if (result) {
   6765     return result;
   6766   }
   6767   return result;
   6768 }
   6769 
   6770 TPM_RC Serialize_TPMS_ASYM_PARMS(const TPMS_ASYM_PARMS& value,
   6771                                  std::string* buffer) {
   6772   TPM_RC result = TPM_RC_SUCCESS;
   6773   VLOG(3) << __func__;
   6774 
   6775   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   6776   if (result) {
   6777     return result;
   6778   }
   6779 
   6780   result = Serialize_TPMT_ASYM_SCHEME(value.scheme, buffer);
   6781   if (result) {
   6782     return result;
   6783   }
   6784   return result;
   6785 }
   6786 
   6787 TPM_RC Parse_TPMS_ASYM_PARMS(std::string* buffer,
   6788                              TPMS_ASYM_PARMS* value,
   6789                              std::string* value_bytes) {
   6790   TPM_RC result = TPM_RC_SUCCESS;
   6791   VLOG(3) << __func__;
   6792 
   6793   result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes);
   6794   if (result) {
   6795     return result;
   6796   }
   6797 
   6798   result = Parse_TPMT_ASYM_SCHEME(buffer, &value->scheme, value_bytes);
   6799   if (result) {
   6800     return result;
   6801   }
   6802   return result;
   6803 }
   6804 
   6805 TPM_RC Serialize_TPMS_RSA_PARMS(const TPMS_RSA_PARMS& value,
   6806                                 std::string* buffer) {
   6807   TPM_RC result = TPM_RC_SUCCESS;
   6808   VLOG(3) << __func__;
   6809 
   6810   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   6811   if (result) {
   6812     return result;
   6813   }
   6814 
   6815   result = Serialize_TPMT_RSA_SCHEME(value.scheme, buffer);
   6816   if (result) {
   6817     return result;
   6818   }
   6819 
   6820   result = Serialize_TPMI_RSA_KEY_BITS(value.key_bits, buffer);
   6821   if (result) {
   6822     return result;
   6823   }
   6824 
   6825   result = Serialize_UINT32(value.exponent, buffer);
   6826   if (result) {
   6827     return result;
   6828   }
   6829   return result;
   6830 }
   6831 
   6832 TPM_RC Parse_TPMS_RSA_PARMS(std::string* buffer,
   6833                             TPMS_RSA_PARMS* value,
   6834                             std::string* value_bytes) {
   6835   TPM_RC result = TPM_RC_SUCCESS;
   6836   VLOG(3) << __func__;
   6837 
   6838   result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes);
   6839   if (result) {
   6840     return result;
   6841   }
   6842 
   6843   result = Parse_TPMT_RSA_SCHEME(buffer, &value->scheme, value_bytes);
   6844   if (result) {
   6845     return result;
   6846   }
   6847 
   6848   result = Parse_TPMI_RSA_KEY_BITS(buffer, &value->key_bits, value_bytes);
   6849   if (result) {
   6850     return result;
   6851   }
   6852 
   6853   result = Parse_UINT32(buffer, &value->exponent, value_bytes);
   6854   if (result) {
   6855     return result;
   6856   }
   6857   return result;
   6858 }
   6859 
   6860 TPM_RC Serialize_TPMS_ECC_PARMS(const TPMS_ECC_PARMS& value,
   6861                                 std::string* buffer) {
   6862   TPM_RC result = TPM_RC_SUCCESS;
   6863   VLOG(3) << __func__;
   6864 
   6865   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   6866   if (result) {
   6867     return result;
   6868   }
   6869 
   6870   result = Serialize_TPMT_ECC_SCHEME(value.scheme, buffer);
   6871   if (result) {
   6872     return result;
   6873   }
   6874 
   6875   result = Serialize_TPMI_ECC_CURVE(value.curve_id, buffer);
   6876   if (result) {
   6877     return result;
   6878   }
   6879 
   6880   result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer);
   6881   if (result) {
   6882     return result;
   6883   }
   6884   return result;
   6885 }
   6886 
   6887 TPM_RC Parse_TPMS_ECC_PARMS(std::string* buffer,
   6888                             TPMS_ECC_PARMS* value,
   6889                             std::string* value_bytes) {
   6890   TPM_RC result = TPM_RC_SUCCESS;
   6891   VLOG(3) << __func__;
   6892 
   6893   result = Parse_TPMT_SYM_DEF_OBJECT(buffer, &value->symmetric, value_bytes);
   6894   if (result) {
   6895     return result;
   6896   }
   6897 
   6898   result = Parse_TPMT_ECC_SCHEME(buffer, &value->scheme, value_bytes);
   6899   if (result) {
   6900     return result;
   6901   }
   6902 
   6903   result = Parse_TPMI_ECC_CURVE(buffer, &value->curve_id, value_bytes);
   6904   if (result) {
   6905     return result;
   6906   }
   6907 
   6908   result = Parse_TPMT_KDF_SCHEME(buffer, &value->kdf, value_bytes);
   6909   if (result) {
   6910     return result;
   6911   }
   6912   return result;
   6913 }
   6914 
   6915 TPM_RC Serialize_TPMU_PUBLIC_PARMS(const TPMU_PUBLIC_PARMS& value,
   6916                                    TPMI_ALG_PUBLIC selector,
   6917                                    std::string* buffer) {
   6918   TPM_RC result = TPM_RC_SUCCESS;
   6919   VLOG(3) << __func__;
   6920 
   6921   if (selector == TPM_ALG_KEYEDHASH) {
   6922     result = Serialize_TPMS_KEYEDHASH_PARMS(value.keyed_hash_detail, buffer);
   6923     if (result) {
   6924       return result;
   6925     }
   6926   }
   6927 
   6928   if (selector == TPM_ALG_RSA) {
   6929     result = Serialize_TPMS_RSA_PARMS(value.rsa_detail, buffer);
   6930     if (result) {
   6931       return result;
   6932     }
   6933   }
   6934 
   6935   if (selector == TPM_ALG_SYMCIPHER) {
   6936     result = Serialize_TPMS_SYMCIPHER_PARMS(value.sym_detail, buffer);
   6937     if (result) {
   6938       return result;
   6939     }
   6940   }
   6941 
   6942   if (selector == TPM_ALG_ECC) {
   6943     result = Serialize_TPMS_ECC_PARMS(value.ecc_detail, buffer);
   6944     if (result) {
   6945       return result;
   6946     }
   6947   }
   6948   return result;
   6949 }
   6950 
   6951 TPM_RC Parse_TPMU_PUBLIC_PARMS(std::string* buffer,
   6952                                TPMI_ALG_PUBLIC selector,
   6953                                TPMU_PUBLIC_PARMS* value,
   6954                                std::string* value_bytes) {
   6955   TPM_RC result = TPM_RC_SUCCESS;
   6956   VLOG(3) << __func__;
   6957 
   6958   if (selector == TPM_ALG_KEYEDHASH) {
   6959     result = Parse_TPMS_KEYEDHASH_PARMS(buffer, &value->keyed_hash_detail,
   6960                                         value_bytes);
   6961     if (result) {
   6962       return result;
   6963     }
   6964   }
   6965 
   6966   if (selector == TPM_ALG_RSA) {
   6967     result = Parse_TPMS_RSA_PARMS(buffer, &value->rsa_detail, value_bytes);
   6968     if (result) {
   6969       return result;
   6970     }
   6971   }
   6972 
   6973   if (selector == TPM_ALG_SYMCIPHER) {
   6974     result =
   6975         Parse_TPMS_SYMCIPHER_PARMS(buffer, &value->sym_detail, value_bytes);
   6976     if (result) {
   6977       return result;
   6978     }
   6979   }
   6980 
   6981   if (selector == TPM_ALG_ECC) {
   6982     result = Parse_TPMS_ECC_PARMS(buffer, &value->ecc_detail, value_bytes);
   6983     if (result) {
   6984       return result;
   6985     }
   6986   }
   6987   return result;
   6988 }
   6989 
   6990 TPM_RC Serialize_TPMT_PUBLIC_PARMS(const TPMT_PUBLIC_PARMS& value,
   6991                                    std::string* buffer) {
   6992   TPM_RC result = TPM_RC_SUCCESS;
   6993   VLOG(3) << __func__;
   6994 
   6995   result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer);
   6996   if (result) {
   6997     return result;
   6998   }
   6999 
   7000   result = Serialize_TPMU_PUBLIC_PARMS(value.parameters, value.type, buffer);
   7001   if (result) {
   7002     return result;
   7003   }
   7004   return result;
   7005 }
   7006 
   7007 TPM_RC Parse_TPMT_PUBLIC_PARMS(std::string* buffer,
   7008                                TPMT_PUBLIC_PARMS* value,
   7009                                std::string* value_bytes) {
   7010   TPM_RC result = TPM_RC_SUCCESS;
   7011   VLOG(3) << __func__;
   7012 
   7013   result = Parse_TPMI_ALG_PUBLIC(buffer, &value->type, value_bytes);
   7014   if (result) {
   7015     return result;
   7016   }
   7017 
   7018   result = Parse_TPMU_PUBLIC_PARMS(buffer, value->type, &value->parameters,
   7019                                    value_bytes);
   7020   if (result) {
   7021     return result;
   7022   }
   7023   return result;
   7024 }
   7025 
   7026 TPM_RC Serialize_TPMU_PUBLIC_ID(const TPMU_PUBLIC_ID& value,
   7027                                 TPMI_ALG_PUBLIC selector,
   7028                                 std::string* buffer) {
   7029   TPM_RC result = TPM_RC_SUCCESS;
   7030   VLOG(3) << __func__;
   7031 
   7032   if (selector == TPM_ALG_KEYEDHASH) {
   7033     result = Serialize_TPM2B_DIGEST(value.keyed_hash, buffer);
   7034     if (result) {
   7035       return result;
   7036     }
   7037   }
   7038 
   7039   if (selector == TPM_ALG_RSA) {
   7040     result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.rsa, buffer);
   7041     if (result) {
   7042       return result;
   7043     }
   7044   }
   7045 
   7046   if (selector == TPM_ALG_SYMCIPHER) {
   7047     result = Serialize_TPM2B_DIGEST(value.sym, buffer);
   7048     if (result) {
   7049       return result;
   7050     }
   7051   }
   7052 
   7053   if (selector == TPM_ALG_ECC) {
   7054     result = Serialize_TPMS_ECC_POINT(value.ecc, buffer);
   7055     if (result) {
   7056       return result;
   7057     }
   7058   }
   7059   return result;
   7060 }
   7061 
   7062 TPM_RC Parse_TPMU_PUBLIC_ID(std::string* buffer,
   7063                             TPMI_ALG_PUBLIC selector,
   7064                             TPMU_PUBLIC_ID* value,
   7065                             std::string* value_bytes) {
   7066   TPM_RC result = TPM_RC_SUCCESS;
   7067   VLOG(3) << __func__;
   7068 
   7069   if (selector == TPM_ALG_KEYEDHASH) {
   7070     result = Parse_TPM2B_DIGEST(buffer, &value->keyed_hash, value_bytes);
   7071     if (result) {
   7072       return result;
   7073     }
   7074   }
   7075 
   7076   if (selector == TPM_ALG_RSA) {
   7077     result = Parse_TPM2B_PUBLIC_KEY_RSA(buffer, &value->rsa, value_bytes);
   7078     if (result) {
   7079       return result;
   7080     }
   7081   }
   7082 
   7083   if (selector == TPM_ALG_SYMCIPHER) {
   7084     result = Parse_TPM2B_DIGEST(buffer, &value->sym, value_bytes);
   7085     if (result) {
   7086       return result;
   7087     }
   7088   }
   7089 
   7090   if (selector == TPM_ALG_ECC) {
   7091     result = Parse_TPMS_ECC_POINT(buffer, &value->ecc, value_bytes);
   7092     if (result) {
   7093       return result;
   7094     }
   7095   }
   7096   return result;
   7097 }
   7098 
   7099 TPM_RC Serialize_TPMT_PUBLIC(const TPMT_PUBLIC& value, std::string* buffer) {
   7100   TPM_RC result = TPM_RC_SUCCESS;
   7101   VLOG(3) << __func__;
   7102 
   7103   result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer);
   7104   if (result) {
   7105     return result;
   7106   }
   7107 
   7108   result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer);
   7109   if (result) {
   7110     return result;
   7111   }
   7112 
   7113   result = Serialize_TPMA_OBJECT(value.object_attributes, buffer);
   7114   if (result) {
   7115     return result;
   7116   }
   7117 
   7118   result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer);
   7119   if (result) {
   7120     return result;
   7121   }
   7122 
   7123   result = Serialize_TPMU_PUBLIC_PARMS(value.parameters, value.type, buffer);
   7124   if (result) {
   7125     return result;
   7126   }
   7127 
   7128   result = Serialize_TPMU_PUBLIC_ID(value.unique, value.type, buffer);
   7129   if (result) {
   7130     return result;
   7131   }
   7132   return result;
   7133 }
   7134 
   7135 TPM_RC Parse_TPMT_PUBLIC(std::string* buffer,
   7136                          TPMT_PUBLIC* value,
   7137                          std::string* value_bytes) {
   7138   TPM_RC result = TPM_RC_SUCCESS;
   7139   VLOG(3) << __func__;
   7140 
   7141   result = Parse_TPMI_ALG_PUBLIC(buffer, &value->type, value_bytes);
   7142   if (result) {
   7143     return result;
   7144   }
   7145 
   7146   result = Parse_TPMI_ALG_HASH(buffer, &value->name_alg, value_bytes);
   7147   if (result) {
   7148     return result;
   7149   }
   7150 
   7151   result = Parse_TPMA_OBJECT(buffer, &value->object_attributes, value_bytes);
   7152   if (result) {
   7153     return result;
   7154   }
   7155 
   7156   result = Parse_TPM2B_DIGEST(buffer, &value->auth_policy, value_bytes);
   7157   if (result) {
   7158     return result;
   7159   }
   7160 
   7161   result = Parse_TPMU_PUBLIC_PARMS(buffer, value->type, &value->parameters,
   7162                                    value_bytes);
   7163   if (result) {
   7164     return result;
   7165   }
   7166 
   7167   result =
   7168       Parse_TPMU_PUBLIC_ID(buffer, value->type, &value->unique, value_bytes);
   7169   if (result) {
   7170     return result;
   7171   }
   7172   return result;
   7173 }
   7174 
   7175 TPM_RC Serialize_TPM2B_PUBLIC(const TPM2B_PUBLIC& value, std::string* buffer) {
   7176   TPM_RC result = TPM_RC_SUCCESS;
   7177   VLOG(3) << __func__;
   7178 
   7179   std::string field_bytes;
   7180   result = Serialize_TPMT_PUBLIC(value.public_area, &field_bytes);
   7181   if (result) {
   7182     return result;
   7183   }
   7184   std::string size_bytes;
   7185   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   7186   if (result) {
   7187     return result;
   7188   }
   7189   buffer->append(size_bytes + field_bytes);
   7190   return result;
   7191 }
   7192 
   7193 TPM_RC Parse_TPM2B_PUBLIC(std::string* buffer,
   7194                           TPM2B_PUBLIC* value,
   7195                           std::string* value_bytes) {
   7196   TPM_RC result = TPM_RC_SUCCESS;
   7197   VLOG(3) << __func__;
   7198 
   7199   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7200   if (result) {
   7201     return result;
   7202   }
   7203 
   7204   result = Parse_TPMT_PUBLIC(buffer, &value->public_area, value_bytes);
   7205   if (result) {
   7206     return result;
   7207   }
   7208   return result;
   7209 }
   7210 
   7211 TPM2B_PUBLIC Make_TPM2B_PUBLIC(const TPMT_PUBLIC& inner) {
   7212   TPM2B_PUBLIC tpm2b;
   7213   tpm2b.size = sizeof(TPMT_PUBLIC);
   7214   tpm2b.public_area = inner;
   7215   return tpm2b;
   7216 }
   7217 
   7218 TPM_RC Serialize_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   7219     const TPM2B_PRIVATE_VENDOR_SPECIFIC& value,
   7220     std::string* buffer) {
   7221   TPM_RC result = TPM_RC_SUCCESS;
   7222   VLOG(3) << __func__;
   7223 
   7224   result = Serialize_UINT16(value.size, buffer);
   7225   if (result) {
   7226     return result;
   7227   }
   7228 
   7229   if (arraysize(value.buffer) < value.size) {
   7230     return TPM_RC_INSUFFICIENT;
   7231   }
   7232   for (uint32_t i = 0; i < value.size; ++i) {
   7233     result = Serialize_BYTE(value.buffer[i], buffer);
   7234     if (result) {
   7235       return result;
   7236     }
   7237   }
   7238   return result;
   7239 }
   7240 
   7241 TPM_RC Parse_TPM2B_PRIVATE_VENDOR_SPECIFIC(std::string* buffer,
   7242                                            TPM2B_PRIVATE_VENDOR_SPECIFIC* value,
   7243                                            std::string* value_bytes) {
   7244   TPM_RC result = TPM_RC_SUCCESS;
   7245   VLOG(3) << __func__;
   7246 
   7247   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7248   if (result) {
   7249     return result;
   7250   }
   7251 
   7252   if (arraysize(value->buffer) < value->size) {
   7253     return TPM_RC_INSUFFICIENT;
   7254   }
   7255   for (uint32_t i = 0; i < value->size; ++i) {
   7256     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   7257     if (result) {
   7258       return result;
   7259     }
   7260   }
   7261   return result;
   7262 }
   7263 
   7264 TPM2B_PRIVATE_VENDOR_SPECIFIC Make_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   7265     const std::string& bytes) {
   7266   TPM2B_PRIVATE_VENDOR_SPECIFIC tpm2b;
   7267   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   7268   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_VENDOR_SPECIFIC));
   7269   tpm2b.size = bytes.size();
   7270   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   7271   return tpm2b;
   7272 }
   7273 
   7274 std::string StringFrom_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   7275     const TPM2B_PRIVATE_VENDOR_SPECIFIC& tpm2b) {
   7276   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   7277   return std::string(char_buffer, tpm2b.size);
   7278 }
   7279 
   7280 TPM_RC Serialize_TPMU_SENSITIVE_COMPOSITE(const TPMU_SENSITIVE_COMPOSITE& value,
   7281                                           TPMI_ALG_PUBLIC selector,
   7282                                           std::string* buffer) {
   7283   TPM_RC result = TPM_RC_SUCCESS;
   7284   VLOG(3) << __func__;
   7285 
   7286   if (selector == TPM_ALG_KEYEDHASH) {
   7287     result = Serialize_TPM2B_SENSITIVE_DATA(value.bits, buffer);
   7288     if (result) {
   7289       return result;
   7290     }
   7291   }
   7292 
   7293   if (selector == TPM_ALG_RSA) {
   7294     result = Serialize_TPM2B_PRIVATE_KEY_RSA(value.rsa, buffer);
   7295     if (result) {
   7296       return result;
   7297     }
   7298   }
   7299 
   7300   if (selector == TPM_ALG_SYMCIPHER) {
   7301     result = Serialize_TPM2B_SYM_KEY(value.sym, buffer);
   7302     if (result) {
   7303       return result;
   7304     }
   7305   }
   7306 
   7307   if (selector == TPM_ALG_ECC) {
   7308     result = Serialize_TPM2B_ECC_PARAMETER(value.ecc, buffer);
   7309     if (result) {
   7310       return result;
   7311     }
   7312   }
   7313   return result;
   7314 }
   7315 
   7316 TPM_RC Parse_TPMU_SENSITIVE_COMPOSITE(std::string* buffer,
   7317                                       TPMI_ALG_PUBLIC selector,
   7318                                       TPMU_SENSITIVE_COMPOSITE* value,
   7319                                       std::string* value_bytes) {
   7320   TPM_RC result = TPM_RC_SUCCESS;
   7321   VLOG(3) << __func__;
   7322 
   7323   if (selector == TPM_ALG_KEYEDHASH) {
   7324     result = Parse_TPM2B_SENSITIVE_DATA(buffer, &value->bits, value_bytes);
   7325     if (result) {
   7326       return result;
   7327     }
   7328   }
   7329 
   7330   if (selector == TPM_ALG_RSA) {
   7331     result = Parse_TPM2B_PRIVATE_KEY_RSA(buffer, &value->rsa, value_bytes);
   7332     if (result) {
   7333       return result;
   7334     }
   7335   }
   7336 
   7337   if (selector == TPM_ALG_SYMCIPHER) {
   7338     result = Parse_TPM2B_SYM_KEY(buffer, &value->sym, value_bytes);
   7339     if (result) {
   7340       return result;
   7341     }
   7342   }
   7343 
   7344   if (selector == TPM_ALG_ECC) {
   7345     result = Parse_TPM2B_ECC_PARAMETER(buffer, &value->ecc, value_bytes);
   7346     if (result) {
   7347       return result;
   7348     }
   7349   }
   7350   return result;
   7351 }
   7352 
   7353 TPM_RC Serialize_TPMT_SENSITIVE(const TPMT_SENSITIVE& value,
   7354                                 std::string* buffer) {
   7355   TPM_RC result = TPM_RC_SUCCESS;
   7356   VLOG(3) << __func__;
   7357 
   7358   result = Serialize_TPMI_ALG_PUBLIC(value.sensitive_type, buffer);
   7359   if (result) {
   7360     return result;
   7361   }
   7362 
   7363   result = Serialize_TPM2B_AUTH(value.auth_value, buffer);
   7364   if (result) {
   7365     return result;
   7366   }
   7367 
   7368   result = Serialize_TPM2B_DIGEST(value.seed_value, buffer);
   7369   if (result) {
   7370     return result;
   7371   }
   7372 
   7373   result = Serialize_TPMU_SENSITIVE_COMPOSITE(value.sensitive,
   7374                                               value.sensitive_type, buffer);
   7375   if (result) {
   7376     return result;
   7377   }
   7378   return result;
   7379 }
   7380 
   7381 TPM_RC Parse_TPMT_SENSITIVE(std::string* buffer,
   7382                             TPMT_SENSITIVE* value,
   7383                             std::string* value_bytes) {
   7384   TPM_RC result = TPM_RC_SUCCESS;
   7385   VLOG(3) << __func__;
   7386 
   7387   result = Parse_TPMI_ALG_PUBLIC(buffer, &value->sensitive_type, value_bytes);
   7388   if (result) {
   7389     return result;
   7390   }
   7391 
   7392   result = Parse_TPM2B_AUTH(buffer, &value->auth_value, value_bytes);
   7393   if (result) {
   7394     return result;
   7395   }
   7396 
   7397   result = Parse_TPM2B_DIGEST(buffer, &value->seed_value, value_bytes);
   7398   if (result) {
   7399     return result;
   7400   }
   7401 
   7402   result = Parse_TPMU_SENSITIVE_COMPOSITE(buffer, value->sensitive_type,
   7403                                           &value->sensitive, value_bytes);
   7404   if (result) {
   7405     return result;
   7406   }
   7407   return result;
   7408 }
   7409 
   7410 TPM_RC Serialize_TPM2B_SENSITIVE(const TPM2B_SENSITIVE& value,
   7411                                  std::string* buffer) {
   7412   TPM_RC result = TPM_RC_SUCCESS;
   7413   VLOG(3) << __func__;
   7414 
   7415   std::string field_bytes;
   7416   result = Serialize_TPMT_SENSITIVE(value.sensitive_area, &field_bytes);
   7417   if (result) {
   7418     return result;
   7419   }
   7420   std::string size_bytes;
   7421   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   7422   if (result) {
   7423     return result;
   7424   }
   7425   buffer->append(size_bytes + field_bytes);
   7426   return result;
   7427 }
   7428 
   7429 TPM_RC Parse_TPM2B_SENSITIVE(std::string* buffer,
   7430                              TPM2B_SENSITIVE* value,
   7431                              std::string* value_bytes) {
   7432   TPM_RC result = TPM_RC_SUCCESS;
   7433   VLOG(3) << __func__;
   7434 
   7435   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7436   if (result) {
   7437     return result;
   7438   }
   7439 
   7440   result = Parse_TPMT_SENSITIVE(buffer, &value->sensitive_area, value_bytes);
   7441   if (result) {
   7442     return result;
   7443   }
   7444   return result;
   7445 }
   7446 
   7447 TPM2B_SENSITIVE Make_TPM2B_SENSITIVE(const TPMT_SENSITIVE& inner) {
   7448   TPM2B_SENSITIVE tpm2b;
   7449   tpm2b.size = sizeof(TPMT_SENSITIVE);
   7450   tpm2b.sensitive_area = inner;
   7451   return tpm2b;
   7452 }
   7453 
   7454 TPM_RC Serialize__PRIVATE(const _PRIVATE& value, std::string* buffer) {
   7455   TPM_RC result = TPM_RC_SUCCESS;
   7456   VLOG(3) << __func__;
   7457 
   7458   result = Serialize_TPM2B_DIGEST(value.integrity_outer, buffer);
   7459   if (result) {
   7460     return result;
   7461   }
   7462 
   7463   result = Serialize_TPM2B_DIGEST(value.integrity_inner, buffer);
   7464   if (result) {
   7465     return result;
   7466   }
   7467 
   7468   result = Serialize_TPMT_SENSITIVE(value.sensitive, buffer);
   7469   if (result) {
   7470     return result;
   7471   }
   7472   return result;
   7473 }
   7474 
   7475 TPM_RC Parse__PRIVATE(std::string* buffer,
   7476                       _PRIVATE* value,
   7477                       std::string* value_bytes) {
   7478   TPM_RC result = TPM_RC_SUCCESS;
   7479   VLOG(3) << __func__;
   7480 
   7481   result = Parse_TPM2B_DIGEST(buffer, &value->integrity_outer, value_bytes);
   7482   if (result) {
   7483     return result;
   7484   }
   7485 
   7486   result = Parse_TPM2B_DIGEST(buffer, &value->integrity_inner, value_bytes);
   7487   if (result) {
   7488     return result;
   7489   }
   7490 
   7491   result = Parse_TPMT_SENSITIVE(buffer, &value->sensitive, value_bytes);
   7492   if (result) {
   7493     return result;
   7494   }
   7495   return result;
   7496 }
   7497 
   7498 TPM_RC Serialize_TPM2B_PRIVATE(const TPM2B_PRIVATE& value,
   7499                                std::string* buffer) {
   7500   TPM_RC result = TPM_RC_SUCCESS;
   7501   VLOG(3) << __func__;
   7502 
   7503   result = Serialize_UINT16(value.size, buffer);
   7504   if (result) {
   7505     return result;
   7506   }
   7507 
   7508   if (arraysize(value.buffer) < value.size) {
   7509     return TPM_RC_INSUFFICIENT;
   7510   }
   7511   for (uint32_t i = 0; i < value.size; ++i) {
   7512     result = Serialize_BYTE(value.buffer[i], buffer);
   7513     if (result) {
   7514       return result;
   7515     }
   7516   }
   7517   return result;
   7518 }
   7519 
   7520 TPM_RC Parse_TPM2B_PRIVATE(std::string* buffer,
   7521                            TPM2B_PRIVATE* value,
   7522                            std::string* value_bytes) {
   7523   TPM_RC result = TPM_RC_SUCCESS;
   7524   VLOG(3) << __func__;
   7525 
   7526   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7527   if (result) {
   7528     return result;
   7529   }
   7530 
   7531   if (arraysize(value->buffer) < value->size) {
   7532     return TPM_RC_INSUFFICIENT;
   7533   }
   7534   for (uint32_t i = 0; i < value->size; ++i) {
   7535     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   7536     if (result) {
   7537       return result;
   7538     }
   7539   }
   7540   return result;
   7541 }
   7542 
   7543 TPM2B_PRIVATE Make_TPM2B_PRIVATE(const std::string& bytes) {
   7544   TPM2B_PRIVATE tpm2b;
   7545   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   7546   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE));
   7547   tpm2b.size = bytes.size();
   7548   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   7549   return tpm2b;
   7550 }
   7551 
   7552 std::string StringFrom_TPM2B_PRIVATE(const TPM2B_PRIVATE& tpm2b) {
   7553   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   7554   return std::string(char_buffer, tpm2b.size);
   7555 }
   7556 
   7557 TPM_RC Serialize__ID_OBJECT(const _ID_OBJECT& value, std::string* buffer) {
   7558   TPM_RC result = TPM_RC_SUCCESS;
   7559   VLOG(3) << __func__;
   7560 
   7561   result = Serialize_TPM2B_DIGEST(value.integrity_hmac, buffer);
   7562   if (result) {
   7563     return result;
   7564   }
   7565 
   7566   result = Serialize_TPM2B_DIGEST(value.enc_identity, buffer);
   7567   if (result) {
   7568     return result;
   7569   }
   7570   return result;
   7571 }
   7572 
   7573 TPM_RC Parse__ID_OBJECT(std::string* buffer,
   7574                         _ID_OBJECT* value,
   7575                         std::string* value_bytes) {
   7576   TPM_RC result = TPM_RC_SUCCESS;
   7577   VLOG(3) << __func__;
   7578 
   7579   result = Parse_TPM2B_DIGEST(buffer, &value->integrity_hmac, value_bytes);
   7580   if (result) {
   7581     return result;
   7582   }
   7583 
   7584   result = Parse_TPM2B_DIGEST(buffer, &value->enc_identity, value_bytes);
   7585   if (result) {
   7586     return result;
   7587   }
   7588   return result;
   7589 }
   7590 
   7591 TPM_RC Serialize_TPM2B_ID_OBJECT(const TPM2B_ID_OBJECT& value,
   7592                                  std::string* buffer) {
   7593   TPM_RC result = TPM_RC_SUCCESS;
   7594   VLOG(3) << __func__;
   7595 
   7596   result = Serialize_UINT16(value.size, buffer);
   7597   if (result) {
   7598     return result;
   7599   }
   7600 
   7601   if (arraysize(value.credential) < value.size) {
   7602     return TPM_RC_INSUFFICIENT;
   7603   }
   7604   for (uint32_t i = 0; i < value.size; ++i) {
   7605     result = Serialize_BYTE(value.credential[i], buffer);
   7606     if (result) {
   7607       return result;
   7608     }
   7609   }
   7610   return result;
   7611 }
   7612 
   7613 TPM_RC Parse_TPM2B_ID_OBJECT(std::string* buffer,
   7614                              TPM2B_ID_OBJECT* value,
   7615                              std::string* value_bytes) {
   7616   TPM_RC result = TPM_RC_SUCCESS;
   7617   VLOG(3) << __func__;
   7618 
   7619   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7620   if (result) {
   7621     return result;
   7622   }
   7623 
   7624   if (arraysize(value->credential) < value->size) {
   7625     return TPM_RC_INSUFFICIENT;
   7626   }
   7627   for (uint32_t i = 0; i < value->size; ++i) {
   7628     result = Parse_BYTE(buffer, &value->credential[i], value_bytes);
   7629     if (result) {
   7630       return result;
   7631     }
   7632   }
   7633   return result;
   7634 }
   7635 
   7636 TPM2B_ID_OBJECT Make_TPM2B_ID_OBJECT(const std::string& bytes) {
   7637   TPM2B_ID_OBJECT tpm2b;
   7638   CHECK(bytes.size() <= sizeof(tpm2b.credential));
   7639   memset(&tpm2b, 0, sizeof(TPM2B_ID_OBJECT));
   7640   tpm2b.size = bytes.size();
   7641   memcpy(tpm2b.credential, bytes.data(), bytes.size());
   7642   return tpm2b;
   7643 }
   7644 
   7645 std::string StringFrom_TPM2B_ID_OBJECT(const TPM2B_ID_OBJECT& tpm2b) {
   7646   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.credential);
   7647   return std::string(char_buffer, tpm2b.size);
   7648 }
   7649 
   7650 TPM_RC Serialize_TPMS_NV_PUBLIC(const TPMS_NV_PUBLIC& value,
   7651                                 std::string* buffer) {
   7652   TPM_RC result = TPM_RC_SUCCESS;
   7653   VLOG(3) << __func__;
   7654 
   7655   result = Serialize_TPMI_RH_NV_INDEX(value.nv_index, buffer);
   7656   if (result) {
   7657     return result;
   7658   }
   7659 
   7660   result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer);
   7661   if (result) {
   7662     return result;
   7663   }
   7664 
   7665   result = Serialize_TPMA_NV(value.attributes, buffer);
   7666   if (result) {
   7667     return result;
   7668   }
   7669 
   7670   result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer);
   7671   if (result) {
   7672     return result;
   7673   }
   7674 
   7675   result = Serialize_UINT16(value.data_size, buffer);
   7676   if (result) {
   7677     return result;
   7678   }
   7679   return result;
   7680 }
   7681 
   7682 TPM_RC Parse_TPMS_NV_PUBLIC(std::string* buffer,
   7683                             TPMS_NV_PUBLIC* value,
   7684                             std::string* value_bytes) {
   7685   TPM_RC result = TPM_RC_SUCCESS;
   7686   VLOG(3) << __func__;
   7687 
   7688   result = Parse_TPMI_RH_NV_INDEX(buffer, &value->nv_index, value_bytes);
   7689   if (result) {
   7690     return result;
   7691   }
   7692 
   7693   result = Parse_TPMI_ALG_HASH(buffer, &value->name_alg, value_bytes);
   7694   if (result) {
   7695     return result;
   7696   }
   7697 
   7698   result = Parse_TPMA_NV(buffer, &value->attributes, value_bytes);
   7699   if (result) {
   7700     return result;
   7701   }
   7702 
   7703   result = Parse_TPM2B_DIGEST(buffer, &value->auth_policy, value_bytes);
   7704   if (result) {
   7705     return result;
   7706   }
   7707 
   7708   result = Parse_UINT16(buffer, &value->data_size, value_bytes);
   7709   if (result) {
   7710     return result;
   7711   }
   7712   return result;
   7713 }
   7714 
   7715 TPM_RC Serialize_TPM2B_NV_PUBLIC(const TPM2B_NV_PUBLIC& value,
   7716                                  std::string* buffer) {
   7717   TPM_RC result = TPM_RC_SUCCESS;
   7718   VLOG(3) << __func__;
   7719 
   7720   std::string field_bytes;
   7721   result = Serialize_TPMS_NV_PUBLIC(value.nv_public, &field_bytes);
   7722   if (result) {
   7723     return result;
   7724   }
   7725   std::string size_bytes;
   7726   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   7727   if (result) {
   7728     return result;
   7729   }
   7730   buffer->append(size_bytes + field_bytes);
   7731   return result;
   7732 }
   7733 
   7734 TPM_RC Parse_TPM2B_NV_PUBLIC(std::string* buffer,
   7735                              TPM2B_NV_PUBLIC* value,
   7736                              std::string* value_bytes) {
   7737   TPM_RC result = TPM_RC_SUCCESS;
   7738   VLOG(3) << __func__;
   7739 
   7740   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7741   if (result) {
   7742     return result;
   7743   }
   7744 
   7745   result = Parse_TPMS_NV_PUBLIC(buffer, &value->nv_public, value_bytes);
   7746   if (result) {
   7747     return result;
   7748   }
   7749   return result;
   7750 }
   7751 
   7752 TPM2B_NV_PUBLIC Make_TPM2B_NV_PUBLIC(const TPMS_NV_PUBLIC& inner) {
   7753   TPM2B_NV_PUBLIC tpm2b;
   7754   tpm2b.size = sizeof(TPMS_NV_PUBLIC);
   7755   tpm2b.nv_public = inner;
   7756   return tpm2b;
   7757 }
   7758 
   7759 TPM_RC Serialize_TPM2B_CONTEXT_SENSITIVE(const TPM2B_CONTEXT_SENSITIVE& value,
   7760                                          std::string* buffer) {
   7761   TPM_RC result = TPM_RC_SUCCESS;
   7762   VLOG(3) << __func__;
   7763 
   7764   result = Serialize_UINT16(value.size, buffer);
   7765   if (result) {
   7766     return result;
   7767   }
   7768 
   7769   if (arraysize(value.buffer) < value.size) {
   7770     return TPM_RC_INSUFFICIENT;
   7771   }
   7772   for (uint32_t i = 0; i < value.size; ++i) {
   7773     result = Serialize_BYTE(value.buffer[i], buffer);
   7774     if (result) {
   7775       return result;
   7776     }
   7777   }
   7778   return result;
   7779 }
   7780 
   7781 TPM_RC Parse_TPM2B_CONTEXT_SENSITIVE(std::string* buffer,
   7782                                      TPM2B_CONTEXT_SENSITIVE* value,
   7783                                      std::string* value_bytes) {
   7784   TPM_RC result = TPM_RC_SUCCESS;
   7785   VLOG(3) << __func__;
   7786 
   7787   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7788   if (result) {
   7789     return result;
   7790   }
   7791 
   7792   if (arraysize(value->buffer) < value->size) {
   7793     return TPM_RC_INSUFFICIENT;
   7794   }
   7795   for (uint32_t i = 0; i < value->size; ++i) {
   7796     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   7797     if (result) {
   7798       return result;
   7799     }
   7800   }
   7801   return result;
   7802 }
   7803 
   7804 TPM2B_CONTEXT_SENSITIVE Make_TPM2B_CONTEXT_SENSITIVE(const std::string& bytes) {
   7805   TPM2B_CONTEXT_SENSITIVE tpm2b;
   7806   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   7807   memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_SENSITIVE));
   7808   tpm2b.size = bytes.size();
   7809   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   7810   return tpm2b;
   7811 }
   7812 
   7813 std::string StringFrom_TPM2B_CONTEXT_SENSITIVE(
   7814     const TPM2B_CONTEXT_SENSITIVE& tpm2b) {
   7815   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   7816   return std::string(char_buffer, tpm2b.size);
   7817 }
   7818 
   7819 TPM_RC Serialize_TPMS_CONTEXT_DATA(const TPMS_CONTEXT_DATA& value,
   7820                                    std::string* buffer) {
   7821   TPM_RC result = TPM_RC_SUCCESS;
   7822   VLOG(3) << __func__;
   7823 
   7824   result = Serialize_TPM2B_DIGEST(value.integrity, buffer);
   7825   if (result) {
   7826     return result;
   7827   }
   7828 
   7829   result = Serialize_TPM2B_CONTEXT_SENSITIVE(value.encrypted, buffer);
   7830   if (result) {
   7831     return result;
   7832   }
   7833   return result;
   7834 }
   7835 
   7836 TPM_RC Parse_TPMS_CONTEXT_DATA(std::string* buffer,
   7837                                TPMS_CONTEXT_DATA* value,
   7838                                std::string* value_bytes) {
   7839   TPM_RC result = TPM_RC_SUCCESS;
   7840   VLOG(3) << __func__;
   7841 
   7842   result = Parse_TPM2B_DIGEST(buffer, &value->integrity, value_bytes);
   7843   if (result) {
   7844     return result;
   7845   }
   7846 
   7847   result =
   7848       Parse_TPM2B_CONTEXT_SENSITIVE(buffer, &value->encrypted, value_bytes);
   7849   if (result) {
   7850     return result;
   7851   }
   7852   return result;
   7853 }
   7854 
   7855 TPM_RC Serialize_TPM2B_CONTEXT_DATA(const TPM2B_CONTEXT_DATA& value,
   7856                                     std::string* buffer) {
   7857   TPM_RC result = TPM_RC_SUCCESS;
   7858   VLOG(3) << __func__;
   7859 
   7860   result = Serialize_UINT16(value.size, buffer);
   7861   if (result) {
   7862     return result;
   7863   }
   7864 
   7865   if (arraysize(value.buffer) < value.size) {
   7866     return TPM_RC_INSUFFICIENT;
   7867   }
   7868   for (uint32_t i = 0; i < value.size; ++i) {
   7869     result = Serialize_BYTE(value.buffer[i], buffer);
   7870     if (result) {
   7871       return result;
   7872     }
   7873   }
   7874   return result;
   7875 }
   7876 
   7877 TPM_RC Parse_TPM2B_CONTEXT_DATA(std::string* buffer,
   7878                                 TPM2B_CONTEXT_DATA* value,
   7879                                 std::string* value_bytes) {
   7880   TPM_RC result = TPM_RC_SUCCESS;
   7881   VLOG(3) << __func__;
   7882 
   7883   result = Parse_UINT16(buffer, &value->size, value_bytes);
   7884   if (result) {
   7885     return result;
   7886   }
   7887 
   7888   if (arraysize(value->buffer) < value->size) {
   7889     return TPM_RC_INSUFFICIENT;
   7890   }
   7891   for (uint32_t i = 0; i < value->size; ++i) {
   7892     result = Parse_BYTE(buffer, &value->buffer[i], value_bytes);
   7893     if (result) {
   7894       return result;
   7895     }
   7896   }
   7897   return result;
   7898 }
   7899 
   7900 TPM2B_CONTEXT_DATA Make_TPM2B_CONTEXT_DATA(const std::string& bytes) {
   7901   TPM2B_CONTEXT_DATA tpm2b;
   7902   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   7903   memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_DATA));
   7904   tpm2b.size = bytes.size();
   7905   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   7906   return tpm2b;
   7907 }
   7908 
   7909 std::string StringFrom_TPM2B_CONTEXT_DATA(const TPM2B_CONTEXT_DATA& tpm2b) {
   7910   const char* char_buffer = reinterpret_cast<const char*>(tpm2b.buffer);
   7911   return std::string(char_buffer, tpm2b.size);
   7912 }
   7913 
   7914 TPM_RC Serialize_TPMS_CONTEXT(const TPMS_CONTEXT& value, std::string* buffer) {
   7915   TPM_RC result = TPM_RC_SUCCESS;
   7916   VLOG(3) << __func__;
   7917 
   7918   result = Serialize_UINT64(value.sequence, buffer);
   7919   if (result) {
   7920     return result;
   7921   }
   7922 
   7923   result = Serialize_TPMI_DH_CONTEXT(value.saved_handle, buffer);
   7924   if (result) {
   7925     return result;
   7926   }
   7927 
   7928   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   7929   if (result) {
   7930     return result;
   7931   }
   7932 
   7933   result = Serialize_TPM2B_CONTEXT_DATA(value.context_blob, buffer);
   7934   if (result) {
   7935     return result;
   7936   }
   7937   return result;
   7938 }
   7939 
   7940 TPM_RC Parse_TPMS_CONTEXT(std::string* buffer,
   7941                           TPMS_CONTEXT* value,
   7942                           std::string* value_bytes) {
   7943   TPM_RC result = TPM_RC_SUCCESS;
   7944   VLOG(3) << __func__;
   7945 
   7946   result = Parse_UINT64(buffer, &value->sequence, value_bytes);
   7947   if (result) {
   7948     return result;
   7949   }
   7950 
   7951   result = Parse_TPMI_DH_CONTEXT(buffer, &value->saved_handle, value_bytes);
   7952   if (result) {
   7953     return result;
   7954   }
   7955 
   7956   result = Parse_TPMI_RH_HIERARCHY(buffer, &value->hierarchy, value_bytes);
   7957   if (result) {
   7958     return result;
   7959   }
   7960 
   7961   result = Parse_TPM2B_CONTEXT_DATA(buffer, &value->context_blob, value_bytes);
   7962   if (result) {
   7963     return result;
   7964   }
   7965   return result;
   7966 }
   7967 
   7968 TPM_RC Serialize_TPMS_CREATION_DATA(const TPMS_CREATION_DATA& value,
   7969                                     std::string* buffer) {
   7970   TPM_RC result = TPM_RC_SUCCESS;
   7971   VLOG(3) << __func__;
   7972 
   7973   result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer);
   7974   if (result) {
   7975     return result;
   7976   }
   7977 
   7978   result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer);
   7979   if (result) {
   7980     return result;
   7981   }
   7982 
   7983   result = Serialize_TPMA_LOCALITY(value.locality, buffer);
   7984   if (result) {
   7985     return result;
   7986   }
   7987 
   7988   result = Serialize_TPM_ALG_ID(value.parent_name_alg, buffer);
   7989   if (result) {
   7990     return result;
   7991   }
   7992 
   7993   result = Serialize_TPM2B_NAME(value.parent_name, buffer);
   7994   if (result) {
   7995     return result;
   7996   }
   7997 
   7998   result = Serialize_TPM2B_NAME(value.parent_qualified_name, buffer);
   7999   if (result) {
   8000     return result;
   8001   }
   8002 
   8003   result = Serialize_TPM2B_DATA(value.outside_info, buffer);
   8004   if (result) {
   8005     return result;
   8006   }
   8007   return result;
   8008 }
   8009 
   8010 TPM_RC Parse_TPMS_CREATION_DATA(std::string* buffer,
   8011                                 TPMS_CREATION_DATA* value,
   8012                                 std::string* value_bytes) {
   8013   TPM_RC result = TPM_RC_SUCCESS;
   8014   VLOG(3) << __func__;
   8015 
   8016   result = Parse_TPML_PCR_SELECTION(buffer, &value->pcr_select, value_bytes);
   8017   if (result) {
   8018     return result;
   8019   }
   8020 
   8021   result = Parse_TPM2B_DIGEST(buffer, &value->pcr_digest, value_bytes);
   8022   if (result) {
   8023     return result;
   8024   }
   8025 
   8026   result = Parse_TPMA_LOCALITY(buffer, &value->locality, value_bytes);
   8027   if (result) {
   8028     return result;
   8029   }
   8030 
   8031   result = Parse_TPM_ALG_ID(buffer, &value->parent_name_alg, value_bytes);
   8032   if (result) {
   8033     return result;
   8034   }
   8035 
   8036   result = Parse_TPM2B_NAME(buffer, &value->parent_name, value_bytes);
   8037   if (result) {
   8038     return result;
   8039   }
   8040 
   8041   result = Parse_TPM2B_NAME(buffer, &value->parent_qualified_name, value_bytes);
   8042   if (result) {
   8043     return result;
   8044   }
   8045 
   8046   result = Parse_TPM2B_DATA(buffer, &value->outside_info, value_bytes);
   8047   if (result) {
   8048     return result;
   8049   }
   8050   return result;
   8051 }
   8052 
   8053 TPM_RC Serialize_TPM2B_CREATION_DATA(const TPM2B_CREATION_DATA& value,
   8054                                      std::string* buffer) {
   8055   TPM_RC result = TPM_RC_SUCCESS;
   8056   VLOG(3) << __func__;
   8057 
   8058   std::string field_bytes;
   8059   result = Serialize_TPMS_CREATION_DATA(value.creation_data, &field_bytes);
   8060   if (result) {
   8061     return result;
   8062   }
   8063   std::string size_bytes;
   8064   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   8065   if (result) {
   8066     return result;
   8067   }
   8068   buffer->append(size_bytes + field_bytes);
   8069   return result;
   8070 }
   8071 
   8072 TPM_RC Parse_TPM2B_CREATION_DATA(std::string* buffer,
   8073                                  TPM2B_CREATION_DATA* value,
   8074                                  std::string* value_bytes) {
   8075   TPM_RC result = TPM_RC_SUCCESS;
   8076   VLOG(3) << __func__;
   8077 
   8078   result = Parse_UINT16(buffer, &value->size, value_bytes);
   8079   if (result) {
   8080     return result;
   8081   }
   8082 
   8083   result = Parse_TPMS_CREATION_DATA(buffer, &value->creation_data, value_bytes);
   8084   if (result) {
   8085     return result;
   8086   }
   8087   return result;
   8088 }
   8089 
   8090 TPM2B_CREATION_DATA Make_TPM2B_CREATION_DATA(const TPMS_CREATION_DATA& inner) {
   8091   TPM2B_CREATION_DATA tpm2b;
   8092   tpm2b.size = sizeof(TPMS_CREATION_DATA);
   8093   tpm2b.creation_data = inner;
   8094   return tpm2b;
   8095 }
   8096 
   8097 TPM_RC Tpm::SerializeCommand_Startup(
   8098     const TPM_SU& startup_type,
   8099     std::string* serialized_command,
   8100     AuthorizationDelegate* authorization_delegate) {
   8101   VLOG(3) << __func__;
   8102   TPM_RC rc = TPM_RC_SUCCESS;
   8103   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   8104   UINT32 command_size = 10;  // Header size.
   8105   std::string handle_section_bytes;
   8106   std::string parameter_section_bytes;
   8107   TPM_CC command_code = TPM_CC_Startup;
   8108   bool is_command_parameter_encryption_possible = false;
   8109   bool is_response_parameter_encryption_possible = false;
   8110   std::string command_code_bytes;
   8111   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8112   if (rc != TPM_RC_SUCCESS) {
   8113     return rc;
   8114   }
   8115   std::string startup_type_bytes;
   8116   rc = Serialize_TPM_SU(startup_type, &startup_type_bytes);
   8117   if (rc != TPM_RC_SUCCESS) {
   8118     return rc;
   8119   }
   8120   std::unique_ptr<crypto::SecureHash> hash(
   8121       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8122   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8123   hash->Update(startup_type_bytes.data(), startup_type_bytes.size());
   8124   parameter_section_bytes += startup_type_bytes;
   8125   command_size += startup_type_bytes.size();
   8126   std::string command_hash(32, 0);
   8127   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   8128   std::string authorization_section_bytes;
   8129   std::string authorization_size_bytes;
   8130   if (authorization_delegate) {
   8131     if (!authorization_delegate->GetCommandAuthorization(
   8132             command_hash, is_command_parameter_encryption_possible,
   8133             is_response_parameter_encryption_possible,
   8134             &authorization_section_bytes)) {
   8135       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8136     }
   8137     if (!authorization_section_bytes.empty()) {
   8138       tag = TPM_ST_SESSIONS;
   8139       std::string tmp;
   8140       rc = Serialize_UINT32(authorization_section_bytes.size(),
   8141                             &authorization_size_bytes);
   8142       if (rc != TPM_RC_SUCCESS) {
   8143         return rc;
   8144       }
   8145       command_size +=
   8146           authorization_size_bytes.size() + authorization_section_bytes.size();
   8147     }
   8148   }
   8149   std::string tag_bytes;
   8150   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   8151   if (rc != TPM_RC_SUCCESS) {
   8152     return rc;
   8153   }
   8154   std::string command_size_bytes;
   8155   rc = Serialize_UINT32(command_size, &command_size_bytes);
   8156   if (rc != TPM_RC_SUCCESS) {
   8157     return rc;
   8158   }
   8159   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   8160                         handle_section_bytes + authorization_size_bytes +
   8161                         authorization_section_bytes + parameter_section_bytes;
   8162   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   8163   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   8164                                             serialized_command->size());
   8165   return TPM_RC_SUCCESS;
   8166 }
   8167 
   8168 TPM_RC Tpm::ParseResponse_Startup(
   8169     const std::string& response,
   8170     AuthorizationDelegate* authorization_delegate) {
   8171   VLOG(3) << __func__;
   8172   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   8173   TPM_RC rc = TPM_RC_SUCCESS;
   8174   std::string buffer(response);
   8175   TPM_ST tag;
   8176   std::string tag_bytes;
   8177   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   8178   if (rc != TPM_RC_SUCCESS) {
   8179     return rc;
   8180   }
   8181   UINT32 response_size;
   8182   std::string response_size_bytes;
   8183   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   8184   if (rc != TPM_RC_SUCCESS) {
   8185     return rc;
   8186   }
   8187   TPM_RC response_code;
   8188   std::string response_code_bytes;
   8189   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   8190   if (rc != TPM_RC_SUCCESS) {
   8191     return rc;
   8192   }
   8193   if (response_size != response.size()) {
   8194     return TPM_RC_SIZE;
   8195   }
   8196   if (response_code != TPM_RC_SUCCESS) {
   8197     return response_code;
   8198   }
   8199   TPM_CC command_code = TPM_CC_Startup;
   8200   std::string command_code_bytes;
   8201   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8202   if (rc != TPM_RC_SUCCESS) {
   8203     return rc;
   8204   }
   8205   std::string authorization_section_bytes;
   8206   if (tag == TPM_ST_SESSIONS) {
   8207     UINT32 parameter_section_size = buffer.size();
   8208     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   8209     if (rc != TPM_RC_SUCCESS) {
   8210       return rc;
   8211     }
   8212     if (parameter_section_size > buffer.size()) {
   8213       return TPM_RC_INSUFFICIENT;
   8214     }
   8215     authorization_section_bytes = buffer.substr(parameter_section_size);
   8216     // Keep the parameter section in |buffer|.
   8217     buffer.erase(parameter_section_size);
   8218   }
   8219   std::unique_ptr<crypto::SecureHash> hash(
   8220       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8221   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   8222   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8223   hash->Update(buffer.data(), buffer.size());
   8224   std::string response_hash(32, 0);
   8225   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   8226   if (tag == TPM_ST_SESSIONS) {
   8227     CHECK(authorization_delegate) << "Authorization delegate missing!";
   8228     if (!authorization_delegate->CheckResponseAuthorization(
   8229             response_hash, authorization_section_bytes)) {
   8230       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8231     }
   8232   }
   8233   return TPM_RC_SUCCESS;
   8234 }
   8235 
   8236 void StartupErrorCallback(const Tpm::StartupResponse& callback,
   8237                           TPM_RC response_code) {
   8238   VLOG(1) << __func__;
   8239   callback.Run(response_code);
   8240 }
   8241 
   8242 void StartupResponseParser(const Tpm::StartupResponse& callback,
   8243                            AuthorizationDelegate* authorization_delegate,
   8244                            const std::string& response) {
   8245   VLOG(1) << __func__;
   8246   base::Callback<void(TPM_RC)> error_reporter =
   8247       base::Bind(StartupErrorCallback, callback);
   8248   TPM_RC rc = Tpm::ParseResponse_Startup(response, authorization_delegate);
   8249   if (rc != TPM_RC_SUCCESS) {
   8250     error_reporter.Run(rc);
   8251     return;
   8252   }
   8253   callback.Run(rc);
   8254 }
   8255 
   8256 void Tpm::Startup(const TPM_SU& startup_type,
   8257                   AuthorizationDelegate* authorization_delegate,
   8258                   const StartupResponse& callback) {
   8259   VLOG(1) << __func__;
   8260   base::Callback<void(TPM_RC)> error_reporter =
   8261       base::Bind(StartupErrorCallback, callback);
   8262   base::Callback<void(const std::string&)> parser =
   8263       base::Bind(StartupResponseParser, callback, authorization_delegate);
   8264   std::string command;
   8265   TPM_RC rc =
   8266       SerializeCommand_Startup(startup_type, &command, authorization_delegate);
   8267   if (rc != TPM_RC_SUCCESS) {
   8268     error_reporter.Run(rc);
   8269     return;
   8270   }
   8271   transceiver_->SendCommand(command, parser);
   8272 }
   8273 
   8274 TPM_RC Tpm::StartupSync(const TPM_SU& startup_type,
   8275                         AuthorizationDelegate* authorization_delegate) {
   8276   VLOG(1) << __func__;
   8277   std::string command;
   8278   TPM_RC rc =
   8279       SerializeCommand_Startup(startup_type, &command, authorization_delegate);
   8280   if (rc != TPM_RC_SUCCESS) {
   8281     return rc;
   8282   }
   8283   std::string response = transceiver_->SendCommandAndWait(command);
   8284   rc = ParseResponse_Startup(response, authorization_delegate);
   8285   return rc;
   8286 }
   8287 
   8288 TPM_RC Tpm::SerializeCommand_Shutdown(
   8289     const TPM_SU& shutdown_type,
   8290     std::string* serialized_command,
   8291     AuthorizationDelegate* authorization_delegate) {
   8292   VLOG(3) << __func__;
   8293   TPM_RC rc = TPM_RC_SUCCESS;
   8294   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   8295   UINT32 command_size = 10;  // Header size.
   8296   std::string handle_section_bytes;
   8297   std::string parameter_section_bytes;
   8298   TPM_CC command_code = TPM_CC_Shutdown;
   8299   bool is_command_parameter_encryption_possible = false;
   8300   bool is_response_parameter_encryption_possible = false;
   8301   std::string command_code_bytes;
   8302   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8303   if (rc != TPM_RC_SUCCESS) {
   8304     return rc;
   8305   }
   8306   std::string shutdown_type_bytes;
   8307   rc = Serialize_TPM_SU(shutdown_type, &shutdown_type_bytes);
   8308   if (rc != TPM_RC_SUCCESS) {
   8309     return rc;
   8310   }
   8311   std::unique_ptr<crypto::SecureHash> hash(
   8312       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8313   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8314   hash->Update(shutdown_type_bytes.data(), shutdown_type_bytes.size());
   8315   parameter_section_bytes += shutdown_type_bytes;
   8316   command_size += shutdown_type_bytes.size();
   8317   std::string command_hash(32, 0);
   8318   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   8319   std::string authorization_section_bytes;
   8320   std::string authorization_size_bytes;
   8321   if (authorization_delegate) {
   8322     if (!authorization_delegate->GetCommandAuthorization(
   8323             command_hash, is_command_parameter_encryption_possible,
   8324             is_response_parameter_encryption_possible,
   8325             &authorization_section_bytes)) {
   8326       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8327     }
   8328     if (!authorization_section_bytes.empty()) {
   8329       tag = TPM_ST_SESSIONS;
   8330       std::string tmp;
   8331       rc = Serialize_UINT32(authorization_section_bytes.size(),
   8332                             &authorization_size_bytes);
   8333       if (rc != TPM_RC_SUCCESS) {
   8334         return rc;
   8335       }
   8336       command_size +=
   8337           authorization_size_bytes.size() + authorization_section_bytes.size();
   8338     }
   8339   }
   8340   std::string tag_bytes;
   8341   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   8342   if (rc != TPM_RC_SUCCESS) {
   8343     return rc;
   8344   }
   8345   std::string command_size_bytes;
   8346   rc = Serialize_UINT32(command_size, &command_size_bytes);
   8347   if (rc != TPM_RC_SUCCESS) {
   8348     return rc;
   8349   }
   8350   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   8351                         handle_section_bytes + authorization_size_bytes +
   8352                         authorization_section_bytes + parameter_section_bytes;
   8353   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   8354   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   8355                                             serialized_command->size());
   8356   return TPM_RC_SUCCESS;
   8357 }
   8358 
   8359 TPM_RC Tpm::ParseResponse_Shutdown(
   8360     const std::string& response,
   8361     AuthorizationDelegate* authorization_delegate) {
   8362   VLOG(3) << __func__;
   8363   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   8364   TPM_RC rc = TPM_RC_SUCCESS;
   8365   std::string buffer(response);
   8366   TPM_ST tag;
   8367   std::string tag_bytes;
   8368   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   8369   if (rc != TPM_RC_SUCCESS) {
   8370     return rc;
   8371   }
   8372   UINT32 response_size;
   8373   std::string response_size_bytes;
   8374   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   8375   if (rc != TPM_RC_SUCCESS) {
   8376     return rc;
   8377   }
   8378   TPM_RC response_code;
   8379   std::string response_code_bytes;
   8380   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   8381   if (rc != TPM_RC_SUCCESS) {
   8382     return rc;
   8383   }
   8384   if (response_size != response.size()) {
   8385     return TPM_RC_SIZE;
   8386   }
   8387   if (response_code != TPM_RC_SUCCESS) {
   8388     return response_code;
   8389   }
   8390   TPM_CC command_code = TPM_CC_Shutdown;
   8391   std::string command_code_bytes;
   8392   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8393   if (rc != TPM_RC_SUCCESS) {
   8394     return rc;
   8395   }
   8396   std::string authorization_section_bytes;
   8397   if (tag == TPM_ST_SESSIONS) {
   8398     UINT32 parameter_section_size = buffer.size();
   8399     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   8400     if (rc != TPM_RC_SUCCESS) {
   8401       return rc;
   8402     }
   8403     if (parameter_section_size > buffer.size()) {
   8404       return TPM_RC_INSUFFICIENT;
   8405     }
   8406     authorization_section_bytes = buffer.substr(parameter_section_size);
   8407     // Keep the parameter section in |buffer|.
   8408     buffer.erase(parameter_section_size);
   8409   }
   8410   std::unique_ptr<crypto::SecureHash> hash(
   8411       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8412   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   8413   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8414   hash->Update(buffer.data(), buffer.size());
   8415   std::string response_hash(32, 0);
   8416   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   8417   if (tag == TPM_ST_SESSIONS) {
   8418     CHECK(authorization_delegate) << "Authorization delegate missing!";
   8419     if (!authorization_delegate->CheckResponseAuthorization(
   8420             response_hash, authorization_section_bytes)) {
   8421       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8422     }
   8423   }
   8424   return TPM_RC_SUCCESS;
   8425 }
   8426 
   8427 void ShutdownErrorCallback(const Tpm::ShutdownResponse& callback,
   8428                            TPM_RC response_code) {
   8429   VLOG(1) << __func__;
   8430   callback.Run(response_code);
   8431 }
   8432 
   8433 void ShutdownResponseParser(const Tpm::ShutdownResponse& callback,
   8434                             AuthorizationDelegate* authorization_delegate,
   8435                             const std::string& response) {
   8436   VLOG(1) << __func__;
   8437   base::Callback<void(TPM_RC)> error_reporter =
   8438       base::Bind(ShutdownErrorCallback, callback);
   8439   TPM_RC rc = Tpm::ParseResponse_Shutdown(response, authorization_delegate);
   8440   if (rc != TPM_RC_SUCCESS) {
   8441     error_reporter.Run(rc);
   8442     return;
   8443   }
   8444   callback.Run(rc);
   8445 }
   8446 
   8447 void Tpm::Shutdown(const TPM_SU& shutdown_type,
   8448                    AuthorizationDelegate* authorization_delegate,
   8449                    const ShutdownResponse& callback) {
   8450   VLOG(1) << __func__;
   8451   base::Callback<void(TPM_RC)> error_reporter =
   8452       base::Bind(ShutdownErrorCallback, callback);
   8453   base::Callback<void(const std::string&)> parser =
   8454       base::Bind(ShutdownResponseParser, callback, authorization_delegate);
   8455   std::string command;
   8456   TPM_RC rc = SerializeCommand_Shutdown(shutdown_type, &command,
   8457                                         authorization_delegate);
   8458   if (rc != TPM_RC_SUCCESS) {
   8459     error_reporter.Run(rc);
   8460     return;
   8461   }
   8462   transceiver_->SendCommand(command, parser);
   8463 }
   8464 
   8465 TPM_RC Tpm::ShutdownSync(const TPM_SU& shutdown_type,
   8466                          AuthorizationDelegate* authorization_delegate) {
   8467   VLOG(1) << __func__;
   8468   std::string command;
   8469   TPM_RC rc = SerializeCommand_Shutdown(shutdown_type, &command,
   8470                                         authorization_delegate);
   8471   if (rc != TPM_RC_SUCCESS) {
   8472     return rc;
   8473   }
   8474   std::string response = transceiver_->SendCommandAndWait(command);
   8475   rc = ParseResponse_Shutdown(response, authorization_delegate);
   8476   return rc;
   8477 }
   8478 
   8479 TPM_RC Tpm::SerializeCommand_SelfTest(
   8480     const TPMI_YES_NO& full_test,
   8481     std::string* serialized_command,
   8482     AuthorizationDelegate* authorization_delegate) {
   8483   VLOG(3) << __func__;
   8484   TPM_RC rc = TPM_RC_SUCCESS;
   8485   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   8486   UINT32 command_size = 10;  // Header size.
   8487   std::string handle_section_bytes;
   8488   std::string parameter_section_bytes;
   8489   TPM_CC command_code = TPM_CC_SelfTest;
   8490   bool is_command_parameter_encryption_possible = false;
   8491   bool is_response_parameter_encryption_possible = false;
   8492   std::string command_code_bytes;
   8493   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8494   if (rc != TPM_RC_SUCCESS) {
   8495     return rc;
   8496   }
   8497   std::string full_test_bytes;
   8498   rc = Serialize_TPMI_YES_NO(full_test, &full_test_bytes);
   8499   if (rc != TPM_RC_SUCCESS) {
   8500     return rc;
   8501   }
   8502   std::unique_ptr<crypto::SecureHash> hash(
   8503       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8504   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8505   hash->Update(full_test_bytes.data(), full_test_bytes.size());
   8506   parameter_section_bytes += full_test_bytes;
   8507   command_size += full_test_bytes.size();
   8508   std::string command_hash(32, 0);
   8509   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   8510   std::string authorization_section_bytes;
   8511   std::string authorization_size_bytes;
   8512   if (authorization_delegate) {
   8513     if (!authorization_delegate->GetCommandAuthorization(
   8514             command_hash, is_command_parameter_encryption_possible,
   8515             is_response_parameter_encryption_possible,
   8516             &authorization_section_bytes)) {
   8517       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8518     }
   8519     if (!authorization_section_bytes.empty()) {
   8520       tag = TPM_ST_SESSIONS;
   8521       std::string tmp;
   8522       rc = Serialize_UINT32(authorization_section_bytes.size(),
   8523                             &authorization_size_bytes);
   8524       if (rc != TPM_RC_SUCCESS) {
   8525         return rc;
   8526       }
   8527       command_size +=
   8528           authorization_size_bytes.size() + authorization_section_bytes.size();
   8529     }
   8530   }
   8531   std::string tag_bytes;
   8532   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   8533   if (rc != TPM_RC_SUCCESS) {
   8534     return rc;
   8535   }
   8536   std::string command_size_bytes;
   8537   rc = Serialize_UINT32(command_size, &command_size_bytes);
   8538   if (rc != TPM_RC_SUCCESS) {
   8539     return rc;
   8540   }
   8541   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   8542                         handle_section_bytes + authorization_size_bytes +
   8543                         authorization_section_bytes + parameter_section_bytes;
   8544   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   8545   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   8546                                             serialized_command->size());
   8547   return TPM_RC_SUCCESS;
   8548 }
   8549 
   8550 TPM_RC Tpm::ParseResponse_SelfTest(
   8551     const std::string& response,
   8552     AuthorizationDelegate* authorization_delegate) {
   8553   VLOG(3) << __func__;
   8554   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   8555   TPM_RC rc = TPM_RC_SUCCESS;
   8556   std::string buffer(response);
   8557   TPM_ST tag;
   8558   std::string tag_bytes;
   8559   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   8560   if (rc != TPM_RC_SUCCESS) {
   8561     return rc;
   8562   }
   8563   UINT32 response_size;
   8564   std::string response_size_bytes;
   8565   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   8566   if (rc != TPM_RC_SUCCESS) {
   8567     return rc;
   8568   }
   8569   TPM_RC response_code;
   8570   std::string response_code_bytes;
   8571   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   8572   if (rc != TPM_RC_SUCCESS) {
   8573     return rc;
   8574   }
   8575   if (response_size != response.size()) {
   8576     return TPM_RC_SIZE;
   8577   }
   8578   if (response_code != TPM_RC_SUCCESS) {
   8579     return response_code;
   8580   }
   8581   TPM_CC command_code = TPM_CC_SelfTest;
   8582   std::string command_code_bytes;
   8583   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8584   if (rc != TPM_RC_SUCCESS) {
   8585     return rc;
   8586   }
   8587   std::string authorization_section_bytes;
   8588   if (tag == TPM_ST_SESSIONS) {
   8589     UINT32 parameter_section_size = buffer.size();
   8590     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   8591     if (rc != TPM_RC_SUCCESS) {
   8592       return rc;
   8593     }
   8594     if (parameter_section_size > buffer.size()) {
   8595       return TPM_RC_INSUFFICIENT;
   8596     }
   8597     authorization_section_bytes = buffer.substr(parameter_section_size);
   8598     // Keep the parameter section in |buffer|.
   8599     buffer.erase(parameter_section_size);
   8600   }
   8601   std::unique_ptr<crypto::SecureHash> hash(
   8602       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8603   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   8604   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8605   hash->Update(buffer.data(), buffer.size());
   8606   std::string response_hash(32, 0);
   8607   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   8608   if (tag == TPM_ST_SESSIONS) {
   8609     CHECK(authorization_delegate) << "Authorization delegate missing!";
   8610     if (!authorization_delegate->CheckResponseAuthorization(
   8611             response_hash, authorization_section_bytes)) {
   8612       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8613     }
   8614   }
   8615   return TPM_RC_SUCCESS;
   8616 }
   8617 
   8618 void SelfTestErrorCallback(const Tpm::SelfTestResponse& callback,
   8619                            TPM_RC response_code) {
   8620   VLOG(1) << __func__;
   8621   callback.Run(response_code);
   8622 }
   8623 
   8624 void SelfTestResponseParser(const Tpm::SelfTestResponse& callback,
   8625                             AuthorizationDelegate* authorization_delegate,
   8626                             const std::string& response) {
   8627   VLOG(1) << __func__;
   8628   base::Callback<void(TPM_RC)> error_reporter =
   8629       base::Bind(SelfTestErrorCallback, callback);
   8630   TPM_RC rc = Tpm::ParseResponse_SelfTest(response, authorization_delegate);
   8631   if (rc != TPM_RC_SUCCESS) {
   8632     error_reporter.Run(rc);
   8633     return;
   8634   }
   8635   callback.Run(rc);
   8636 }
   8637 
   8638 void Tpm::SelfTest(const TPMI_YES_NO& full_test,
   8639                    AuthorizationDelegate* authorization_delegate,
   8640                    const SelfTestResponse& callback) {
   8641   VLOG(1) << __func__;
   8642   base::Callback<void(TPM_RC)> error_reporter =
   8643       base::Bind(SelfTestErrorCallback, callback);
   8644   base::Callback<void(const std::string&)> parser =
   8645       base::Bind(SelfTestResponseParser, callback, authorization_delegate);
   8646   std::string command;
   8647   TPM_RC rc =
   8648       SerializeCommand_SelfTest(full_test, &command, authorization_delegate);
   8649   if (rc != TPM_RC_SUCCESS) {
   8650     error_reporter.Run(rc);
   8651     return;
   8652   }
   8653   transceiver_->SendCommand(command, parser);
   8654 }
   8655 
   8656 TPM_RC Tpm::SelfTestSync(const TPMI_YES_NO& full_test,
   8657                          AuthorizationDelegate* authorization_delegate) {
   8658   VLOG(1) << __func__;
   8659   std::string command;
   8660   TPM_RC rc =
   8661       SerializeCommand_SelfTest(full_test, &command, authorization_delegate);
   8662   if (rc != TPM_RC_SUCCESS) {
   8663     return rc;
   8664   }
   8665   std::string response = transceiver_->SendCommandAndWait(command);
   8666   rc = ParseResponse_SelfTest(response, authorization_delegate);
   8667   return rc;
   8668 }
   8669 
   8670 TPM_RC Tpm::SerializeCommand_IncrementalSelfTest(
   8671     const TPML_ALG& to_test,
   8672     std::string* serialized_command,
   8673     AuthorizationDelegate* authorization_delegate) {
   8674   VLOG(3) << __func__;
   8675   TPM_RC rc = TPM_RC_SUCCESS;
   8676   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   8677   UINT32 command_size = 10;  // Header size.
   8678   std::string handle_section_bytes;
   8679   std::string parameter_section_bytes;
   8680   TPM_CC command_code = TPM_CC_IncrementalSelfTest;
   8681   bool is_command_parameter_encryption_possible = false;
   8682   bool is_response_parameter_encryption_possible = false;
   8683   std::string command_code_bytes;
   8684   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8685   if (rc != TPM_RC_SUCCESS) {
   8686     return rc;
   8687   }
   8688   std::string to_test_bytes;
   8689   rc = Serialize_TPML_ALG(to_test, &to_test_bytes);
   8690   if (rc != TPM_RC_SUCCESS) {
   8691     return rc;
   8692   }
   8693   std::unique_ptr<crypto::SecureHash> hash(
   8694       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8695   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8696   hash->Update(to_test_bytes.data(), to_test_bytes.size());
   8697   parameter_section_bytes += to_test_bytes;
   8698   command_size += to_test_bytes.size();
   8699   std::string command_hash(32, 0);
   8700   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   8701   std::string authorization_section_bytes;
   8702   std::string authorization_size_bytes;
   8703   if (authorization_delegate) {
   8704     if (!authorization_delegate->GetCommandAuthorization(
   8705             command_hash, is_command_parameter_encryption_possible,
   8706             is_response_parameter_encryption_possible,
   8707             &authorization_section_bytes)) {
   8708       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8709     }
   8710     if (!authorization_section_bytes.empty()) {
   8711       tag = TPM_ST_SESSIONS;
   8712       std::string tmp;
   8713       rc = Serialize_UINT32(authorization_section_bytes.size(),
   8714                             &authorization_size_bytes);
   8715       if (rc != TPM_RC_SUCCESS) {
   8716         return rc;
   8717       }
   8718       command_size +=
   8719           authorization_size_bytes.size() + authorization_section_bytes.size();
   8720     }
   8721   }
   8722   std::string tag_bytes;
   8723   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   8724   if (rc != TPM_RC_SUCCESS) {
   8725     return rc;
   8726   }
   8727   std::string command_size_bytes;
   8728   rc = Serialize_UINT32(command_size, &command_size_bytes);
   8729   if (rc != TPM_RC_SUCCESS) {
   8730     return rc;
   8731   }
   8732   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   8733                         handle_section_bytes + authorization_size_bytes +
   8734                         authorization_section_bytes + parameter_section_bytes;
   8735   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   8736   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   8737                                             serialized_command->size());
   8738   return TPM_RC_SUCCESS;
   8739 }
   8740 
   8741 TPM_RC Tpm::ParseResponse_IncrementalSelfTest(
   8742     const std::string& response,
   8743     TPML_ALG* to_do_list,
   8744     AuthorizationDelegate* authorization_delegate) {
   8745   VLOG(3) << __func__;
   8746   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   8747   TPM_RC rc = TPM_RC_SUCCESS;
   8748   std::string buffer(response);
   8749   TPM_ST tag;
   8750   std::string tag_bytes;
   8751   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   8752   if (rc != TPM_RC_SUCCESS) {
   8753     return rc;
   8754   }
   8755   UINT32 response_size;
   8756   std::string response_size_bytes;
   8757   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   8758   if (rc != TPM_RC_SUCCESS) {
   8759     return rc;
   8760   }
   8761   TPM_RC response_code;
   8762   std::string response_code_bytes;
   8763   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   8764   if (rc != TPM_RC_SUCCESS) {
   8765     return rc;
   8766   }
   8767   if (response_size != response.size()) {
   8768     return TPM_RC_SIZE;
   8769   }
   8770   if (response_code != TPM_RC_SUCCESS) {
   8771     return response_code;
   8772   }
   8773   TPM_CC command_code = TPM_CC_IncrementalSelfTest;
   8774   std::string command_code_bytes;
   8775   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8776   if (rc != TPM_RC_SUCCESS) {
   8777     return rc;
   8778   }
   8779   std::string authorization_section_bytes;
   8780   if (tag == TPM_ST_SESSIONS) {
   8781     UINT32 parameter_section_size = buffer.size();
   8782     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   8783     if (rc != TPM_RC_SUCCESS) {
   8784       return rc;
   8785     }
   8786     if (parameter_section_size > buffer.size()) {
   8787       return TPM_RC_INSUFFICIENT;
   8788     }
   8789     authorization_section_bytes = buffer.substr(parameter_section_size);
   8790     // Keep the parameter section in |buffer|.
   8791     buffer.erase(parameter_section_size);
   8792   }
   8793   std::unique_ptr<crypto::SecureHash> hash(
   8794       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8795   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   8796   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8797   hash->Update(buffer.data(), buffer.size());
   8798   std::string response_hash(32, 0);
   8799   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   8800   if (tag == TPM_ST_SESSIONS) {
   8801     CHECK(authorization_delegate) << "Authorization delegate missing!";
   8802     if (!authorization_delegate->CheckResponseAuthorization(
   8803             response_hash, authorization_section_bytes)) {
   8804       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8805     }
   8806   }
   8807   std::string to_do_list_bytes;
   8808   rc = Parse_TPML_ALG(&buffer, to_do_list, &to_do_list_bytes);
   8809   if (rc != TPM_RC_SUCCESS) {
   8810     return rc;
   8811   }
   8812   return TPM_RC_SUCCESS;
   8813 }
   8814 
   8815 void IncrementalSelfTestErrorCallback(
   8816     const Tpm::IncrementalSelfTestResponse& callback,
   8817     TPM_RC response_code) {
   8818   VLOG(1) << __func__;
   8819   callback.Run(response_code, TPML_ALG());
   8820 }
   8821 
   8822 void IncrementalSelfTestResponseParser(
   8823     const Tpm::IncrementalSelfTestResponse& callback,
   8824     AuthorizationDelegate* authorization_delegate,
   8825     const std::string& response) {
   8826   VLOG(1) << __func__;
   8827   base::Callback<void(TPM_RC)> error_reporter =
   8828       base::Bind(IncrementalSelfTestErrorCallback, callback);
   8829   TPML_ALG to_do_list;
   8830   TPM_RC rc = Tpm::ParseResponse_IncrementalSelfTest(response, &to_do_list,
   8831                                                      authorization_delegate);
   8832   if (rc != TPM_RC_SUCCESS) {
   8833     error_reporter.Run(rc);
   8834     return;
   8835   }
   8836   callback.Run(rc, to_do_list);
   8837 }
   8838 
   8839 void Tpm::IncrementalSelfTest(const TPML_ALG& to_test,
   8840                               AuthorizationDelegate* authorization_delegate,
   8841                               const IncrementalSelfTestResponse& callback) {
   8842   VLOG(1) << __func__;
   8843   base::Callback<void(TPM_RC)> error_reporter =
   8844       base::Bind(IncrementalSelfTestErrorCallback, callback);
   8845   base::Callback<void(const std::string&)> parser = base::Bind(
   8846       IncrementalSelfTestResponseParser, callback, authorization_delegate);
   8847   std::string command;
   8848   TPM_RC rc = SerializeCommand_IncrementalSelfTest(to_test, &command,
   8849                                                    authorization_delegate);
   8850   if (rc != TPM_RC_SUCCESS) {
   8851     error_reporter.Run(rc);
   8852     return;
   8853   }
   8854   transceiver_->SendCommand(command, parser);
   8855 }
   8856 
   8857 TPM_RC Tpm::IncrementalSelfTestSync(
   8858     const TPML_ALG& to_test,
   8859     TPML_ALG* to_do_list,
   8860     AuthorizationDelegate* authorization_delegate) {
   8861   VLOG(1) << __func__;
   8862   std::string command;
   8863   TPM_RC rc = SerializeCommand_IncrementalSelfTest(to_test, &command,
   8864                                                    authorization_delegate);
   8865   if (rc != TPM_RC_SUCCESS) {
   8866     return rc;
   8867   }
   8868   std::string response = transceiver_->SendCommandAndWait(command);
   8869   rc = ParseResponse_IncrementalSelfTest(response, to_do_list,
   8870                                          authorization_delegate);
   8871   return rc;
   8872 }
   8873 
   8874 TPM_RC Tpm::SerializeCommand_GetTestResult(
   8875     std::string* serialized_command,
   8876     AuthorizationDelegate* authorization_delegate) {
   8877   VLOG(3) << __func__;
   8878   TPM_RC rc = TPM_RC_SUCCESS;
   8879   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   8880   UINT32 command_size = 10;  // Header size.
   8881   std::string handle_section_bytes;
   8882   std::string parameter_section_bytes;
   8883   TPM_CC command_code = TPM_CC_GetTestResult;
   8884   bool is_command_parameter_encryption_possible = false;
   8885   bool is_response_parameter_encryption_possible = true;
   8886   std::string command_code_bytes;
   8887   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8888   if (rc != TPM_RC_SUCCESS) {
   8889     return rc;
   8890   }
   8891   std::unique_ptr<crypto::SecureHash> hash(
   8892       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8893   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8894   std::string command_hash(32, 0);
   8895   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   8896   std::string authorization_section_bytes;
   8897   std::string authorization_size_bytes;
   8898   if (authorization_delegate) {
   8899     if (!authorization_delegate->GetCommandAuthorization(
   8900             command_hash, is_command_parameter_encryption_possible,
   8901             is_response_parameter_encryption_possible,
   8902             &authorization_section_bytes)) {
   8903       return TRUNKS_RC_AUTHORIZATION_FAILED;
   8904     }
   8905     if (!authorization_section_bytes.empty()) {
   8906       tag = TPM_ST_SESSIONS;
   8907       std::string tmp;
   8908       rc = Serialize_UINT32(authorization_section_bytes.size(),
   8909                             &authorization_size_bytes);
   8910       if (rc != TPM_RC_SUCCESS) {
   8911         return rc;
   8912       }
   8913       command_size +=
   8914           authorization_size_bytes.size() + authorization_section_bytes.size();
   8915     }
   8916   }
   8917   std::string tag_bytes;
   8918   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   8919   if (rc != TPM_RC_SUCCESS) {
   8920     return rc;
   8921   }
   8922   std::string command_size_bytes;
   8923   rc = Serialize_UINT32(command_size, &command_size_bytes);
   8924   if (rc != TPM_RC_SUCCESS) {
   8925     return rc;
   8926   }
   8927   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   8928                         handle_section_bytes + authorization_size_bytes +
   8929                         authorization_section_bytes + parameter_section_bytes;
   8930   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   8931   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   8932                                             serialized_command->size());
   8933   return TPM_RC_SUCCESS;
   8934 }
   8935 
   8936 TPM_RC Tpm::ParseResponse_GetTestResult(
   8937     const std::string& response,
   8938     TPM2B_MAX_BUFFER* out_data,
   8939     TPM_RC* test_result,
   8940     AuthorizationDelegate* authorization_delegate) {
   8941   VLOG(3) << __func__;
   8942   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   8943   TPM_RC rc = TPM_RC_SUCCESS;
   8944   std::string buffer(response);
   8945   TPM_ST tag;
   8946   std::string tag_bytes;
   8947   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   8948   if (rc != TPM_RC_SUCCESS) {
   8949     return rc;
   8950   }
   8951   UINT32 response_size;
   8952   std::string response_size_bytes;
   8953   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   8954   if (rc != TPM_RC_SUCCESS) {
   8955     return rc;
   8956   }
   8957   TPM_RC response_code;
   8958   std::string response_code_bytes;
   8959   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   8960   if (rc != TPM_RC_SUCCESS) {
   8961     return rc;
   8962   }
   8963   if (response_size != response.size()) {
   8964     return TPM_RC_SIZE;
   8965   }
   8966   if (response_code != TPM_RC_SUCCESS) {
   8967     return response_code;
   8968   }
   8969   TPM_CC command_code = TPM_CC_GetTestResult;
   8970   std::string command_code_bytes;
   8971   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   8972   if (rc != TPM_RC_SUCCESS) {
   8973     return rc;
   8974   }
   8975   std::string authorization_section_bytes;
   8976   if (tag == TPM_ST_SESSIONS) {
   8977     UINT32 parameter_section_size = buffer.size();
   8978     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   8979     if (rc != TPM_RC_SUCCESS) {
   8980       return rc;
   8981     }
   8982     if (parameter_section_size > buffer.size()) {
   8983       return TPM_RC_INSUFFICIENT;
   8984     }
   8985     authorization_section_bytes = buffer.substr(parameter_section_size);
   8986     // Keep the parameter section in |buffer|.
   8987     buffer.erase(parameter_section_size);
   8988   }
   8989   std::unique_ptr<crypto::SecureHash> hash(
   8990       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   8991   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   8992   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   8993   hash->Update(buffer.data(), buffer.size());
   8994   std::string response_hash(32, 0);
   8995   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   8996   if (tag == TPM_ST_SESSIONS) {
   8997     CHECK(authorization_delegate) << "Authorization delegate missing!";
   8998     if (!authorization_delegate->CheckResponseAuthorization(
   8999             response_hash, authorization_section_bytes)) {
   9000       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9001     }
   9002   }
   9003   std::string out_data_bytes;
   9004   rc = Parse_TPM2B_MAX_BUFFER(&buffer, out_data, &out_data_bytes);
   9005   if (rc != TPM_RC_SUCCESS) {
   9006     return rc;
   9007   }
   9008   std::string test_result_bytes;
   9009   rc = Parse_TPM_RC(&buffer, test_result, &test_result_bytes);
   9010   if (rc != TPM_RC_SUCCESS) {
   9011     return rc;
   9012   }
   9013   if (tag == TPM_ST_SESSIONS) {
   9014     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9015     // Decrypt just the parameter data, not the size.
   9016     std::string tmp = out_data_bytes.substr(2);
   9017     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   9018       return TRUNKS_RC_ENCRYPTION_FAILED;
   9019     }
   9020     out_data_bytes.replace(2, std::string::npos, tmp);
   9021     rc = Parse_TPM2B_MAX_BUFFER(&out_data_bytes, out_data, nullptr);
   9022     if (rc != TPM_RC_SUCCESS) {
   9023       return rc;
   9024     }
   9025   }
   9026   return TPM_RC_SUCCESS;
   9027 }
   9028 
   9029 void GetTestResultErrorCallback(const Tpm::GetTestResultResponse& callback,
   9030                                 TPM_RC response_code) {
   9031   VLOG(1) << __func__;
   9032   callback.Run(response_code, TPM2B_MAX_BUFFER(), TPM_RC());
   9033 }
   9034 
   9035 void GetTestResultResponseParser(const Tpm::GetTestResultResponse& callback,
   9036                                  AuthorizationDelegate* authorization_delegate,
   9037                                  const std::string& response) {
   9038   VLOG(1) << __func__;
   9039   base::Callback<void(TPM_RC)> error_reporter =
   9040       base::Bind(GetTestResultErrorCallback, callback);
   9041   TPM2B_MAX_BUFFER out_data;
   9042   TPM_RC test_result;
   9043   TPM_RC rc = Tpm::ParseResponse_GetTestResult(
   9044       response, &out_data, &test_result, authorization_delegate);
   9045   if (rc != TPM_RC_SUCCESS) {
   9046     error_reporter.Run(rc);
   9047     return;
   9048   }
   9049   callback.Run(rc, out_data, test_result);
   9050 }
   9051 
   9052 void Tpm::GetTestResult(AuthorizationDelegate* authorization_delegate,
   9053                         const GetTestResultResponse& callback) {
   9054   VLOG(1) << __func__;
   9055   base::Callback<void(TPM_RC)> error_reporter =
   9056       base::Bind(GetTestResultErrorCallback, callback);
   9057   base::Callback<void(const std::string&)> parser =
   9058       base::Bind(GetTestResultResponseParser, callback, authorization_delegate);
   9059   std::string command;
   9060   TPM_RC rc = SerializeCommand_GetTestResult(&command, authorization_delegate);
   9061   if (rc != TPM_RC_SUCCESS) {
   9062     error_reporter.Run(rc);
   9063     return;
   9064   }
   9065   transceiver_->SendCommand(command, parser);
   9066 }
   9067 
   9068 TPM_RC Tpm::GetTestResultSync(TPM2B_MAX_BUFFER* out_data,
   9069                               TPM_RC* test_result,
   9070                               AuthorizationDelegate* authorization_delegate) {
   9071   VLOG(1) << __func__;
   9072   std::string command;
   9073   TPM_RC rc = SerializeCommand_GetTestResult(&command, authorization_delegate);
   9074   if (rc != TPM_RC_SUCCESS) {
   9075     return rc;
   9076   }
   9077   std::string response = transceiver_->SendCommandAndWait(command);
   9078   rc = ParseResponse_GetTestResult(response, out_data, test_result,
   9079                                    authorization_delegate);
   9080   return rc;
   9081 }
   9082 
   9083 TPM_RC Tpm::SerializeCommand_StartAuthSession(
   9084     const TPMI_DH_OBJECT& tpm_key,
   9085     const std::string& tpm_key_name,
   9086     const TPMI_DH_ENTITY& bind,
   9087     const std::string& bind_name,
   9088     const TPM2B_NONCE& nonce_caller,
   9089     const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   9090     const TPM_SE& session_type,
   9091     const TPMT_SYM_DEF& symmetric,
   9092     const TPMI_ALG_HASH& auth_hash,
   9093     std::string* serialized_command,
   9094     AuthorizationDelegate* authorization_delegate) {
   9095   VLOG(3) << __func__;
   9096   TPM_RC rc = TPM_RC_SUCCESS;
   9097   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9098   UINT32 command_size = 10;  // Header size.
   9099   std::string handle_section_bytes;
   9100   std::string parameter_section_bytes;
   9101   TPM_CC command_code = TPM_CC_StartAuthSession;
   9102   bool is_command_parameter_encryption_possible = true;
   9103   bool is_response_parameter_encryption_possible = true;
   9104   std::string command_code_bytes;
   9105   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9106   if (rc != TPM_RC_SUCCESS) {
   9107     return rc;
   9108   }
   9109   std::string tpm_key_bytes;
   9110   rc = Serialize_TPMI_DH_OBJECT(tpm_key, &tpm_key_bytes);
   9111   if (rc != TPM_RC_SUCCESS) {
   9112     return rc;
   9113   }
   9114   std::string bind_bytes;
   9115   rc = Serialize_TPMI_DH_ENTITY(bind, &bind_bytes);
   9116   if (rc != TPM_RC_SUCCESS) {
   9117     return rc;
   9118   }
   9119   std::string nonce_caller_bytes;
   9120   rc = Serialize_TPM2B_NONCE(nonce_caller, &nonce_caller_bytes);
   9121   if (rc != TPM_RC_SUCCESS) {
   9122     return rc;
   9123   }
   9124   std::string encrypted_salt_bytes;
   9125   rc = Serialize_TPM2B_ENCRYPTED_SECRET(encrypted_salt, &encrypted_salt_bytes);
   9126   if (rc != TPM_RC_SUCCESS) {
   9127     return rc;
   9128   }
   9129   std::string session_type_bytes;
   9130   rc = Serialize_TPM_SE(session_type, &session_type_bytes);
   9131   if (rc != TPM_RC_SUCCESS) {
   9132     return rc;
   9133   }
   9134   std::string symmetric_bytes;
   9135   rc = Serialize_TPMT_SYM_DEF(symmetric, &symmetric_bytes);
   9136   if (rc != TPM_RC_SUCCESS) {
   9137     return rc;
   9138   }
   9139   std::string auth_hash_bytes;
   9140   rc = Serialize_TPMI_ALG_HASH(auth_hash, &auth_hash_bytes);
   9141   if (rc != TPM_RC_SUCCESS) {
   9142     return rc;
   9143   }
   9144   if (authorization_delegate) {
   9145     // Encrypt just the parameter data, not the size.
   9146     std::string tmp = nonce_caller_bytes.substr(2);
   9147     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   9148       return TRUNKS_RC_ENCRYPTION_FAILED;
   9149     }
   9150     nonce_caller_bytes.replace(2, std::string::npos, tmp);
   9151   }
   9152   std::unique_ptr<crypto::SecureHash> hash(
   9153       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9154   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9155   hash->Update(tpm_key_name.data(), tpm_key_name.size());
   9156   handle_section_bytes += tpm_key_bytes;
   9157   command_size += tpm_key_bytes.size();
   9158   hash->Update(bind_name.data(), bind_name.size());
   9159   handle_section_bytes += bind_bytes;
   9160   command_size += bind_bytes.size();
   9161   hash->Update(nonce_caller_bytes.data(), nonce_caller_bytes.size());
   9162   parameter_section_bytes += nonce_caller_bytes;
   9163   command_size += nonce_caller_bytes.size();
   9164   hash->Update(encrypted_salt_bytes.data(), encrypted_salt_bytes.size());
   9165   parameter_section_bytes += encrypted_salt_bytes;
   9166   command_size += encrypted_salt_bytes.size();
   9167   hash->Update(session_type_bytes.data(), session_type_bytes.size());
   9168   parameter_section_bytes += session_type_bytes;
   9169   command_size += session_type_bytes.size();
   9170   hash->Update(symmetric_bytes.data(), symmetric_bytes.size());
   9171   parameter_section_bytes += symmetric_bytes;
   9172   command_size += symmetric_bytes.size();
   9173   hash->Update(auth_hash_bytes.data(), auth_hash_bytes.size());
   9174   parameter_section_bytes += auth_hash_bytes;
   9175   command_size += auth_hash_bytes.size();
   9176   std::string command_hash(32, 0);
   9177   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   9178   std::string authorization_section_bytes;
   9179   std::string authorization_size_bytes;
   9180   if (authorization_delegate) {
   9181     if (!authorization_delegate->GetCommandAuthorization(
   9182             command_hash, is_command_parameter_encryption_possible,
   9183             is_response_parameter_encryption_possible,
   9184             &authorization_section_bytes)) {
   9185       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9186     }
   9187     if (!authorization_section_bytes.empty()) {
   9188       tag = TPM_ST_SESSIONS;
   9189       std::string tmp;
   9190       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9191                             &authorization_size_bytes);
   9192       if (rc != TPM_RC_SUCCESS) {
   9193         return rc;
   9194       }
   9195       command_size +=
   9196           authorization_size_bytes.size() + authorization_section_bytes.size();
   9197     }
   9198   }
   9199   std::string tag_bytes;
   9200   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   9201   if (rc != TPM_RC_SUCCESS) {
   9202     return rc;
   9203   }
   9204   std::string command_size_bytes;
   9205   rc = Serialize_UINT32(command_size, &command_size_bytes);
   9206   if (rc != TPM_RC_SUCCESS) {
   9207     return rc;
   9208   }
   9209   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   9210                         handle_section_bytes + authorization_size_bytes +
   9211                         authorization_section_bytes + parameter_section_bytes;
   9212   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9213   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9214                                             serialized_command->size());
   9215   return TPM_RC_SUCCESS;
   9216 }
   9217 
   9218 TPM_RC Tpm::ParseResponse_StartAuthSession(
   9219     const std::string& response,
   9220     TPMI_SH_AUTH_SESSION* session_handle,
   9221     TPM2B_NONCE* nonce_tpm,
   9222     AuthorizationDelegate* authorization_delegate) {
   9223   VLOG(3) << __func__;
   9224   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9225   TPM_RC rc = TPM_RC_SUCCESS;
   9226   std::string buffer(response);
   9227   TPM_ST tag;
   9228   std::string tag_bytes;
   9229   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   9230   if (rc != TPM_RC_SUCCESS) {
   9231     return rc;
   9232   }
   9233   UINT32 response_size;
   9234   std::string response_size_bytes;
   9235   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   9236   if (rc != TPM_RC_SUCCESS) {
   9237     return rc;
   9238   }
   9239   TPM_RC response_code;
   9240   std::string response_code_bytes;
   9241   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   9242   if (rc != TPM_RC_SUCCESS) {
   9243     return rc;
   9244   }
   9245   if (response_size != response.size()) {
   9246     return TPM_RC_SIZE;
   9247   }
   9248   if (response_code != TPM_RC_SUCCESS) {
   9249     return response_code;
   9250   }
   9251   std::string session_handle_bytes;
   9252   rc = Parse_TPMI_SH_AUTH_SESSION(&buffer, session_handle,
   9253                                   &session_handle_bytes);
   9254   if (rc != TPM_RC_SUCCESS) {
   9255     return rc;
   9256   }
   9257   TPM_CC command_code = TPM_CC_StartAuthSession;
   9258   std::string command_code_bytes;
   9259   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9260   if (rc != TPM_RC_SUCCESS) {
   9261     return rc;
   9262   }
   9263   std::string authorization_section_bytes;
   9264   if (tag == TPM_ST_SESSIONS) {
   9265     UINT32 parameter_section_size = buffer.size();
   9266     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   9267     if (rc != TPM_RC_SUCCESS) {
   9268       return rc;
   9269     }
   9270     if (parameter_section_size > buffer.size()) {
   9271       return TPM_RC_INSUFFICIENT;
   9272     }
   9273     authorization_section_bytes = buffer.substr(parameter_section_size);
   9274     // Keep the parameter section in |buffer|.
   9275     buffer.erase(parameter_section_size);
   9276   }
   9277   std::unique_ptr<crypto::SecureHash> hash(
   9278       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9279   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   9280   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9281   hash->Update(buffer.data(), buffer.size());
   9282   std::string response_hash(32, 0);
   9283   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   9284   if (tag == TPM_ST_SESSIONS) {
   9285     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9286     if (!authorization_delegate->CheckResponseAuthorization(
   9287             response_hash, authorization_section_bytes)) {
   9288       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9289     }
   9290   }
   9291   std::string nonce_tpm_bytes;
   9292   rc = Parse_TPM2B_NONCE(&buffer, nonce_tpm, &nonce_tpm_bytes);
   9293   if (rc != TPM_RC_SUCCESS) {
   9294     return rc;
   9295   }
   9296   if (tag == TPM_ST_SESSIONS) {
   9297     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9298     // Decrypt just the parameter data, not the size.
   9299     std::string tmp = nonce_tpm_bytes.substr(2);
   9300     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   9301       return TRUNKS_RC_ENCRYPTION_FAILED;
   9302     }
   9303     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   9304     rc = Parse_TPM2B_NONCE(&nonce_tpm_bytes, nonce_tpm, nullptr);
   9305     if (rc != TPM_RC_SUCCESS) {
   9306       return rc;
   9307     }
   9308   }
   9309   return TPM_RC_SUCCESS;
   9310 }
   9311 
   9312 void StartAuthSessionErrorCallback(
   9313     const Tpm::StartAuthSessionResponse& callback,
   9314     TPM_RC response_code) {
   9315   VLOG(1) << __func__;
   9316   callback.Run(response_code, TPMI_SH_AUTH_SESSION(), TPM2B_NONCE());
   9317 }
   9318 
   9319 void StartAuthSessionResponseParser(
   9320     const Tpm::StartAuthSessionResponse& callback,
   9321     AuthorizationDelegate* authorization_delegate,
   9322     const std::string& response) {
   9323   VLOG(1) << __func__;
   9324   base::Callback<void(TPM_RC)> error_reporter =
   9325       base::Bind(StartAuthSessionErrorCallback, callback);
   9326   TPMI_SH_AUTH_SESSION session_handle;
   9327   TPM2B_NONCE nonce_tpm;
   9328   TPM_RC rc = Tpm::ParseResponse_StartAuthSession(
   9329       response, &session_handle, &nonce_tpm, authorization_delegate);
   9330   if (rc != TPM_RC_SUCCESS) {
   9331     error_reporter.Run(rc);
   9332     return;
   9333   }
   9334   callback.Run(rc, session_handle, nonce_tpm);
   9335 }
   9336 
   9337 void Tpm::StartAuthSession(const TPMI_DH_OBJECT& tpm_key,
   9338                            const std::string& tpm_key_name,
   9339                            const TPMI_DH_ENTITY& bind,
   9340                            const std::string& bind_name,
   9341                            const TPM2B_NONCE& nonce_caller,
   9342                            const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   9343                            const TPM_SE& session_type,
   9344                            const TPMT_SYM_DEF& symmetric,
   9345                            const TPMI_ALG_HASH& auth_hash,
   9346                            AuthorizationDelegate* authorization_delegate,
   9347                            const StartAuthSessionResponse& callback) {
   9348   VLOG(1) << __func__;
   9349   base::Callback<void(TPM_RC)> error_reporter =
   9350       base::Bind(StartAuthSessionErrorCallback, callback);
   9351   base::Callback<void(const std::string&)> parser = base::Bind(
   9352       StartAuthSessionResponseParser, callback, authorization_delegate);
   9353   std::string command;
   9354   TPM_RC rc = SerializeCommand_StartAuthSession(
   9355       tpm_key, tpm_key_name, bind, bind_name, nonce_caller, encrypted_salt,
   9356       session_type, symmetric, auth_hash, &command, authorization_delegate);
   9357   if (rc != TPM_RC_SUCCESS) {
   9358     error_reporter.Run(rc);
   9359     return;
   9360   }
   9361   transceiver_->SendCommand(command, parser);
   9362 }
   9363 
   9364 TPM_RC Tpm::StartAuthSessionSync(
   9365     const TPMI_DH_OBJECT& tpm_key,
   9366     const std::string& tpm_key_name,
   9367     const TPMI_DH_ENTITY& bind,
   9368     const std::string& bind_name,
   9369     const TPM2B_NONCE& nonce_caller,
   9370     const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   9371     const TPM_SE& session_type,
   9372     const TPMT_SYM_DEF& symmetric,
   9373     const TPMI_ALG_HASH& auth_hash,
   9374     TPMI_SH_AUTH_SESSION* session_handle,
   9375     TPM2B_NONCE* nonce_tpm,
   9376     AuthorizationDelegate* authorization_delegate) {
   9377   VLOG(1) << __func__;
   9378   std::string command;
   9379   TPM_RC rc = SerializeCommand_StartAuthSession(
   9380       tpm_key, tpm_key_name, bind, bind_name, nonce_caller, encrypted_salt,
   9381       session_type, symmetric, auth_hash, &command, authorization_delegate);
   9382   if (rc != TPM_RC_SUCCESS) {
   9383     return rc;
   9384   }
   9385   std::string response = transceiver_->SendCommandAndWait(command);
   9386   rc = ParseResponse_StartAuthSession(response, session_handle, nonce_tpm,
   9387                                       authorization_delegate);
   9388   return rc;
   9389 }
   9390 
   9391 TPM_RC Tpm::SerializeCommand_PolicyRestart(
   9392     const TPMI_SH_POLICY& session_handle,
   9393     const std::string& session_handle_name,
   9394     std::string* serialized_command,
   9395     AuthorizationDelegate* authorization_delegate) {
   9396   VLOG(3) << __func__;
   9397   TPM_RC rc = TPM_RC_SUCCESS;
   9398   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9399   UINT32 command_size = 10;  // Header size.
   9400   std::string handle_section_bytes;
   9401   std::string parameter_section_bytes;
   9402   TPM_CC command_code = TPM_CC_PolicyRestart;
   9403   bool is_command_parameter_encryption_possible = false;
   9404   bool is_response_parameter_encryption_possible = false;
   9405   std::string command_code_bytes;
   9406   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9407   if (rc != TPM_RC_SUCCESS) {
   9408     return rc;
   9409   }
   9410   std::string session_handle_bytes;
   9411   rc = Serialize_TPMI_SH_POLICY(session_handle, &session_handle_bytes);
   9412   if (rc != TPM_RC_SUCCESS) {
   9413     return rc;
   9414   }
   9415   std::unique_ptr<crypto::SecureHash> hash(
   9416       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9417   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9418   hash->Update(session_handle_name.data(), session_handle_name.size());
   9419   handle_section_bytes += session_handle_bytes;
   9420   command_size += session_handle_bytes.size();
   9421   std::string command_hash(32, 0);
   9422   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   9423   std::string authorization_section_bytes;
   9424   std::string authorization_size_bytes;
   9425   if (authorization_delegate) {
   9426     if (!authorization_delegate->GetCommandAuthorization(
   9427             command_hash, is_command_parameter_encryption_possible,
   9428             is_response_parameter_encryption_possible,
   9429             &authorization_section_bytes)) {
   9430       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9431     }
   9432     if (!authorization_section_bytes.empty()) {
   9433       tag = TPM_ST_SESSIONS;
   9434       std::string tmp;
   9435       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9436                             &authorization_size_bytes);
   9437       if (rc != TPM_RC_SUCCESS) {
   9438         return rc;
   9439       }
   9440       command_size +=
   9441           authorization_size_bytes.size() + authorization_section_bytes.size();
   9442     }
   9443   }
   9444   std::string tag_bytes;
   9445   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   9446   if (rc != TPM_RC_SUCCESS) {
   9447     return rc;
   9448   }
   9449   std::string command_size_bytes;
   9450   rc = Serialize_UINT32(command_size, &command_size_bytes);
   9451   if (rc != TPM_RC_SUCCESS) {
   9452     return rc;
   9453   }
   9454   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   9455                         handle_section_bytes + authorization_size_bytes +
   9456                         authorization_section_bytes + parameter_section_bytes;
   9457   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9458   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9459                                             serialized_command->size());
   9460   return TPM_RC_SUCCESS;
   9461 }
   9462 
   9463 TPM_RC Tpm::ParseResponse_PolicyRestart(
   9464     const std::string& response,
   9465     AuthorizationDelegate* authorization_delegate) {
   9466   VLOG(3) << __func__;
   9467   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9468   TPM_RC rc = TPM_RC_SUCCESS;
   9469   std::string buffer(response);
   9470   TPM_ST tag;
   9471   std::string tag_bytes;
   9472   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   9473   if (rc != TPM_RC_SUCCESS) {
   9474     return rc;
   9475   }
   9476   UINT32 response_size;
   9477   std::string response_size_bytes;
   9478   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   9479   if (rc != TPM_RC_SUCCESS) {
   9480     return rc;
   9481   }
   9482   TPM_RC response_code;
   9483   std::string response_code_bytes;
   9484   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   9485   if (rc != TPM_RC_SUCCESS) {
   9486     return rc;
   9487   }
   9488   if (response_size != response.size()) {
   9489     return TPM_RC_SIZE;
   9490   }
   9491   if (response_code != TPM_RC_SUCCESS) {
   9492     return response_code;
   9493   }
   9494   TPM_CC command_code = TPM_CC_PolicyRestart;
   9495   std::string command_code_bytes;
   9496   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9497   if (rc != TPM_RC_SUCCESS) {
   9498     return rc;
   9499   }
   9500   std::string authorization_section_bytes;
   9501   if (tag == TPM_ST_SESSIONS) {
   9502     UINT32 parameter_section_size = buffer.size();
   9503     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   9504     if (rc != TPM_RC_SUCCESS) {
   9505       return rc;
   9506     }
   9507     if (parameter_section_size > buffer.size()) {
   9508       return TPM_RC_INSUFFICIENT;
   9509     }
   9510     authorization_section_bytes = buffer.substr(parameter_section_size);
   9511     // Keep the parameter section in |buffer|.
   9512     buffer.erase(parameter_section_size);
   9513   }
   9514   std::unique_ptr<crypto::SecureHash> hash(
   9515       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9516   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   9517   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9518   hash->Update(buffer.data(), buffer.size());
   9519   std::string response_hash(32, 0);
   9520   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   9521   if (tag == TPM_ST_SESSIONS) {
   9522     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9523     if (!authorization_delegate->CheckResponseAuthorization(
   9524             response_hash, authorization_section_bytes)) {
   9525       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9526     }
   9527   }
   9528   return TPM_RC_SUCCESS;
   9529 }
   9530 
   9531 void PolicyRestartErrorCallback(const Tpm::PolicyRestartResponse& callback,
   9532                                 TPM_RC response_code) {
   9533   VLOG(1) << __func__;
   9534   callback.Run(response_code);
   9535 }
   9536 
   9537 void PolicyRestartResponseParser(const Tpm::PolicyRestartResponse& callback,
   9538                                  AuthorizationDelegate* authorization_delegate,
   9539                                  const std::string& response) {
   9540   VLOG(1) << __func__;
   9541   base::Callback<void(TPM_RC)> error_reporter =
   9542       base::Bind(PolicyRestartErrorCallback, callback);
   9543   TPM_RC rc =
   9544       Tpm::ParseResponse_PolicyRestart(response, authorization_delegate);
   9545   if (rc != TPM_RC_SUCCESS) {
   9546     error_reporter.Run(rc);
   9547     return;
   9548   }
   9549   callback.Run(rc);
   9550 }
   9551 
   9552 void Tpm::PolicyRestart(const TPMI_SH_POLICY& session_handle,
   9553                         const std::string& session_handle_name,
   9554                         AuthorizationDelegate* authorization_delegate,
   9555                         const PolicyRestartResponse& callback) {
   9556   VLOG(1) << __func__;
   9557   base::Callback<void(TPM_RC)> error_reporter =
   9558       base::Bind(PolicyRestartErrorCallback, callback);
   9559   base::Callback<void(const std::string&)> parser =
   9560       base::Bind(PolicyRestartResponseParser, callback, authorization_delegate);
   9561   std::string command;
   9562   TPM_RC rc = SerializeCommand_PolicyRestart(
   9563       session_handle, session_handle_name, &command, authorization_delegate);
   9564   if (rc != TPM_RC_SUCCESS) {
   9565     error_reporter.Run(rc);
   9566     return;
   9567   }
   9568   transceiver_->SendCommand(command, parser);
   9569 }
   9570 
   9571 TPM_RC Tpm::PolicyRestartSync(const TPMI_SH_POLICY& session_handle,
   9572                               const std::string& session_handle_name,
   9573                               AuthorizationDelegate* authorization_delegate) {
   9574   VLOG(1) << __func__;
   9575   std::string command;
   9576   TPM_RC rc = SerializeCommand_PolicyRestart(
   9577       session_handle, session_handle_name, &command, authorization_delegate);
   9578   if (rc != TPM_RC_SUCCESS) {
   9579     return rc;
   9580   }
   9581   std::string response = transceiver_->SendCommandAndWait(command);
   9582   rc = ParseResponse_PolicyRestart(response, authorization_delegate);
   9583   return rc;
   9584 }
   9585 
   9586 TPM_RC Tpm::SerializeCommand_Create(
   9587     const TPMI_DH_OBJECT& parent_handle,
   9588     const std::string& parent_handle_name,
   9589     const TPM2B_SENSITIVE_CREATE& in_sensitive,
   9590     const TPM2B_PUBLIC& in_public,
   9591     const TPM2B_DATA& outside_info,
   9592     const TPML_PCR_SELECTION& creation_pcr,
   9593     std::string* serialized_command,
   9594     AuthorizationDelegate* authorization_delegate) {
   9595   VLOG(3) << __func__;
   9596   TPM_RC rc = TPM_RC_SUCCESS;
   9597   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9598   UINT32 command_size = 10;  // Header size.
   9599   std::string handle_section_bytes;
   9600   std::string parameter_section_bytes;
   9601   TPM_CC command_code = TPM_CC_Create;
   9602   bool is_command_parameter_encryption_possible = true;
   9603   bool is_response_parameter_encryption_possible = true;
   9604   std::string command_code_bytes;
   9605   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9606   if (rc != TPM_RC_SUCCESS) {
   9607     return rc;
   9608   }
   9609   std::string parent_handle_bytes;
   9610   rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes);
   9611   if (rc != TPM_RC_SUCCESS) {
   9612     return rc;
   9613   }
   9614   std::string in_sensitive_bytes;
   9615   rc = Serialize_TPM2B_SENSITIVE_CREATE(in_sensitive, &in_sensitive_bytes);
   9616   if (rc != TPM_RC_SUCCESS) {
   9617     return rc;
   9618   }
   9619   std::string in_public_bytes;
   9620   rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes);
   9621   if (rc != TPM_RC_SUCCESS) {
   9622     return rc;
   9623   }
   9624   std::string outside_info_bytes;
   9625   rc = Serialize_TPM2B_DATA(outside_info, &outside_info_bytes);
   9626   if (rc != TPM_RC_SUCCESS) {
   9627     return rc;
   9628   }
   9629   std::string creation_pcr_bytes;
   9630   rc = Serialize_TPML_PCR_SELECTION(creation_pcr, &creation_pcr_bytes);
   9631   if (rc != TPM_RC_SUCCESS) {
   9632     return rc;
   9633   }
   9634   if (authorization_delegate) {
   9635     // Encrypt just the parameter data, not the size.
   9636     std::string tmp = in_sensitive_bytes.substr(2);
   9637     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   9638       return TRUNKS_RC_ENCRYPTION_FAILED;
   9639     }
   9640     in_sensitive_bytes.replace(2, std::string::npos, tmp);
   9641   }
   9642   std::unique_ptr<crypto::SecureHash> hash(
   9643       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9644   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9645   hash->Update(parent_handle_name.data(), parent_handle_name.size());
   9646   handle_section_bytes += parent_handle_bytes;
   9647   command_size += parent_handle_bytes.size();
   9648   hash->Update(in_sensitive_bytes.data(), in_sensitive_bytes.size());
   9649   parameter_section_bytes += in_sensitive_bytes;
   9650   command_size += in_sensitive_bytes.size();
   9651   hash->Update(in_public_bytes.data(), in_public_bytes.size());
   9652   parameter_section_bytes += in_public_bytes;
   9653   command_size += in_public_bytes.size();
   9654   hash->Update(outside_info_bytes.data(), outside_info_bytes.size());
   9655   parameter_section_bytes += outside_info_bytes;
   9656   command_size += outside_info_bytes.size();
   9657   hash->Update(creation_pcr_bytes.data(), creation_pcr_bytes.size());
   9658   parameter_section_bytes += creation_pcr_bytes;
   9659   command_size += creation_pcr_bytes.size();
   9660   std::string command_hash(32, 0);
   9661   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   9662   std::string authorization_section_bytes;
   9663   std::string authorization_size_bytes;
   9664   if (authorization_delegate) {
   9665     if (!authorization_delegate->GetCommandAuthorization(
   9666             command_hash, is_command_parameter_encryption_possible,
   9667             is_response_parameter_encryption_possible,
   9668             &authorization_section_bytes)) {
   9669       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9670     }
   9671     if (!authorization_section_bytes.empty()) {
   9672       tag = TPM_ST_SESSIONS;
   9673       std::string tmp;
   9674       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9675                             &authorization_size_bytes);
   9676       if (rc != TPM_RC_SUCCESS) {
   9677         return rc;
   9678       }
   9679       command_size +=
   9680           authorization_size_bytes.size() + authorization_section_bytes.size();
   9681     }
   9682   }
   9683   std::string tag_bytes;
   9684   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   9685   if (rc != TPM_RC_SUCCESS) {
   9686     return rc;
   9687   }
   9688   std::string command_size_bytes;
   9689   rc = Serialize_UINT32(command_size, &command_size_bytes);
   9690   if (rc != TPM_RC_SUCCESS) {
   9691     return rc;
   9692   }
   9693   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   9694                         handle_section_bytes + authorization_size_bytes +
   9695                         authorization_section_bytes + parameter_section_bytes;
   9696   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9697   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9698                                             serialized_command->size());
   9699   return TPM_RC_SUCCESS;
   9700 }
   9701 
   9702 TPM_RC Tpm::ParseResponse_Create(
   9703     const std::string& response,
   9704     TPM2B_PRIVATE* out_private,
   9705     TPM2B_PUBLIC* out_public,
   9706     TPM2B_CREATION_DATA* creation_data,
   9707     TPM2B_DIGEST* creation_hash,
   9708     TPMT_TK_CREATION* creation_ticket,
   9709     AuthorizationDelegate* authorization_delegate) {
   9710   VLOG(3) << __func__;
   9711   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9712   TPM_RC rc = TPM_RC_SUCCESS;
   9713   std::string buffer(response);
   9714   TPM_ST tag;
   9715   std::string tag_bytes;
   9716   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   9717   if (rc != TPM_RC_SUCCESS) {
   9718     return rc;
   9719   }
   9720   UINT32 response_size;
   9721   std::string response_size_bytes;
   9722   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   9723   if (rc != TPM_RC_SUCCESS) {
   9724     return rc;
   9725   }
   9726   TPM_RC response_code;
   9727   std::string response_code_bytes;
   9728   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   9729   if (rc != TPM_RC_SUCCESS) {
   9730     return rc;
   9731   }
   9732   if (response_size != response.size()) {
   9733     return TPM_RC_SIZE;
   9734   }
   9735   if (response_code != TPM_RC_SUCCESS) {
   9736     return response_code;
   9737   }
   9738   TPM_CC command_code = TPM_CC_Create;
   9739   std::string command_code_bytes;
   9740   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9741   if (rc != TPM_RC_SUCCESS) {
   9742     return rc;
   9743   }
   9744   std::string authorization_section_bytes;
   9745   if (tag == TPM_ST_SESSIONS) {
   9746     UINT32 parameter_section_size = buffer.size();
   9747     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   9748     if (rc != TPM_RC_SUCCESS) {
   9749       return rc;
   9750     }
   9751     if (parameter_section_size > buffer.size()) {
   9752       return TPM_RC_INSUFFICIENT;
   9753     }
   9754     authorization_section_bytes = buffer.substr(parameter_section_size);
   9755     // Keep the parameter section in |buffer|.
   9756     buffer.erase(parameter_section_size);
   9757   }
   9758   std::unique_ptr<crypto::SecureHash> hash(
   9759       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9760   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   9761   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9762   hash->Update(buffer.data(), buffer.size());
   9763   std::string response_hash(32, 0);
   9764   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   9765   if (tag == TPM_ST_SESSIONS) {
   9766     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9767     if (!authorization_delegate->CheckResponseAuthorization(
   9768             response_hash, authorization_section_bytes)) {
   9769       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9770     }
   9771   }
   9772   std::string out_private_bytes;
   9773   rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes);
   9774   if (rc != TPM_RC_SUCCESS) {
   9775     return rc;
   9776   }
   9777   std::string out_public_bytes;
   9778   rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes);
   9779   if (rc != TPM_RC_SUCCESS) {
   9780     return rc;
   9781   }
   9782   std::string creation_data_bytes;
   9783   rc = Parse_TPM2B_CREATION_DATA(&buffer, creation_data, &creation_data_bytes);
   9784   if (rc != TPM_RC_SUCCESS) {
   9785     return rc;
   9786   }
   9787   std::string creation_hash_bytes;
   9788   rc = Parse_TPM2B_DIGEST(&buffer, creation_hash, &creation_hash_bytes);
   9789   if (rc != TPM_RC_SUCCESS) {
   9790     return rc;
   9791   }
   9792   std::string creation_ticket_bytes;
   9793   rc = Parse_TPMT_TK_CREATION(&buffer, creation_ticket, &creation_ticket_bytes);
   9794   if (rc != TPM_RC_SUCCESS) {
   9795     return rc;
   9796   }
   9797   if (tag == TPM_ST_SESSIONS) {
   9798     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9799     // Decrypt just the parameter data, not the size.
   9800     std::string tmp = out_private_bytes.substr(2);
   9801     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   9802       return TRUNKS_RC_ENCRYPTION_FAILED;
   9803     }
   9804     out_private_bytes.replace(2, std::string::npos, tmp);
   9805     rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr);
   9806     if (rc != TPM_RC_SUCCESS) {
   9807       return rc;
   9808     }
   9809   }
   9810   return TPM_RC_SUCCESS;
   9811 }
   9812 
   9813 void CreateErrorCallback(const Tpm::CreateResponse& callback,
   9814                          TPM_RC response_code) {
   9815   VLOG(1) << __func__;
   9816   callback.Run(response_code, TPM2B_PRIVATE(), TPM2B_PUBLIC(),
   9817                TPM2B_CREATION_DATA(), TPM2B_DIGEST(), TPMT_TK_CREATION());
   9818 }
   9819 
   9820 void CreateResponseParser(const Tpm::CreateResponse& callback,
   9821                           AuthorizationDelegate* authorization_delegate,
   9822                           const std::string& response) {
   9823   VLOG(1) << __func__;
   9824   base::Callback<void(TPM_RC)> error_reporter =
   9825       base::Bind(CreateErrorCallback, callback);
   9826   TPM2B_PRIVATE out_private;
   9827   TPM2B_PUBLIC out_public;
   9828   TPM2B_CREATION_DATA creation_data;
   9829   TPM2B_DIGEST creation_hash;
   9830   TPMT_TK_CREATION creation_ticket;
   9831   TPM_RC rc = Tpm::ParseResponse_Create(
   9832       response, &out_private, &out_public, &creation_data, &creation_hash,
   9833       &creation_ticket, authorization_delegate);
   9834   if (rc != TPM_RC_SUCCESS) {
   9835     error_reporter.Run(rc);
   9836     return;
   9837   }
   9838   callback.Run(rc, out_private, out_public, creation_data, creation_hash,
   9839                creation_ticket);
   9840 }
   9841 
   9842 void Tpm::Create(const TPMI_DH_OBJECT& parent_handle,
   9843                  const std::string& parent_handle_name,
   9844                  const TPM2B_SENSITIVE_CREATE& in_sensitive,
   9845                  const TPM2B_PUBLIC& in_public,
   9846                  const TPM2B_DATA& outside_info,
   9847                  const TPML_PCR_SELECTION& creation_pcr,
   9848                  AuthorizationDelegate* authorization_delegate,
   9849                  const CreateResponse& callback) {
   9850   VLOG(1) << __func__;
   9851   base::Callback<void(TPM_RC)> error_reporter =
   9852       base::Bind(CreateErrorCallback, callback);
   9853   base::Callback<void(const std::string&)> parser =
   9854       base::Bind(CreateResponseParser, callback, authorization_delegate);
   9855   std::string command;
   9856   TPM_RC rc = SerializeCommand_Create(
   9857       parent_handle, parent_handle_name, in_sensitive, in_public, outside_info,
   9858       creation_pcr, &command, authorization_delegate);
   9859   if (rc != TPM_RC_SUCCESS) {
   9860     error_reporter.Run(rc);
   9861     return;
   9862   }
   9863   transceiver_->SendCommand(command, parser);
   9864 }
   9865 
   9866 TPM_RC Tpm::CreateSync(const TPMI_DH_OBJECT& parent_handle,
   9867                        const std::string& parent_handle_name,
   9868                        const TPM2B_SENSITIVE_CREATE& in_sensitive,
   9869                        const TPM2B_PUBLIC& in_public,
   9870                        const TPM2B_DATA& outside_info,
   9871                        const TPML_PCR_SELECTION& creation_pcr,
   9872                        TPM2B_PRIVATE* out_private,
   9873                        TPM2B_PUBLIC* out_public,
   9874                        TPM2B_CREATION_DATA* creation_data,
   9875                        TPM2B_DIGEST* creation_hash,
   9876                        TPMT_TK_CREATION* creation_ticket,
   9877                        AuthorizationDelegate* authorization_delegate) {
   9878   VLOG(1) << __func__;
   9879   std::string command;
   9880   TPM_RC rc = SerializeCommand_Create(
   9881       parent_handle, parent_handle_name, in_sensitive, in_public, outside_info,
   9882       creation_pcr, &command, authorization_delegate);
   9883   if (rc != TPM_RC_SUCCESS) {
   9884     return rc;
   9885   }
   9886   std::string response = transceiver_->SendCommandAndWait(command);
   9887   rc = ParseResponse_Create(response, out_private, out_public, creation_data,
   9888                             creation_hash, creation_ticket,
   9889                             authorization_delegate);
   9890   return rc;
   9891 }
   9892 
   9893 TPM_RC Tpm::SerializeCommand_Load(
   9894     const TPMI_DH_OBJECT& parent_handle,
   9895     const std::string& parent_handle_name,
   9896     const TPM2B_PRIVATE& in_private,
   9897     const TPM2B_PUBLIC& in_public,
   9898     std::string* serialized_command,
   9899     AuthorizationDelegate* authorization_delegate) {
   9900   VLOG(3) << __func__;
   9901   TPM_RC rc = TPM_RC_SUCCESS;
   9902   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9903   UINT32 command_size = 10;  // Header size.
   9904   std::string handle_section_bytes;
   9905   std::string parameter_section_bytes;
   9906   TPM_CC command_code = TPM_CC_Load;
   9907   bool is_command_parameter_encryption_possible = true;
   9908   bool is_response_parameter_encryption_possible = true;
   9909   std::string command_code_bytes;
   9910   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   9911   if (rc != TPM_RC_SUCCESS) {
   9912     return rc;
   9913   }
   9914   std::string parent_handle_bytes;
   9915   rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes);
   9916   if (rc != TPM_RC_SUCCESS) {
   9917     return rc;
   9918   }
   9919   std::string in_private_bytes;
   9920   rc = Serialize_TPM2B_PRIVATE(in_private, &in_private_bytes);
   9921   if (rc != TPM_RC_SUCCESS) {
   9922     return rc;
   9923   }
   9924   std::string in_public_bytes;
   9925   rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes);
   9926   if (rc != TPM_RC_SUCCESS) {
   9927     return rc;
   9928   }
   9929   if (authorization_delegate) {
   9930     // Encrypt just the parameter data, not the size.
   9931     std::string tmp = in_private_bytes.substr(2);
   9932     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   9933       return TRUNKS_RC_ENCRYPTION_FAILED;
   9934     }
   9935     in_private_bytes.replace(2, std::string::npos, tmp);
   9936   }
   9937   std::unique_ptr<crypto::SecureHash> hash(
   9938       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   9939   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   9940   hash->Update(parent_handle_name.data(), parent_handle_name.size());
   9941   handle_section_bytes += parent_handle_bytes;
   9942   command_size += parent_handle_bytes.size();
   9943   hash->Update(in_private_bytes.data(), in_private_bytes.size());
   9944   parameter_section_bytes += in_private_bytes;
   9945   command_size += in_private_bytes.size();
   9946   hash->Update(in_public_bytes.data(), in_public_bytes.size());
   9947   parameter_section_bytes += in_public_bytes;
   9948   command_size += in_public_bytes.size();
   9949   std::string command_hash(32, 0);
   9950   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   9951   std::string authorization_section_bytes;
   9952   std::string authorization_size_bytes;
   9953   if (authorization_delegate) {
   9954     if (!authorization_delegate->GetCommandAuthorization(
   9955             command_hash, is_command_parameter_encryption_possible,
   9956             is_response_parameter_encryption_possible,
   9957             &authorization_section_bytes)) {
   9958       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9959     }
   9960     if (!authorization_section_bytes.empty()) {
   9961       tag = TPM_ST_SESSIONS;
   9962       std::string tmp;
   9963       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9964                             &authorization_size_bytes);
   9965       if (rc != TPM_RC_SUCCESS) {
   9966         return rc;
   9967       }
   9968       command_size +=
   9969           authorization_size_bytes.size() + authorization_section_bytes.size();
   9970     }
   9971   }
   9972   std::string tag_bytes;
   9973   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   9974   if (rc != TPM_RC_SUCCESS) {
   9975     return rc;
   9976   }
   9977   std::string command_size_bytes;
   9978   rc = Serialize_UINT32(command_size, &command_size_bytes);
   9979   if (rc != TPM_RC_SUCCESS) {
   9980     return rc;
   9981   }
   9982   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   9983                         handle_section_bytes + authorization_size_bytes +
   9984                         authorization_section_bytes + parameter_section_bytes;
   9985   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9986   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9987                                             serialized_command->size());
   9988   return TPM_RC_SUCCESS;
   9989 }
   9990 
   9991 TPM_RC Tpm::ParseResponse_Load(const std::string& response,
   9992                                TPM_HANDLE* object_handle,
   9993                                TPM2B_NAME* name,
   9994                                AuthorizationDelegate* authorization_delegate) {
   9995   VLOG(3) << __func__;
   9996   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9997   TPM_RC rc = TPM_RC_SUCCESS;
   9998   std::string buffer(response);
   9999   TPM_ST tag;
   10000   std::string tag_bytes;
   10001   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   10002   if (rc != TPM_RC_SUCCESS) {
   10003     return rc;
   10004   }
   10005   UINT32 response_size;
   10006   std::string response_size_bytes;
   10007   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   10008   if (rc != TPM_RC_SUCCESS) {
   10009     return rc;
   10010   }
   10011   TPM_RC response_code;
   10012   std::string response_code_bytes;
   10013   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   10014   if (rc != TPM_RC_SUCCESS) {
   10015     return rc;
   10016   }
   10017   if (response_size != response.size()) {
   10018     return TPM_RC_SIZE;
   10019   }
   10020   if (response_code != TPM_RC_SUCCESS) {
   10021     return response_code;
   10022   }
   10023   std::string object_handle_bytes;
   10024   rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes);
   10025   if (rc != TPM_RC_SUCCESS) {
   10026     return rc;
   10027   }
   10028   TPM_CC command_code = TPM_CC_Load;
   10029   std::string command_code_bytes;
   10030   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10031   if (rc != TPM_RC_SUCCESS) {
   10032     return rc;
   10033   }
   10034   std::string authorization_section_bytes;
   10035   if (tag == TPM_ST_SESSIONS) {
   10036     UINT32 parameter_section_size = buffer.size();
   10037     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10038     if (rc != TPM_RC_SUCCESS) {
   10039       return rc;
   10040     }
   10041     if (parameter_section_size > buffer.size()) {
   10042       return TPM_RC_INSUFFICIENT;
   10043     }
   10044     authorization_section_bytes = buffer.substr(parameter_section_size);
   10045     // Keep the parameter section in |buffer|.
   10046     buffer.erase(parameter_section_size);
   10047   }
   10048   std::unique_ptr<crypto::SecureHash> hash(
   10049       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10050   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   10051   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10052   hash->Update(buffer.data(), buffer.size());
   10053   std::string response_hash(32, 0);
   10054   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   10055   if (tag == TPM_ST_SESSIONS) {
   10056     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10057     if (!authorization_delegate->CheckResponseAuthorization(
   10058             response_hash, authorization_section_bytes)) {
   10059       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10060     }
   10061   }
   10062   std::string name_bytes;
   10063   rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes);
   10064   if (rc != TPM_RC_SUCCESS) {
   10065     return rc;
   10066   }
   10067   if (tag == TPM_ST_SESSIONS) {
   10068     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10069     // Decrypt just the parameter data, not the size.
   10070     std::string tmp = name_bytes.substr(2);
   10071     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10072       return TRUNKS_RC_ENCRYPTION_FAILED;
   10073     }
   10074     name_bytes.replace(2, std::string::npos, tmp);
   10075     rc = Parse_TPM2B_NAME(&name_bytes, name, nullptr);
   10076     if (rc != TPM_RC_SUCCESS) {
   10077       return rc;
   10078     }
   10079   }
   10080   return TPM_RC_SUCCESS;
   10081 }
   10082 
   10083 void LoadErrorCallback(const Tpm::LoadResponse& callback,
   10084                        TPM_RC response_code) {
   10085   VLOG(1) << __func__;
   10086   callback.Run(response_code, TPM_HANDLE(), TPM2B_NAME());
   10087 }
   10088 
   10089 void LoadResponseParser(const Tpm::LoadResponse& callback,
   10090                         AuthorizationDelegate* authorization_delegate,
   10091                         const std::string& response) {
   10092   VLOG(1) << __func__;
   10093   base::Callback<void(TPM_RC)> error_reporter =
   10094       base::Bind(LoadErrorCallback, callback);
   10095   TPM_HANDLE object_handle;
   10096   TPM2B_NAME name;
   10097   TPM_RC rc = Tpm::ParseResponse_Load(response, &object_handle, &name,
   10098                                       authorization_delegate);
   10099   if (rc != TPM_RC_SUCCESS) {
   10100     error_reporter.Run(rc);
   10101     return;
   10102   }
   10103   callback.Run(rc, object_handle, name);
   10104 }
   10105 
   10106 void Tpm::Load(const TPMI_DH_OBJECT& parent_handle,
   10107                const std::string& parent_handle_name,
   10108                const TPM2B_PRIVATE& in_private,
   10109                const TPM2B_PUBLIC& in_public,
   10110                AuthorizationDelegate* authorization_delegate,
   10111                const LoadResponse& callback) {
   10112   VLOG(1) << __func__;
   10113   base::Callback<void(TPM_RC)> error_reporter =
   10114       base::Bind(LoadErrorCallback, callback);
   10115   base::Callback<void(const std::string&)> parser =
   10116       base::Bind(LoadResponseParser, callback, authorization_delegate);
   10117   std::string command;
   10118   TPM_RC rc =
   10119       SerializeCommand_Load(parent_handle, parent_handle_name, in_private,
   10120                             in_public, &command, authorization_delegate);
   10121   if (rc != TPM_RC_SUCCESS) {
   10122     error_reporter.Run(rc);
   10123     return;
   10124   }
   10125   transceiver_->SendCommand(command, parser);
   10126 }
   10127 
   10128 TPM_RC Tpm::LoadSync(const TPMI_DH_OBJECT& parent_handle,
   10129                      const std::string& parent_handle_name,
   10130                      const TPM2B_PRIVATE& in_private,
   10131                      const TPM2B_PUBLIC& in_public,
   10132                      TPM_HANDLE* object_handle,
   10133                      TPM2B_NAME* name,
   10134                      AuthorizationDelegate* authorization_delegate) {
   10135   VLOG(1) << __func__;
   10136   std::string command;
   10137   TPM_RC rc =
   10138       SerializeCommand_Load(parent_handle, parent_handle_name, in_private,
   10139                             in_public, &command, authorization_delegate);
   10140   if (rc != TPM_RC_SUCCESS) {
   10141     return rc;
   10142   }
   10143   std::string response = transceiver_->SendCommandAndWait(command);
   10144   rc =
   10145       ParseResponse_Load(response, object_handle, name, authorization_delegate);
   10146   return rc;
   10147 }
   10148 
   10149 TPM_RC Tpm::SerializeCommand_LoadExternal(
   10150     const TPM2B_SENSITIVE& in_private,
   10151     const TPM2B_PUBLIC& in_public,
   10152     const TPMI_RH_HIERARCHY& hierarchy,
   10153     std::string* serialized_command,
   10154     AuthorizationDelegate* authorization_delegate) {
   10155   VLOG(3) << __func__;
   10156   TPM_RC rc = TPM_RC_SUCCESS;
   10157   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10158   UINT32 command_size = 10;  // Header size.
   10159   std::string handle_section_bytes;
   10160   std::string parameter_section_bytes;
   10161   TPM_CC command_code = TPM_CC_LoadExternal;
   10162   bool is_command_parameter_encryption_possible = true;
   10163   bool is_response_parameter_encryption_possible = true;
   10164   std::string command_code_bytes;
   10165   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10166   if (rc != TPM_RC_SUCCESS) {
   10167     return rc;
   10168   }
   10169   std::string in_private_bytes;
   10170   rc = Serialize_TPM2B_SENSITIVE(in_private, &in_private_bytes);
   10171   if (rc != TPM_RC_SUCCESS) {
   10172     return rc;
   10173   }
   10174   std::string in_public_bytes;
   10175   rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes);
   10176   if (rc != TPM_RC_SUCCESS) {
   10177     return rc;
   10178   }
   10179   std::string hierarchy_bytes;
   10180   rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes);
   10181   if (rc != TPM_RC_SUCCESS) {
   10182     return rc;
   10183   }
   10184   if (authorization_delegate) {
   10185     // Encrypt just the parameter data, not the size.
   10186     std::string tmp = in_private_bytes.substr(2);
   10187     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   10188       return TRUNKS_RC_ENCRYPTION_FAILED;
   10189     }
   10190     in_private_bytes.replace(2, std::string::npos, tmp);
   10191   }
   10192   std::unique_ptr<crypto::SecureHash> hash(
   10193       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10194   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10195   hash->Update(in_private_bytes.data(), in_private_bytes.size());
   10196   parameter_section_bytes += in_private_bytes;
   10197   command_size += in_private_bytes.size();
   10198   hash->Update(in_public_bytes.data(), in_public_bytes.size());
   10199   parameter_section_bytes += in_public_bytes;
   10200   command_size += in_public_bytes.size();
   10201   hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size());
   10202   parameter_section_bytes += hierarchy_bytes;
   10203   command_size += hierarchy_bytes.size();
   10204   std::string command_hash(32, 0);
   10205   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   10206   std::string authorization_section_bytes;
   10207   std::string authorization_size_bytes;
   10208   if (authorization_delegate) {
   10209     if (!authorization_delegate->GetCommandAuthorization(
   10210             command_hash, is_command_parameter_encryption_possible,
   10211             is_response_parameter_encryption_possible,
   10212             &authorization_section_bytes)) {
   10213       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10214     }
   10215     if (!authorization_section_bytes.empty()) {
   10216       tag = TPM_ST_SESSIONS;
   10217       std::string tmp;
   10218       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10219                             &authorization_size_bytes);
   10220       if (rc != TPM_RC_SUCCESS) {
   10221         return rc;
   10222       }
   10223       command_size +=
   10224           authorization_size_bytes.size() + authorization_section_bytes.size();
   10225     }
   10226   }
   10227   std::string tag_bytes;
   10228   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   10229   if (rc != TPM_RC_SUCCESS) {
   10230     return rc;
   10231   }
   10232   std::string command_size_bytes;
   10233   rc = Serialize_UINT32(command_size, &command_size_bytes);
   10234   if (rc != TPM_RC_SUCCESS) {
   10235     return rc;
   10236   }
   10237   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   10238                         handle_section_bytes + authorization_size_bytes +
   10239                         authorization_section_bytes + parameter_section_bytes;
   10240   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10241   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10242                                             serialized_command->size());
   10243   return TPM_RC_SUCCESS;
   10244 }
   10245 
   10246 TPM_RC Tpm::ParseResponse_LoadExternal(
   10247     const std::string& response,
   10248     TPM_HANDLE* object_handle,
   10249     TPM2B_NAME* name,
   10250     AuthorizationDelegate* authorization_delegate) {
   10251   VLOG(3) << __func__;
   10252   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10253   TPM_RC rc = TPM_RC_SUCCESS;
   10254   std::string buffer(response);
   10255   TPM_ST tag;
   10256   std::string tag_bytes;
   10257   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   10258   if (rc != TPM_RC_SUCCESS) {
   10259     return rc;
   10260   }
   10261   UINT32 response_size;
   10262   std::string response_size_bytes;
   10263   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   10264   if (rc != TPM_RC_SUCCESS) {
   10265     return rc;
   10266   }
   10267   TPM_RC response_code;
   10268   std::string response_code_bytes;
   10269   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   10270   if (rc != TPM_RC_SUCCESS) {
   10271     return rc;
   10272   }
   10273   if (response_size != response.size()) {
   10274     return TPM_RC_SIZE;
   10275   }
   10276   if (response_code != TPM_RC_SUCCESS) {
   10277     return response_code;
   10278   }
   10279   std::string object_handle_bytes;
   10280   rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes);
   10281   if (rc != TPM_RC_SUCCESS) {
   10282     return rc;
   10283   }
   10284   TPM_CC command_code = TPM_CC_LoadExternal;
   10285   std::string command_code_bytes;
   10286   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10287   if (rc != TPM_RC_SUCCESS) {
   10288     return rc;
   10289   }
   10290   std::string authorization_section_bytes;
   10291   if (tag == TPM_ST_SESSIONS) {
   10292     UINT32 parameter_section_size = buffer.size();
   10293     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10294     if (rc != TPM_RC_SUCCESS) {
   10295       return rc;
   10296     }
   10297     if (parameter_section_size > buffer.size()) {
   10298       return TPM_RC_INSUFFICIENT;
   10299     }
   10300     authorization_section_bytes = buffer.substr(parameter_section_size);
   10301     // Keep the parameter section in |buffer|.
   10302     buffer.erase(parameter_section_size);
   10303   }
   10304   std::unique_ptr<crypto::SecureHash> hash(
   10305       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10306   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   10307   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10308   hash->Update(buffer.data(), buffer.size());
   10309   std::string response_hash(32, 0);
   10310   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   10311   if (tag == TPM_ST_SESSIONS) {
   10312     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10313     if (!authorization_delegate->CheckResponseAuthorization(
   10314             response_hash, authorization_section_bytes)) {
   10315       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10316     }
   10317   }
   10318   std::string name_bytes;
   10319   rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes);
   10320   if (rc != TPM_RC_SUCCESS) {
   10321     return rc;
   10322   }
   10323   if (tag == TPM_ST_SESSIONS) {
   10324     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10325     // Decrypt just the parameter data, not the size.
   10326     std::string tmp = name_bytes.substr(2);
   10327     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10328       return TRUNKS_RC_ENCRYPTION_FAILED;
   10329     }
   10330     name_bytes.replace(2, std::string::npos, tmp);
   10331     rc = Parse_TPM2B_NAME(&name_bytes, name, nullptr);
   10332     if (rc != TPM_RC_SUCCESS) {
   10333       return rc;
   10334     }
   10335   }
   10336   return TPM_RC_SUCCESS;
   10337 }
   10338 
   10339 void LoadExternalErrorCallback(const Tpm::LoadExternalResponse& callback,
   10340                                TPM_RC response_code) {
   10341   VLOG(1) << __func__;
   10342   callback.Run(response_code, TPM_HANDLE(), TPM2B_NAME());
   10343 }
   10344 
   10345 void LoadExternalResponseParser(const Tpm::LoadExternalResponse& callback,
   10346                                 AuthorizationDelegate* authorization_delegate,
   10347                                 const std::string& response) {
   10348   VLOG(1) << __func__;
   10349   base::Callback<void(TPM_RC)> error_reporter =
   10350       base::Bind(LoadExternalErrorCallback, callback);
   10351   TPM_HANDLE object_handle;
   10352   TPM2B_NAME name;
   10353   TPM_RC rc = Tpm::ParseResponse_LoadExternal(response, &object_handle, &name,
   10354                                               authorization_delegate);
   10355   if (rc != TPM_RC_SUCCESS) {
   10356     error_reporter.Run(rc);
   10357     return;
   10358   }
   10359   callback.Run(rc, object_handle, name);
   10360 }
   10361 
   10362 void Tpm::LoadExternal(const TPM2B_SENSITIVE& in_private,
   10363                        const TPM2B_PUBLIC& in_public,
   10364                        const TPMI_RH_HIERARCHY& hierarchy,
   10365                        AuthorizationDelegate* authorization_delegate,
   10366                        const LoadExternalResponse& callback) {
   10367   VLOG(1) << __func__;
   10368   base::Callback<void(TPM_RC)> error_reporter =
   10369       base::Bind(LoadExternalErrorCallback, callback);
   10370   base::Callback<void(const std::string&)> parser =
   10371       base::Bind(LoadExternalResponseParser, callback, authorization_delegate);
   10372   std::string command;
   10373   TPM_RC rc = SerializeCommand_LoadExternal(in_private, in_public, hierarchy,
   10374                                             &command, authorization_delegate);
   10375   if (rc != TPM_RC_SUCCESS) {
   10376     error_reporter.Run(rc);
   10377     return;
   10378   }
   10379   transceiver_->SendCommand(command, parser);
   10380 }
   10381 
   10382 TPM_RC Tpm::LoadExternalSync(const TPM2B_SENSITIVE& in_private,
   10383                              const TPM2B_PUBLIC& in_public,
   10384                              const TPMI_RH_HIERARCHY& hierarchy,
   10385                              TPM_HANDLE* object_handle,
   10386                              TPM2B_NAME* name,
   10387                              AuthorizationDelegate* authorization_delegate) {
   10388   VLOG(1) << __func__;
   10389   std::string command;
   10390   TPM_RC rc = SerializeCommand_LoadExternal(in_private, in_public, hierarchy,
   10391                                             &command, authorization_delegate);
   10392   if (rc != TPM_RC_SUCCESS) {
   10393     return rc;
   10394   }
   10395   std::string response = transceiver_->SendCommandAndWait(command);
   10396   rc = ParseResponse_LoadExternal(response, object_handle, name,
   10397                                   authorization_delegate);
   10398   return rc;
   10399 }
   10400 
   10401 TPM_RC Tpm::SerializeCommand_ReadPublic(
   10402     const TPMI_DH_OBJECT& object_handle,
   10403     const std::string& object_handle_name,
   10404     std::string* serialized_command,
   10405     AuthorizationDelegate* authorization_delegate) {
   10406   VLOG(3) << __func__;
   10407   TPM_RC rc = TPM_RC_SUCCESS;
   10408   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10409   UINT32 command_size = 10;  // Header size.
   10410   std::string handle_section_bytes;
   10411   std::string parameter_section_bytes;
   10412   TPM_CC command_code = TPM_CC_ReadPublic;
   10413   bool is_command_parameter_encryption_possible = false;
   10414   bool is_response_parameter_encryption_possible = true;
   10415   std::string command_code_bytes;
   10416   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10417   if (rc != TPM_RC_SUCCESS) {
   10418     return rc;
   10419   }
   10420   std::string object_handle_bytes;
   10421   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   10422   if (rc != TPM_RC_SUCCESS) {
   10423     return rc;
   10424   }
   10425   std::unique_ptr<crypto::SecureHash> hash(
   10426       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10427   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10428   hash->Update(object_handle_name.data(), object_handle_name.size());
   10429   handle_section_bytes += object_handle_bytes;
   10430   command_size += object_handle_bytes.size();
   10431   std::string command_hash(32, 0);
   10432   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   10433   std::string authorization_section_bytes;
   10434   std::string authorization_size_bytes;
   10435   if (authorization_delegate) {
   10436     if (!authorization_delegate->GetCommandAuthorization(
   10437             command_hash, is_command_parameter_encryption_possible,
   10438             is_response_parameter_encryption_possible,
   10439             &authorization_section_bytes)) {
   10440       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10441     }
   10442     if (!authorization_section_bytes.empty()) {
   10443       tag = TPM_ST_SESSIONS;
   10444       std::string tmp;
   10445       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10446                             &authorization_size_bytes);
   10447       if (rc != TPM_RC_SUCCESS) {
   10448         return rc;
   10449       }
   10450       command_size +=
   10451           authorization_size_bytes.size() + authorization_section_bytes.size();
   10452     }
   10453   }
   10454   std::string tag_bytes;
   10455   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   10456   if (rc != TPM_RC_SUCCESS) {
   10457     return rc;
   10458   }
   10459   std::string command_size_bytes;
   10460   rc = Serialize_UINT32(command_size, &command_size_bytes);
   10461   if (rc != TPM_RC_SUCCESS) {
   10462     return rc;
   10463   }
   10464   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   10465                         handle_section_bytes + authorization_size_bytes +
   10466                         authorization_section_bytes + parameter_section_bytes;
   10467   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10468   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10469                                             serialized_command->size());
   10470   return TPM_RC_SUCCESS;
   10471 }
   10472 
   10473 TPM_RC Tpm::ParseResponse_ReadPublic(
   10474     const std::string& response,
   10475     TPM2B_PUBLIC* out_public,
   10476     TPM2B_NAME* name,
   10477     TPM2B_NAME* qualified_name,
   10478     AuthorizationDelegate* authorization_delegate) {
   10479   VLOG(3) << __func__;
   10480   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10481   TPM_RC rc = TPM_RC_SUCCESS;
   10482   std::string buffer(response);
   10483   TPM_ST tag;
   10484   std::string tag_bytes;
   10485   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   10486   if (rc != TPM_RC_SUCCESS) {
   10487     return rc;
   10488   }
   10489   UINT32 response_size;
   10490   std::string response_size_bytes;
   10491   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   10492   if (rc != TPM_RC_SUCCESS) {
   10493     return rc;
   10494   }
   10495   TPM_RC response_code;
   10496   std::string response_code_bytes;
   10497   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   10498   if (rc != TPM_RC_SUCCESS) {
   10499     return rc;
   10500   }
   10501   if (response_size != response.size()) {
   10502     return TPM_RC_SIZE;
   10503   }
   10504   if (response_code != TPM_RC_SUCCESS) {
   10505     return response_code;
   10506   }
   10507   TPM_CC command_code = TPM_CC_ReadPublic;
   10508   std::string command_code_bytes;
   10509   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10510   if (rc != TPM_RC_SUCCESS) {
   10511     return rc;
   10512   }
   10513   std::string authorization_section_bytes;
   10514   if (tag == TPM_ST_SESSIONS) {
   10515     UINT32 parameter_section_size = buffer.size();
   10516     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10517     if (rc != TPM_RC_SUCCESS) {
   10518       return rc;
   10519     }
   10520     if (parameter_section_size > buffer.size()) {
   10521       return TPM_RC_INSUFFICIENT;
   10522     }
   10523     authorization_section_bytes = buffer.substr(parameter_section_size);
   10524     // Keep the parameter section in |buffer|.
   10525     buffer.erase(parameter_section_size);
   10526   }
   10527   std::unique_ptr<crypto::SecureHash> hash(
   10528       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10529   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   10530   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10531   hash->Update(buffer.data(), buffer.size());
   10532   std::string response_hash(32, 0);
   10533   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   10534   if (tag == TPM_ST_SESSIONS) {
   10535     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10536     if (!authorization_delegate->CheckResponseAuthorization(
   10537             response_hash, authorization_section_bytes)) {
   10538       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10539     }
   10540   }
   10541   std::string out_public_bytes;
   10542   rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes);
   10543   if (rc != TPM_RC_SUCCESS) {
   10544     return rc;
   10545   }
   10546   std::string name_bytes;
   10547   rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes);
   10548   if (rc != TPM_RC_SUCCESS) {
   10549     return rc;
   10550   }
   10551   std::string qualified_name_bytes;
   10552   rc = Parse_TPM2B_NAME(&buffer, qualified_name, &qualified_name_bytes);
   10553   if (rc != TPM_RC_SUCCESS) {
   10554     return rc;
   10555   }
   10556   if (tag == TPM_ST_SESSIONS) {
   10557     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10558     // Decrypt just the parameter data, not the size.
   10559     std::string tmp = out_public_bytes.substr(2);
   10560     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10561       return TRUNKS_RC_ENCRYPTION_FAILED;
   10562     }
   10563     out_public_bytes.replace(2, std::string::npos, tmp);
   10564     rc = Parse_TPM2B_PUBLIC(&out_public_bytes, out_public, nullptr);
   10565     if (rc != TPM_RC_SUCCESS) {
   10566       return rc;
   10567     }
   10568   }
   10569   return TPM_RC_SUCCESS;
   10570 }
   10571 
   10572 void ReadPublicErrorCallback(const Tpm::ReadPublicResponse& callback,
   10573                              TPM_RC response_code) {
   10574   VLOG(1) << __func__;
   10575   callback.Run(response_code, TPM2B_PUBLIC(), TPM2B_NAME(), TPM2B_NAME());
   10576 }
   10577 
   10578 void ReadPublicResponseParser(const Tpm::ReadPublicResponse& callback,
   10579                               AuthorizationDelegate* authorization_delegate,
   10580                               const std::string& response) {
   10581   VLOG(1) << __func__;
   10582   base::Callback<void(TPM_RC)> error_reporter =
   10583       base::Bind(ReadPublicErrorCallback, callback);
   10584   TPM2B_PUBLIC out_public;
   10585   TPM2B_NAME name;
   10586   TPM2B_NAME qualified_name;
   10587   TPM_RC rc = Tpm::ParseResponse_ReadPublic(
   10588       response, &out_public, &name, &qualified_name, authorization_delegate);
   10589   if (rc != TPM_RC_SUCCESS) {
   10590     error_reporter.Run(rc);
   10591     return;
   10592   }
   10593   callback.Run(rc, out_public, name, qualified_name);
   10594 }
   10595 
   10596 void Tpm::ReadPublic(const TPMI_DH_OBJECT& object_handle,
   10597                      const std::string& object_handle_name,
   10598                      AuthorizationDelegate* authorization_delegate,
   10599                      const ReadPublicResponse& callback) {
   10600   VLOG(1) << __func__;
   10601   base::Callback<void(TPM_RC)> error_reporter =
   10602       base::Bind(ReadPublicErrorCallback, callback);
   10603   base::Callback<void(const std::string&)> parser =
   10604       base::Bind(ReadPublicResponseParser, callback, authorization_delegate);
   10605   std::string command;
   10606   TPM_RC rc = SerializeCommand_ReadPublic(object_handle, object_handle_name,
   10607                                           &command, authorization_delegate);
   10608   if (rc != TPM_RC_SUCCESS) {
   10609     error_reporter.Run(rc);
   10610     return;
   10611   }
   10612   transceiver_->SendCommand(command, parser);
   10613 }
   10614 
   10615 TPM_RC Tpm::ReadPublicSync(const TPMI_DH_OBJECT& object_handle,
   10616                            const std::string& object_handle_name,
   10617                            TPM2B_PUBLIC* out_public,
   10618                            TPM2B_NAME* name,
   10619                            TPM2B_NAME* qualified_name,
   10620                            AuthorizationDelegate* authorization_delegate) {
   10621   VLOG(1) << __func__;
   10622   std::string command;
   10623   TPM_RC rc = SerializeCommand_ReadPublic(object_handle, object_handle_name,
   10624                                           &command, authorization_delegate);
   10625   if (rc != TPM_RC_SUCCESS) {
   10626     return rc;
   10627   }
   10628   std::string response = transceiver_->SendCommandAndWait(command);
   10629   rc = ParseResponse_ReadPublic(response, out_public, name, qualified_name,
   10630                                 authorization_delegate);
   10631   return rc;
   10632 }
   10633 
   10634 TPM_RC Tpm::SerializeCommand_ActivateCredential(
   10635     const TPMI_DH_OBJECT& activate_handle,
   10636     const std::string& activate_handle_name,
   10637     const TPMI_DH_OBJECT& key_handle,
   10638     const std::string& key_handle_name,
   10639     const TPM2B_ID_OBJECT& credential_blob,
   10640     const TPM2B_ENCRYPTED_SECRET& secret,
   10641     std::string* serialized_command,
   10642     AuthorizationDelegate* authorization_delegate) {
   10643   VLOG(3) << __func__;
   10644   TPM_RC rc = TPM_RC_SUCCESS;
   10645   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10646   UINT32 command_size = 10;  // Header size.
   10647   std::string handle_section_bytes;
   10648   std::string parameter_section_bytes;
   10649   TPM_CC command_code = TPM_CC_ActivateCredential;
   10650   bool is_command_parameter_encryption_possible = true;
   10651   bool is_response_parameter_encryption_possible = true;
   10652   std::string command_code_bytes;
   10653   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10654   if (rc != TPM_RC_SUCCESS) {
   10655     return rc;
   10656   }
   10657   std::string activate_handle_bytes;
   10658   rc = Serialize_TPMI_DH_OBJECT(activate_handle, &activate_handle_bytes);
   10659   if (rc != TPM_RC_SUCCESS) {
   10660     return rc;
   10661   }
   10662   std::string key_handle_bytes;
   10663   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   10664   if (rc != TPM_RC_SUCCESS) {
   10665     return rc;
   10666   }
   10667   std::string credential_blob_bytes;
   10668   rc = Serialize_TPM2B_ID_OBJECT(credential_blob, &credential_blob_bytes);
   10669   if (rc != TPM_RC_SUCCESS) {
   10670     return rc;
   10671   }
   10672   std::string secret_bytes;
   10673   rc = Serialize_TPM2B_ENCRYPTED_SECRET(secret, &secret_bytes);
   10674   if (rc != TPM_RC_SUCCESS) {
   10675     return rc;
   10676   }
   10677   if (authorization_delegate) {
   10678     // Encrypt just the parameter data, not the size.
   10679     std::string tmp = credential_blob_bytes.substr(2);
   10680     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   10681       return TRUNKS_RC_ENCRYPTION_FAILED;
   10682     }
   10683     credential_blob_bytes.replace(2, std::string::npos, tmp);
   10684   }
   10685   std::unique_ptr<crypto::SecureHash> hash(
   10686       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10687   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10688   hash->Update(activate_handle_name.data(), activate_handle_name.size());
   10689   handle_section_bytes += activate_handle_bytes;
   10690   command_size += activate_handle_bytes.size();
   10691   hash->Update(key_handle_name.data(), key_handle_name.size());
   10692   handle_section_bytes += key_handle_bytes;
   10693   command_size += key_handle_bytes.size();
   10694   hash->Update(credential_blob_bytes.data(), credential_blob_bytes.size());
   10695   parameter_section_bytes += credential_blob_bytes;
   10696   command_size += credential_blob_bytes.size();
   10697   hash->Update(secret_bytes.data(), secret_bytes.size());
   10698   parameter_section_bytes += secret_bytes;
   10699   command_size += secret_bytes.size();
   10700   std::string command_hash(32, 0);
   10701   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   10702   std::string authorization_section_bytes;
   10703   std::string authorization_size_bytes;
   10704   if (authorization_delegate) {
   10705     if (!authorization_delegate->GetCommandAuthorization(
   10706             command_hash, is_command_parameter_encryption_possible,
   10707             is_response_parameter_encryption_possible,
   10708             &authorization_section_bytes)) {
   10709       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10710     }
   10711     if (!authorization_section_bytes.empty()) {
   10712       tag = TPM_ST_SESSIONS;
   10713       std::string tmp;
   10714       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10715                             &authorization_size_bytes);
   10716       if (rc != TPM_RC_SUCCESS) {
   10717         return rc;
   10718       }
   10719       command_size +=
   10720           authorization_size_bytes.size() + authorization_section_bytes.size();
   10721     }
   10722   }
   10723   std::string tag_bytes;
   10724   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   10725   if (rc != TPM_RC_SUCCESS) {
   10726     return rc;
   10727   }
   10728   std::string command_size_bytes;
   10729   rc = Serialize_UINT32(command_size, &command_size_bytes);
   10730   if (rc != TPM_RC_SUCCESS) {
   10731     return rc;
   10732   }
   10733   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   10734                         handle_section_bytes + authorization_size_bytes +
   10735                         authorization_section_bytes + parameter_section_bytes;
   10736   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10737   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10738                                             serialized_command->size());
   10739   return TPM_RC_SUCCESS;
   10740 }
   10741 
   10742 TPM_RC Tpm::ParseResponse_ActivateCredential(
   10743     const std::string& response,
   10744     TPM2B_DIGEST* cert_info,
   10745     AuthorizationDelegate* authorization_delegate) {
   10746   VLOG(3) << __func__;
   10747   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10748   TPM_RC rc = TPM_RC_SUCCESS;
   10749   std::string buffer(response);
   10750   TPM_ST tag;
   10751   std::string tag_bytes;
   10752   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   10753   if (rc != TPM_RC_SUCCESS) {
   10754     return rc;
   10755   }
   10756   UINT32 response_size;
   10757   std::string response_size_bytes;
   10758   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   10759   if (rc != TPM_RC_SUCCESS) {
   10760     return rc;
   10761   }
   10762   TPM_RC response_code;
   10763   std::string response_code_bytes;
   10764   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   10765   if (rc != TPM_RC_SUCCESS) {
   10766     return rc;
   10767   }
   10768   if (response_size != response.size()) {
   10769     return TPM_RC_SIZE;
   10770   }
   10771   if (response_code != TPM_RC_SUCCESS) {
   10772     return response_code;
   10773   }
   10774   TPM_CC command_code = TPM_CC_ActivateCredential;
   10775   std::string command_code_bytes;
   10776   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10777   if (rc != TPM_RC_SUCCESS) {
   10778     return rc;
   10779   }
   10780   std::string authorization_section_bytes;
   10781   if (tag == TPM_ST_SESSIONS) {
   10782     UINT32 parameter_section_size = buffer.size();
   10783     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10784     if (rc != TPM_RC_SUCCESS) {
   10785       return rc;
   10786     }
   10787     if (parameter_section_size > buffer.size()) {
   10788       return TPM_RC_INSUFFICIENT;
   10789     }
   10790     authorization_section_bytes = buffer.substr(parameter_section_size);
   10791     // Keep the parameter section in |buffer|.
   10792     buffer.erase(parameter_section_size);
   10793   }
   10794   std::unique_ptr<crypto::SecureHash> hash(
   10795       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10796   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   10797   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10798   hash->Update(buffer.data(), buffer.size());
   10799   std::string response_hash(32, 0);
   10800   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   10801   if (tag == TPM_ST_SESSIONS) {
   10802     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10803     if (!authorization_delegate->CheckResponseAuthorization(
   10804             response_hash, authorization_section_bytes)) {
   10805       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10806     }
   10807   }
   10808   std::string cert_info_bytes;
   10809   rc = Parse_TPM2B_DIGEST(&buffer, cert_info, &cert_info_bytes);
   10810   if (rc != TPM_RC_SUCCESS) {
   10811     return rc;
   10812   }
   10813   if (tag == TPM_ST_SESSIONS) {
   10814     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10815     // Decrypt just the parameter data, not the size.
   10816     std::string tmp = cert_info_bytes.substr(2);
   10817     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10818       return TRUNKS_RC_ENCRYPTION_FAILED;
   10819     }
   10820     cert_info_bytes.replace(2, std::string::npos, tmp);
   10821     rc = Parse_TPM2B_DIGEST(&cert_info_bytes, cert_info, nullptr);
   10822     if (rc != TPM_RC_SUCCESS) {
   10823       return rc;
   10824     }
   10825   }
   10826   return TPM_RC_SUCCESS;
   10827 }
   10828 
   10829 void ActivateCredentialErrorCallback(
   10830     const Tpm::ActivateCredentialResponse& callback,
   10831     TPM_RC response_code) {
   10832   VLOG(1) << __func__;
   10833   callback.Run(response_code, TPM2B_DIGEST());
   10834 }
   10835 
   10836 void ActivateCredentialResponseParser(
   10837     const Tpm::ActivateCredentialResponse& callback,
   10838     AuthorizationDelegate* authorization_delegate,
   10839     const std::string& response) {
   10840   VLOG(1) << __func__;
   10841   base::Callback<void(TPM_RC)> error_reporter =
   10842       base::Bind(ActivateCredentialErrorCallback, callback);
   10843   TPM2B_DIGEST cert_info;
   10844   TPM_RC rc = Tpm::ParseResponse_ActivateCredential(response, &cert_info,
   10845                                                     authorization_delegate);
   10846   if (rc != TPM_RC_SUCCESS) {
   10847     error_reporter.Run(rc);
   10848     return;
   10849   }
   10850   callback.Run(rc, cert_info);
   10851 }
   10852 
   10853 void Tpm::ActivateCredential(const TPMI_DH_OBJECT& activate_handle,
   10854                              const std::string& activate_handle_name,
   10855                              const TPMI_DH_OBJECT& key_handle,
   10856                              const std::string& key_handle_name,
   10857                              const TPM2B_ID_OBJECT& credential_blob,
   10858                              const TPM2B_ENCRYPTED_SECRET& secret,
   10859                              AuthorizationDelegate* authorization_delegate,
   10860                              const ActivateCredentialResponse& callback) {
   10861   VLOG(1) << __func__;
   10862   base::Callback<void(TPM_RC)> error_reporter =
   10863       base::Bind(ActivateCredentialErrorCallback, callback);
   10864   base::Callback<void(const std::string&)> parser = base::Bind(
   10865       ActivateCredentialResponseParser, callback, authorization_delegate);
   10866   std::string command;
   10867   TPM_RC rc = SerializeCommand_ActivateCredential(
   10868       activate_handle, activate_handle_name, key_handle, key_handle_name,
   10869       credential_blob, secret, &command, authorization_delegate);
   10870   if (rc != TPM_RC_SUCCESS) {
   10871     error_reporter.Run(rc);
   10872     return;
   10873   }
   10874   transceiver_->SendCommand(command, parser);
   10875 }
   10876 
   10877 TPM_RC Tpm::ActivateCredentialSync(
   10878     const TPMI_DH_OBJECT& activate_handle,
   10879     const std::string& activate_handle_name,
   10880     const TPMI_DH_OBJECT& key_handle,
   10881     const std::string& key_handle_name,
   10882     const TPM2B_ID_OBJECT& credential_blob,
   10883     const TPM2B_ENCRYPTED_SECRET& secret,
   10884     TPM2B_DIGEST* cert_info,
   10885     AuthorizationDelegate* authorization_delegate) {
   10886   VLOG(1) << __func__;
   10887   std::string command;
   10888   TPM_RC rc = SerializeCommand_ActivateCredential(
   10889       activate_handle, activate_handle_name, key_handle, key_handle_name,
   10890       credential_blob, secret, &command, authorization_delegate);
   10891   if (rc != TPM_RC_SUCCESS) {
   10892     return rc;
   10893   }
   10894   std::string response = transceiver_->SendCommandAndWait(command);
   10895   rc = ParseResponse_ActivateCredential(response, cert_info,
   10896                                         authorization_delegate);
   10897   return rc;
   10898 }
   10899 
   10900 TPM_RC Tpm::SerializeCommand_MakeCredential(
   10901     const TPMI_DH_OBJECT& handle,
   10902     const std::string& handle_name,
   10903     const TPM2B_DIGEST& credential,
   10904     const TPM2B_NAME& object_name,
   10905     std::string* serialized_command,
   10906     AuthorizationDelegate* authorization_delegate) {
   10907   VLOG(3) << __func__;
   10908   TPM_RC rc = TPM_RC_SUCCESS;
   10909   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10910   UINT32 command_size = 10;  // Header size.
   10911   std::string handle_section_bytes;
   10912   std::string parameter_section_bytes;
   10913   TPM_CC command_code = TPM_CC_MakeCredential;
   10914   bool is_command_parameter_encryption_possible = true;
   10915   bool is_response_parameter_encryption_possible = true;
   10916   std::string command_code_bytes;
   10917   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   10918   if (rc != TPM_RC_SUCCESS) {
   10919     return rc;
   10920   }
   10921   std::string handle_bytes;
   10922   rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes);
   10923   if (rc != TPM_RC_SUCCESS) {
   10924     return rc;
   10925   }
   10926   std::string credential_bytes;
   10927   rc = Serialize_TPM2B_DIGEST(credential, &credential_bytes);
   10928   if (rc != TPM_RC_SUCCESS) {
   10929     return rc;
   10930   }
   10931   std::string object_name_bytes;
   10932   rc = Serialize_TPM2B_NAME(object_name, &object_name_bytes);
   10933   if (rc != TPM_RC_SUCCESS) {
   10934     return rc;
   10935   }
   10936   if (authorization_delegate) {
   10937     // Encrypt just the parameter data, not the size.
   10938     std::string tmp = credential_bytes.substr(2);
   10939     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   10940       return TRUNKS_RC_ENCRYPTION_FAILED;
   10941     }
   10942     credential_bytes.replace(2, std::string::npos, tmp);
   10943   }
   10944   std::unique_ptr<crypto::SecureHash> hash(
   10945       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   10946   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   10947   hash->Update(handle_name.data(), handle_name.size());
   10948   handle_section_bytes += handle_bytes;
   10949   command_size += handle_bytes.size();
   10950   hash->Update(credential_bytes.data(), credential_bytes.size());
   10951   parameter_section_bytes += credential_bytes;
   10952   command_size += credential_bytes.size();
   10953   hash->Update(object_name_bytes.data(), object_name_bytes.size());
   10954   parameter_section_bytes += object_name_bytes;
   10955   command_size += object_name_bytes.size();
   10956   std::string command_hash(32, 0);
   10957   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   10958   std::string authorization_section_bytes;
   10959   std::string authorization_size_bytes;
   10960   if (authorization_delegate) {
   10961     if (!authorization_delegate->GetCommandAuthorization(
   10962             command_hash, is_command_parameter_encryption_possible,
   10963             is_response_parameter_encryption_possible,
   10964             &authorization_section_bytes)) {
   10965       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10966     }
   10967     if (!authorization_section_bytes.empty()) {
   10968       tag = TPM_ST_SESSIONS;
   10969       std::string tmp;
   10970       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10971                             &authorization_size_bytes);
   10972       if (rc != TPM_RC_SUCCESS) {
   10973         return rc;
   10974       }
   10975       command_size +=
   10976           authorization_size_bytes.size() + authorization_section_bytes.size();
   10977     }
   10978   }
   10979   std::string tag_bytes;
   10980   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   10981   if (rc != TPM_RC_SUCCESS) {
   10982     return rc;
   10983   }
   10984   std::string command_size_bytes;
   10985   rc = Serialize_UINT32(command_size, &command_size_bytes);
   10986   if (rc != TPM_RC_SUCCESS) {
   10987     return rc;
   10988   }
   10989   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   10990                         handle_section_bytes + authorization_size_bytes +
   10991                         authorization_section_bytes + parameter_section_bytes;
   10992   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10993   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10994                                             serialized_command->size());
   10995   return TPM_RC_SUCCESS;
   10996 }
   10997 
   10998 TPM_RC Tpm::ParseResponse_MakeCredential(
   10999     const std::string& response,
   11000     TPM2B_ID_OBJECT* credential_blob,
   11001     TPM2B_ENCRYPTED_SECRET* secret,
   11002     AuthorizationDelegate* authorization_delegate) {
   11003   VLOG(3) << __func__;
   11004   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11005   TPM_RC rc = TPM_RC_SUCCESS;
   11006   std::string buffer(response);
   11007   TPM_ST tag;
   11008   std::string tag_bytes;
   11009   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   11010   if (rc != TPM_RC_SUCCESS) {
   11011     return rc;
   11012   }
   11013   UINT32 response_size;
   11014   std::string response_size_bytes;
   11015   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   11016   if (rc != TPM_RC_SUCCESS) {
   11017     return rc;
   11018   }
   11019   TPM_RC response_code;
   11020   std::string response_code_bytes;
   11021   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   11022   if (rc != TPM_RC_SUCCESS) {
   11023     return rc;
   11024   }
   11025   if (response_size != response.size()) {
   11026     return TPM_RC_SIZE;
   11027   }
   11028   if (response_code != TPM_RC_SUCCESS) {
   11029     return response_code;
   11030   }
   11031   TPM_CC command_code = TPM_CC_MakeCredential;
   11032   std::string command_code_bytes;
   11033   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11034   if (rc != TPM_RC_SUCCESS) {
   11035     return rc;
   11036   }
   11037   std::string authorization_section_bytes;
   11038   if (tag == TPM_ST_SESSIONS) {
   11039     UINT32 parameter_section_size = buffer.size();
   11040     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11041     if (rc != TPM_RC_SUCCESS) {
   11042       return rc;
   11043     }
   11044     if (parameter_section_size > buffer.size()) {
   11045       return TPM_RC_INSUFFICIENT;
   11046     }
   11047     authorization_section_bytes = buffer.substr(parameter_section_size);
   11048     // Keep the parameter section in |buffer|.
   11049     buffer.erase(parameter_section_size);
   11050   }
   11051   std::unique_ptr<crypto::SecureHash> hash(
   11052       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11053   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   11054   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11055   hash->Update(buffer.data(), buffer.size());
   11056   std::string response_hash(32, 0);
   11057   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   11058   if (tag == TPM_ST_SESSIONS) {
   11059     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11060     if (!authorization_delegate->CheckResponseAuthorization(
   11061             response_hash, authorization_section_bytes)) {
   11062       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11063     }
   11064   }
   11065   std::string credential_blob_bytes;
   11066   rc = Parse_TPM2B_ID_OBJECT(&buffer, credential_blob, &credential_blob_bytes);
   11067   if (rc != TPM_RC_SUCCESS) {
   11068     return rc;
   11069   }
   11070   std::string secret_bytes;
   11071   rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, secret, &secret_bytes);
   11072   if (rc != TPM_RC_SUCCESS) {
   11073     return rc;
   11074   }
   11075   if (tag == TPM_ST_SESSIONS) {
   11076     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11077     // Decrypt just the parameter data, not the size.
   11078     std::string tmp = credential_blob_bytes.substr(2);
   11079     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11080       return TRUNKS_RC_ENCRYPTION_FAILED;
   11081     }
   11082     credential_blob_bytes.replace(2, std::string::npos, tmp);
   11083     rc =
   11084         Parse_TPM2B_ID_OBJECT(&credential_blob_bytes, credential_blob, nullptr);
   11085     if (rc != TPM_RC_SUCCESS) {
   11086       return rc;
   11087     }
   11088   }
   11089   return TPM_RC_SUCCESS;
   11090 }
   11091 
   11092 void MakeCredentialErrorCallback(const Tpm::MakeCredentialResponse& callback,
   11093                                  TPM_RC response_code) {
   11094   VLOG(1) << __func__;
   11095   callback.Run(response_code, TPM2B_ID_OBJECT(), TPM2B_ENCRYPTED_SECRET());
   11096 }
   11097 
   11098 void MakeCredentialResponseParser(const Tpm::MakeCredentialResponse& callback,
   11099                                   AuthorizationDelegate* authorization_delegate,
   11100                                   const std::string& response) {
   11101   VLOG(1) << __func__;
   11102   base::Callback<void(TPM_RC)> error_reporter =
   11103       base::Bind(MakeCredentialErrorCallback, callback);
   11104   TPM2B_ID_OBJECT credential_blob;
   11105   TPM2B_ENCRYPTED_SECRET secret;
   11106   TPM_RC rc = Tpm::ParseResponse_MakeCredential(
   11107       response, &credential_blob, &secret, authorization_delegate);
   11108   if (rc != TPM_RC_SUCCESS) {
   11109     error_reporter.Run(rc);
   11110     return;
   11111   }
   11112   callback.Run(rc, credential_blob, secret);
   11113 }
   11114 
   11115 void Tpm::MakeCredential(const TPMI_DH_OBJECT& handle,
   11116                          const std::string& handle_name,
   11117                          const TPM2B_DIGEST& credential,
   11118                          const TPM2B_NAME& object_name,
   11119                          AuthorizationDelegate* authorization_delegate,
   11120                          const MakeCredentialResponse& callback) {
   11121   VLOG(1) << __func__;
   11122   base::Callback<void(TPM_RC)> error_reporter =
   11123       base::Bind(MakeCredentialErrorCallback, callback);
   11124   base::Callback<void(const std::string&)> parser = base::Bind(
   11125       MakeCredentialResponseParser, callback, authorization_delegate);
   11126   std::string command;
   11127   TPM_RC rc = SerializeCommand_MakeCredential(handle, handle_name, credential,
   11128                                               object_name, &command,
   11129                                               authorization_delegate);
   11130   if (rc != TPM_RC_SUCCESS) {
   11131     error_reporter.Run(rc);
   11132     return;
   11133   }
   11134   transceiver_->SendCommand(command, parser);
   11135 }
   11136 
   11137 TPM_RC Tpm::MakeCredentialSync(const TPMI_DH_OBJECT& handle,
   11138                                const std::string& handle_name,
   11139                                const TPM2B_DIGEST& credential,
   11140                                const TPM2B_NAME& object_name,
   11141                                TPM2B_ID_OBJECT* credential_blob,
   11142                                TPM2B_ENCRYPTED_SECRET* secret,
   11143                                AuthorizationDelegate* authorization_delegate) {
   11144   VLOG(1) << __func__;
   11145   std::string command;
   11146   TPM_RC rc = SerializeCommand_MakeCredential(handle, handle_name, credential,
   11147                                               object_name, &command,
   11148                                               authorization_delegate);
   11149   if (rc != TPM_RC_SUCCESS) {
   11150     return rc;
   11151   }
   11152   std::string response = transceiver_->SendCommandAndWait(command);
   11153   rc = ParseResponse_MakeCredential(response, credential_blob, secret,
   11154                                     authorization_delegate);
   11155   return rc;
   11156 }
   11157 
   11158 TPM_RC Tpm::SerializeCommand_Unseal(
   11159     const TPMI_DH_OBJECT& item_handle,
   11160     const std::string& item_handle_name,
   11161     std::string* serialized_command,
   11162     AuthorizationDelegate* authorization_delegate) {
   11163   VLOG(3) << __func__;
   11164   TPM_RC rc = TPM_RC_SUCCESS;
   11165   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11166   UINT32 command_size = 10;  // Header size.
   11167   std::string handle_section_bytes;
   11168   std::string parameter_section_bytes;
   11169   TPM_CC command_code = TPM_CC_Unseal;
   11170   bool is_command_parameter_encryption_possible = false;
   11171   bool is_response_parameter_encryption_possible = true;
   11172   std::string command_code_bytes;
   11173   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11174   if (rc != TPM_RC_SUCCESS) {
   11175     return rc;
   11176   }
   11177   std::string item_handle_bytes;
   11178   rc = Serialize_TPMI_DH_OBJECT(item_handle, &item_handle_bytes);
   11179   if (rc != TPM_RC_SUCCESS) {
   11180     return rc;
   11181   }
   11182   std::unique_ptr<crypto::SecureHash> hash(
   11183       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11184   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11185   hash->Update(item_handle_name.data(), item_handle_name.size());
   11186   handle_section_bytes += item_handle_bytes;
   11187   command_size += item_handle_bytes.size();
   11188   std::string command_hash(32, 0);
   11189   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   11190   std::string authorization_section_bytes;
   11191   std::string authorization_size_bytes;
   11192   if (authorization_delegate) {
   11193     if (!authorization_delegate->GetCommandAuthorization(
   11194             command_hash, is_command_parameter_encryption_possible,
   11195             is_response_parameter_encryption_possible,
   11196             &authorization_section_bytes)) {
   11197       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11198     }
   11199     if (!authorization_section_bytes.empty()) {
   11200       tag = TPM_ST_SESSIONS;
   11201       std::string tmp;
   11202       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11203                             &authorization_size_bytes);
   11204       if (rc != TPM_RC_SUCCESS) {
   11205         return rc;
   11206       }
   11207       command_size +=
   11208           authorization_size_bytes.size() + authorization_section_bytes.size();
   11209     }
   11210   }
   11211   std::string tag_bytes;
   11212   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   11213   if (rc != TPM_RC_SUCCESS) {
   11214     return rc;
   11215   }
   11216   std::string command_size_bytes;
   11217   rc = Serialize_UINT32(command_size, &command_size_bytes);
   11218   if (rc != TPM_RC_SUCCESS) {
   11219     return rc;
   11220   }
   11221   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   11222                         handle_section_bytes + authorization_size_bytes +
   11223                         authorization_section_bytes + parameter_section_bytes;
   11224   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11225   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11226                                             serialized_command->size());
   11227   return TPM_RC_SUCCESS;
   11228 }
   11229 
   11230 TPM_RC Tpm::ParseResponse_Unseal(
   11231     const std::string& response,
   11232     TPM2B_SENSITIVE_DATA* out_data,
   11233     AuthorizationDelegate* authorization_delegate) {
   11234   VLOG(3) << __func__;
   11235   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11236   TPM_RC rc = TPM_RC_SUCCESS;
   11237   std::string buffer(response);
   11238   TPM_ST tag;
   11239   std::string tag_bytes;
   11240   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   11241   if (rc != TPM_RC_SUCCESS) {
   11242     return rc;
   11243   }
   11244   UINT32 response_size;
   11245   std::string response_size_bytes;
   11246   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   11247   if (rc != TPM_RC_SUCCESS) {
   11248     return rc;
   11249   }
   11250   TPM_RC response_code;
   11251   std::string response_code_bytes;
   11252   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   11253   if (rc != TPM_RC_SUCCESS) {
   11254     return rc;
   11255   }
   11256   if (response_size != response.size()) {
   11257     return TPM_RC_SIZE;
   11258   }
   11259   if (response_code != TPM_RC_SUCCESS) {
   11260     return response_code;
   11261   }
   11262   TPM_CC command_code = TPM_CC_Unseal;
   11263   std::string command_code_bytes;
   11264   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11265   if (rc != TPM_RC_SUCCESS) {
   11266     return rc;
   11267   }
   11268   std::string authorization_section_bytes;
   11269   if (tag == TPM_ST_SESSIONS) {
   11270     UINT32 parameter_section_size = buffer.size();
   11271     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11272     if (rc != TPM_RC_SUCCESS) {
   11273       return rc;
   11274     }
   11275     if (parameter_section_size > buffer.size()) {
   11276       return TPM_RC_INSUFFICIENT;
   11277     }
   11278     authorization_section_bytes = buffer.substr(parameter_section_size);
   11279     // Keep the parameter section in |buffer|.
   11280     buffer.erase(parameter_section_size);
   11281   }
   11282   std::unique_ptr<crypto::SecureHash> hash(
   11283       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11284   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   11285   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11286   hash->Update(buffer.data(), buffer.size());
   11287   std::string response_hash(32, 0);
   11288   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   11289   if (tag == TPM_ST_SESSIONS) {
   11290     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11291     if (!authorization_delegate->CheckResponseAuthorization(
   11292             response_hash, authorization_section_bytes)) {
   11293       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11294     }
   11295   }
   11296   std::string out_data_bytes;
   11297   rc = Parse_TPM2B_SENSITIVE_DATA(&buffer, out_data, &out_data_bytes);
   11298   if (rc != TPM_RC_SUCCESS) {
   11299     return rc;
   11300   }
   11301   if (tag == TPM_ST_SESSIONS) {
   11302     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11303     // Decrypt just the parameter data, not the size.
   11304     std::string tmp = out_data_bytes.substr(2);
   11305     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11306       return TRUNKS_RC_ENCRYPTION_FAILED;
   11307     }
   11308     out_data_bytes.replace(2, std::string::npos, tmp);
   11309     rc = Parse_TPM2B_SENSITIVE_DATA(&out_data_bytes, out_data, nullptr);
   11310     if (rc != TPM_RC_SUCCESS) {
   11311       return rc;
   11312     }
   11313   }
   11314   return TPM_RC_SUCCESS;
   11315 }
   11316 
   11317 void UnsealErrorCallback(const Tpm::UnsealResponse& callback,
   11318                          TPM_RC response_code) {
   11319   VLOG(1) << __func__;
   11320   callback.Run(response_code, TPM2B_SENSITIVE_DATA());
   11321 }
   11322 
   11323 void UnsealResponseParser(const Tpm::UnsealResponse& callback,
   11324                           AuthorizationDelegate* authorization_delegate,
   11325                           const std::string& response) {
   11326   VLOG(1) << __func__;
   11327   base::Callback<void(TPM_RC)> error_reporter =
   11328       base::Bind(UnsealErrorCallback, callback);
   11329   TPM2B_SENSITIVE_DATA out_data;
   11330   TPM_RC rc =
   11331       Tpm::ParseResponse_Unseal(response, &out_data, authorization_delegate);
   11332   if (rc != TPM_RC_SUCCESS) {
   11333     error_reporter.Run(rc);
   11334     return;
   11335   }
   11336   callback.Run(rc, out_data);
   11337 }
   11338 
   11339 void Tpm::Unseal(const TPMI_DH_OBJECT& item_handle,
   11340                  const std::string& item_handle_name,
   11341                  AuthorizationDelegate* authorization_delegate,
   11342                  const UnsealResponse& callback) {
   11343   VLOG(1) << __func__;
   11344   base::Callback<void(TPM_RC)> error_reporter =
   11345       base::Bind(UnsealErrorCallback, callback);
   11346   base::Callback<void(const std::string&)> parser =
   11347       base::Bind(UnsealResponseParser, callback, authorization_delegate);
   11348   std::string command;
   11349   TPM_RC rc = SerializeCommand_Unseal(item_handle, item_handle_name, &command,
   11350                                       authorization_delegate);
   11351   if (rc != TPM_RC_SUCCESS) {
   11352     error_reporter.Run(rc);
   11353     return;
   11354   }
   11355   transceiver_->SendCommand(command, parser);
   11356 }
   11357 
   11358 TPM_RC Tpm::UnsealSync(const TPMI_DH_OBJECT& item_handle,
   11359                        const std::string& item_handle_name,
   11360                        TPM2B_SENSITIVE_DATA* out_data,
   11361                        AuthorizationDelegate* authorization_delegate) {
   11362   VLOG(1) << __func__;
   11363   std::string command;
   11364   TPM_RC rc = SerializeCommand_Unseal(item_handle, item_handle_name, &command,
   11365                                       authorization_delegate);
   11366   if (rc != TPM_RC_SUCCESS) {
   11367     return rc;
   11368   }
   11369   std::string response = transceiver_->SendCommandAndWait(command);
   11370   rc = ParseResponse_Unseal(response, out_data, authorization_delegate);
   11371   return rc;
   11372 }
   11373 
   11374 TPM_RC Tpm::SerializeCommand_ObjectChangeAuth(
   11375     const TPMI_DH_OBJECT& object_handle,
   11376     const std::string& object_handle_name,
   11377     const TPMI_DH_OBJECT& parent_handle,
   11378     const std::string& parent_handle_name,
   11379     const TPM2B_AUTH& new_auth,
   11380     std::string* serialized_command,
   11381     AuthorizationDelegate* authorization_delegate) {
   11382   VLOG(3) << __func__;
   11383   TPM_RC rc = TPM_RC_SUCCESS;
   11384   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11385   UINT32 command_size = 10;  // Header size.
   11386   std::string handle_section_bytes;
   11387   std::string parameter_section_bytes;
   11388   TPM_CC command_code = TPM_CC_ObjectChangeAuth;
   11389   bool is_command_parameter_encryption_possible = true;
   11390   bool is_response_parameter_encryption_possible = true;
   11391   std::string command_code_bytes;
   11392   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11393   if (rc != TPM_RC_SUCCESS) {
   11394     return rc;
   11395   }
   11396   std::string object_handle_bytes;
   11397   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   11398   if (rc != TPM_RC_SUCCESS) {
   11399     return rc;
   11400   }
   11401   std::string parent_handle_bytes;
   11402   rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes);
   11403   if (rc != TPM_RC_SUCCESS) {
   11404     return rc;
   11405   }
   11406   std::string new_auth_bytes;
   11407   rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes);
   11408   if (rc != TPM_RC_SUCCESS) {
   11409     return rc;
   11410   }
   11411   if (authorization_delegate) {
   11412     // Encrypt just the parameter data, not the size.
   11413     std::string tmp = new_auth_bytes.substr(2);
   11414     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   11415       return TRUNKS_RC_ENCRYPTION_FAILED;
   11416     }
   11417     new_auth_bytes.replace(2, std::string::npos, tmp);
   11418   }
   11419   std::unique_ptr<crypto::SecureHash> hash(
   11420       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11421   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11422   hash->Update(object_handle_name.data(), object_handle_name.size());
   11423   handle_section_bytes += object_handle_bytes;
   11424   command_size += object_handle_bytes.size();
   11425   hash->Update(parent_handle_name.data(), parent_handle_name.size());
   11426   handle_section_bytes += parent_handle_bytes;
   11427   command_size += parent_handle_bytes.size();
   11428   hash->Update(new_auth_bytes.data(), new_auth_bytes.size());
   11429   parameter_section_bytes += new_auth_bytes;
   11430   command_size += new_auth_bytes.size();
   11431   std::string command_hash(32, 0);
   11432   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   11433   std::string authorization_section_bytes;
   11434   std::string authorization_size_bytes;
   11435   if (authorization_delegate) {
   11436     if (!authorization_delegate->GetCommandAuthorization(
   11437             command_hash, is_command_parameter_encryption_possible,
   11438             is_response_parameter_encryption_possible,
   11439             &authorization_section_bytes)) {
   11440       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11441     }
   11442     if (!authorization_section_bytes.empty()) {
   11443       tag = TPM_ST_SESSIONS;
   11444       std::string tmp;
   11445       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11446                             &authorization_size_bytes);
   11447       if (rc != TPM_RC_SUCCESS) {
   11448         return rc;
   11449       }
   11450       command_size +=
   11451           authorization_size_bytes.size() + authorization_section_bytes.size();
   11452     }
   11453   }
   11454   std::string tag_bytes;
   11455   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   11456   if (rc != TPM_RC_SUCCESS) {
   11457     return rc;
   11458   }
   11459   std::string command_size_bytes;
   11460   rc = Serialize_UINT32(command_size, &command_size_bytes);
   11461   if (rc != TPM_RC_SUCCESS) {
   11462     return rc;
   11463   }
   11464   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   11465                         handle_section_bytes + authorization_size_bytes +
   11466                         authorization_section_bytes + parameter_section_bytes;
   11467   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11468   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11469                                             serialized_command->size());
   11470   return TPM_RC_SUCCESS;
   11471 }
   11472 
   11473 TPM_RC Tpm::ParseResponse_ObjectChangeAuth(
   11474     const std::string& response,
   11475     TPM2B_PRIVATE* out_private,
   11476     AuthorizationDelegate* authorization_delegate) {
   11477   VLOG(3) << __func__;
   11478   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11479   TPM_RC rc = TPM_RC_SUCCESS;
   11480   std::string buffer(response);
   11481   TPM_ST tag;
   11482   std::string tag_bytes;
   11483   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   11484   if (rc != TPM_RC_SUCCESS) {
   11485     return rc;
   11486   }
   11487   UINT32 response_size;
   11488   std::string response_size_bytes;
   11489   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   11490   if (rc != TPM_RC_SUCCESS) {
   11491     return rc;
   11492   }
   11493   TPM_RC response_code;
   11494   std::string response_code_bytes;
   11495   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   11496   if (rc != TPM_RC_SUCCESS) {
   11497     return rc;
   11498   }
   11499   if (response_size != response.size()) {
   11500     return TPM_RC_SIZE;
   11501   }
   11502   if (response_code != TPM_RC_SUCCESS) {
   11503     return response_code;
   11504   }
   11505   TPM_CC command_code = TPM_CC_ObjectChangeAuth;
   11506   std::string command_code_bytes;
   11507   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11508   if (rc != TPM_RC_SUCCESS) {
   11509     return rc;
   11510   }
   11511   std::string authorization_section_bytes;
   11512   if (tag == TPM_ST_SESSIONS) {
   11513     UINT32 parameter_section_size = buffer.size();
   11514     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11515     if (rc != TPM_RC_SUCCESS) {
   11516       return rc;
   11517     }
   11518     if (parameter_section_size > buffer.size()) {
   11519       return TPM_RC_INSUFFICIENT;
   11520     }
   11521     authorization_section_bytes = buffer.substr(parameter_section_size);
   11522     // Keep the parameter section in |buffer|.
   11523     buffer.erase(parameter_section_size);
   11524   }
   11525   std::unique_ptr<crypto::SecureHash> hash(
   11526       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11527   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   11528   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11529   hash->Update(buffer.data(), buffer.size());
   11530   std::string response_hash(32, 0);
   11531   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   11532   if (tag == TPM_ST_SESSIONS) {
   11533     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11534     if (!authorization_delegate->CheckResponseAuthorization(
   11535             response_hash, authorization_section_bytes)) {
   11536       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11537     }
   11538   }
   11539   std::string out_private_bytes;
   11540   rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes);
   11541   if (rc != TPM_RC_SUCCESS) {
   11542     return rc;
   11543   }
   11544   if (tag == TPM_ST_SESSIONS) {
   11545     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11546     // Decrypt just the parameter data, not the size.
   11547     std::string tmp = out_private_bytes.substr(2);
   11548     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11549       return TRUNKS_RC_ENCRYPTION_FAILED;
   11550     }
   11551     out_private_bytes.replace(2, std::string::npos, tmp);
   11552     rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr);
   11553     if (rc != TPM_RC_SUCCESS) {
   11554       return rc;
   11555     }
   11556   }
   11557   return TPM_RC_SUCCESS;
   11558 }
   11559 
   11560 void ObjectChangeAuthErrorCallback(
   11561     const Tpm::ObjectChangeAuthResponse& callback,
   11562     TPM_RC response_code) {
   11563   VLOG(1) << __func__;
   11564   callback.Run(response_code, TPM2B_PRIVATE());
   11565 }
   11566 
   11567 void ObjectChangeAuthResponseParser(
   11568     const Tpm::ObjectChangeAuthResponse& callback,
   11569     AuthorizationDelegate* authorization_delegate,
   11570     const std::string& response) {
   11571   VLOG(1) << __func__;
   11572   base::Callback<void(TPM_RC)> error_reporter =
   11573       base::Bind(ObjectChangeAuthErrorCallback, callback);
   11574   TPM2B_PRIVATE out_private;
   11575   TPM_RC rc = Tpm::ParseResponse_ObjectChangeAuth(response, &out_private,
   11576                                                   authorization_delegate);
   11577   if (rc != TPM_RC_SUCCESS) {
   11578     error_reporter.Run(rc);
   11579     return;
   11580   }
   11581   callback.Run(rc, out_private);
   11582 }
   11583 
   11584 void Tpm::ObjectChangeAuth(const TPMI_DH_OBJECT& object_handle,
   11585                            const std::string& object_handle_name,
   11586                            const TPMI_DH_OBJECT& parent_handle,
   11587                            const std::string& parent_handle_name,
   11588                            const TPM2B_AUTH& new_auth,
   11589                            AuthorizationDelegate* authorization_delegate,
   11590                            const ObjectChangeAuthResponse& callback) {
   11591   VLOG(1) << __func__;
   11592   base::Callback<void(TPM_RC)> error_reporter =
   11593       base::Bind(ObjectChangeAuthErrorCallback, callback);
   11594   base::Callback<void(const std::string&)> parser = base::Bind(
   11595       ObjectChangeAuthResponseParser, callback, authorization_delegate);
   11596   std::string command;
   11597   TPM_RC rc = SerializeCommand_ObjectChangeAuth(
   11598       object_handle, object_handle_name, parent_handle, parent_handle_name,
   11599       new_auth, &command, authorization_delegate);
   11600   if (rc != TPM_RC_SUCCESS) {
   11601     error_reporter.Run(rc);
   11602     return;
   11603   }
   11604   transceiver_->SendCommand(command, parser);
   11605 }
   11606 
   11607 TPM_RC Tpm::ObjectChangeAuthSync(
   11608     const TPMI_DH_OBJECT& object_handle,
   11609     const std::string& object_handle_name,
   11610     const TPMI_DH_OBJECT& parent_handle,
   11611     const std::string& parent_handle_name,
   11612     const TPM2B_AUTH& new_auth,
   11613     TPM2B_PRIVATE* out_private,
   11614     AuthorizationDelegate* authorization_delegate) {
   11615   VLOG(1) << __func__;
   11616   std::string command;
   11617   TPM_RC rc = SerializeCommand_ObjectChangeAuth(
   11618       object_handle, object_handle_name, parent_handle, parent_handle_name,
   11619       new_auth, &command, authorization_delegate);
   11620   if (rc != TPM_RC_SUCCESS) {
   11621     return rc;
   11622   }
   11623   std::string response = transceiver_->SendCommandAndWait(command);
   11624   rc = ParseResponse_ObjectChangeAuth(response, out_private,
   11625                                       authorization_delegate);
   11626   return rc;
   11627 }
   11628 
   11629 TPM_RC Tpm::SerializeCommand_Duplicate(
   11630     const TPMI_DH_OBJECT& object_handle,
   11631     const std::string& object_handle_name,
   11632     const TPMI_DH_OBJECT& new_parent_handle,
   11633     const std::string& new_parent_handle_name,
   11634     const TPM2B_DATA& encryption_key_in,
   11635     const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   11636     std::string* serialized_command,
   11637     AuthorizationDelegate* authorization_delegate) {
   11638   VLOG(3) << __func__;
   11639   TPM_RC rc = TPM_RC_SUCCESS;
   11640   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11641   UINT32 command_size = 10;  // Header size.
   11642   std::string handle_section_bytes;
   11643   std::string parameter_section_bytes;
   11644   TPM_CC command_code = TPM_CC_Duplicate;
   11645   bool is_command_parameter_encryption_possible = true;
   11646   bool is_response_parameter_encryption_possible = true;
   11647   std::string command_code_bytes;
   11648   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11649   if (rc != TPM_RC_SUCCESS) {
   11650     return rc;
   11651   }
   11652   std::string object_handle_bytes;
   11653   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   11654   if (rc != TPM_RC_SUCCESS) {
   11655     return rc;
   11656   }
   11657   std::string new_parent_handle_bytes;
   11658   rc = Serialize_TPMI_DH_OBJECT(new_parent_handle, &new_parent_handle_bytes);
   11659   if (rc != TPM_RC_SUCCESS) {
   11660     return rc;
   11661   }
   11662   std::string encryption_key_in_bytes;
   11663   rc = Serialize_TPM2B_DATA(encryption_key_in, &encryption_key_in_bytes);
   11664   if (rc != TPM_RC_SUCCESS) {
   11665     return rc;
   11666   }
   11667   std::string symmetric_alg_bytes;
   11668   rc = Serialize_TPMT_SYM_DEF_OBJECT(symmetric_alg, &symmetric_alg_bytes);
   11669   if (rc != TPM_RC_SUCCESS) {
   11670     return rc;
   11671   }
   11672   if (authorization_delegate) {
   11673     // Encrypt just the parameter data, not the size.
   11674     std::string tmp = encryption_key_in_bytes.substr(2);
   11675     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   11676       return TRUNKS_RC_ENCRYPTION_FAILED;
   11677     }
   11678     encryption_key_in_bytes.replace(2, std::string::npos, tmp);
   11679   }
   11680   std::unique_ptr<crypto::SecureHash> hash(
   11681       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11682   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11683   hash->Update(object_handle_name.data(), object_handle_name.size());
   11684   handle_section_bytes += object_handle_bytes;
   11685   command_size += object_handle_bytes.size();
   11686   hash->Update(new_parent_handle_name.data(), new_parent_handle_name.size());
   11687   handle_section_bytes += new_parent_handle_bytes;
   11688   command_size += new_parent_handle_bytes.size();
   11689   hash->Update(encryption_key_in_bytes.data(), encryption_key_in_bytes.size());
   11690   parameter_section_bytes += encryption_key_in_bytes;
   11691   command_size += encryption_key_in_bytes.size();
   11692   hash->Update(symmetric_alg_bytes.data(), symmetric_alg_bytes.size());
   11693   parameter_section_bytes += symmetric_alg_bytes;
   11694   command_size += symmetric_alg_bytes.size();
   11695   std::string command_hash(32, 0);
   11696   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   11697   std::string authorization_section_bytes;
   11698   std::string authorization_size_bytes;
   11699   if (authorization_delegate) {
   11700     if (!authorization_delegate->GetCommandAuthorization(
   11701             command_hash, is_command_parameter_encryption_possible,
   11702             is_response_parameter_encryption_possible,
   11703             &authorization_section_bytes)) {
   11704       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11705     }
   11706     if (!authorization_section_bytes.empty()) {
   11707       tag = TPM_ST_SESSIONS;
   11708       std::string tmp;
   11709       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11710                             &authorization_size_bytes);
   11711       if (rc != TPM_RC_SUCCESS) {
   11712         return rc;
   11713       }
   11714       command_size +=
   11715           authorization_size_bytes.size() + authorization_section_bytes.size();
   11716     }
   11717   }
   11718   std::string tag_bytes;
   11719   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   11720   if (rc != TPM_RC_SUCCESS) {
   11721     return rc;
   11722   }
   11723   std::string command_size_bytes;
   11724   rc = Serialize_UINT32(command_size, &command_size_bytes);
   11725   if (rc != TPM_RC_SUCCESS) {
   11726     return rc;
   11727   }
   11728   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   11729                         handle_section_bytes + authorization_size_bytes +
   11730                         authorization_section_bytes + parameter_section_bytes;
   11731   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11732   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11733                                             serialized_command->size());
   11734   return TPM_RC_SUCCESS;
   11735 }
   11736 
   11737 TPM_RC Tpm::ParseResponse_Duplicate(
   11738     const std::string& response,
   11739     TPM2B_DATA* encryption_key_out,
   11740     TPM2B_PRIVATE* duplicate,
   11741     TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   11742     AuthorizationDelegate* authorization_delegate) {
   11743   VLOG(3) << __func__;
   11744   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11745   TPM_RC rc = TPM_RC_SUCCESS;
   11746   std::string buffer(response);
   11747   TPM_ST tag;
   11748   std::string tag_bytes;
   11749   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   11750   if (rc != TPM_RC_SUCCESS) {
   11751     return rc;
   11752   }
   11753   UINT32 response_size;
   11754   std::string response_size_bytes;
   11755   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   11756   if (rc != TPM_RC_SUCCESS) {
   11757     return rc;
   11758   }
   11759   TPM_RC response_code;
   11760   std::string response_code_bytes;
   11761   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   11762   if (rc != TPM_RC_SUCCESS) {
   11763     return rc;
   11764   }
   11765   if (response_size != response.size()) {
   11766     return TPM_RC_SIZE;
   11767   }
   11768   if (response_code != TPM_RC_SUCCESS) {
   11769     return response_code;
   11770   }
   11771   TPM_CC command_code = TPM_CC_Duplicate;
   11772   std::string command_code_bytes;
   11773   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11774   if (rc != TPM_RC_SUCCESS) {
   11775     return rc;
   11776   }
   11777   std::string authorization_section_bytes;
   11778   if (tag == TPM_ST_SESSIONS) {
   11779     UINT32 parameter_section_size = buffer.size();
   11780     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11781     if (rc != TPM_RC_SUCCESS) {
   11782       return rc;
   11783     }
   11784     if (parameter_section_size > buffer.size()) {
   11785       return TPM_RC_INSUFFICIENT;
   11786     }
   11787     authorization_section_bytes = buffer.substr(parameter_section_size);
   11788     // Keep the parameter section in |buffer|.
   11789     buffer.erase(parameter_section_size);
   11790   }
   11791   std::unique_ptr<crypto::SecureHash> hash(
   11792       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11793   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   11794   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11795   hash->Update(buffer.data(), buffer.size());
   11796   std::string response_hash(32, 0);
   11797   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   11798   if (tag == TPM_ST_SESSIONS) {
   11799     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11800     if (!authorization_delegate->CheckResponseAuthorization(
   11801             response_hash, authorization_section_bytes)) {
   11802       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11803     }
   11804   }
   11805   std::string encryption_key_out_bytes;
   11806   rc = Parse_TPM2B_DATA(&buffer, encryption_key_out, &encryption_key_out_bytes);
   11807   if (rc != TPM_RC_SUCCESS) {
   11808     return rc;
   11809   }
   11810   std::string duplicate_bytes;
   11811   rc = Parse_TPM2B_PRIVATE(&buffer, duplicate, &duplicate_bytes);
   11812   if (rc != TPM_RC_SUCCESS) {
   11813     return rc;
   11814   }
   11815   std::string out_sym_seed_bytes;
   11816   rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, out_sym_seed, &out_sym_seed_bytes);
   11817   if (rc != TPM_RC_SUCCESS) {
   11818     return rc;
   11819   }
   11820   if (tag == TPM_ST_SESSIONS) {
   11821     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11822     // Decrypt just the parameter data, not the size.
   11823     std::string tmp = encryption_key_out_bytes.substr(2);
   11824     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11825       return TRUNKS_RC_ENCRYPTION_FAILED;
   11826     }
   11827     encryption_key_out_bytes.replace(2, std::string::npos, tmp);
   11828     rc = Parse_TPM2B_DATA(&encryption_key_out_bytes, encryption_key_out,
   11829                           nullptr);
   11830     if (rc != TPM_RC_SUCCESS) {
   11831       return rc;
   11832     }
   11833   }
   11834   return TPM_RC_SUCCESS;
   11835 }
   11836 
   11837 void DuplicateErrorCallback(const Tpm::DuplicateResponse& callback,
   11838                             TPM_RC response_code) {
   11839   VLOG(1) << __func__;
   11840   callback.Run(response_code, TPM2B_DATA(), TPM2B_PRIVATE(),
   11841                TPM2B_ENCRYPTED_SECRET());
   11842 }
   11843 
   11844 void DuplicateResponseParser(const Tpm::DuplicateResponse& callback,
   11845                              AuthorizationDelegate* authorization_delegate,
   11846                              const std::string& response) {
   11847   VLOG(1) << __func__;
   11848   base::Callback<void(TPM_RC)> error_reporter =
   11849       base::Bind(DuplicateErrorCallback, callback);
   11850   TPM2B_DATA encryption_key_out;
   11851   TPM2B_PRIVATE duplicate;
   11852   TPM2B_ENCRYPTED_SECRET out_sym_seed;
   11853   TPM_RC rc =
   11854       Tpm::ParseResponse_Duplicate(response, &encryption_key_out, &duplicate,
   11855                                    &out_sym_seed, authorization_delegate);
   11856   if (rc != TPM_RC_SUCCESS) {
   11857     error_reporter.Run(rc);
   11858     return;
   11859   }
   11860   callback.Run(rc, encryption_key_out, duplicate, out_sym_seed);
   11861 }
   11862 
   11863 void Tpm::Duplicate(const TPMI_DH_OBJECT& object_handle,
   11864                     const std::string& object_handle_name,
   11865                     const TPMI_DH_OBJECT& new_parent_handle,
   11866                     const std::string& new_parent_handle_name,
   11867                     const TPM2B_DATA& encryption_key_in,
   11868                     const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   11869                     AuthorizationDelegate* authorization_delegate,
   11870                     const DuplicateResponse& callback) {
   11871   VLOG(1) << __func__;
   11872   base::Callback<void(TPM_RC)> error_reporter =
   11873       base::Bind(DuplicateErrorCallback, callback);
   11874   base::Callback<void(const std::string&)> parser =
   11875       base::Bind(DuplicateResponseParser, callback, authorization_delegate);
   11876   std::string command;
   11877   TPM_RC rc = SerializeCommand_Duplicate(
   11878       object_handle, object_handle_name, new_parent_handle,
   11879       new_parent_handle_name, encryption_key_in, symmetric_alg, &command,
   11880       authorization_delegate);
   11881   if (rc != TPM_RC_SUCCESS) {
   11882     error_reporter.Run(rc);
   11883     return;
   11884   }
   11885   transceiver_->SendCommand(command, parser);
   11886 }
   11887 
   11888 TPM_RC Tpm::DuplicateSync(const TPMI_DH_OBJECT& object_handle,
   11889                           const std::string& object_handle_name,
   11890                           const TPMI_DH_OBJECT& new_parent_handle,
   11891                           const std::string& new_parent_handle_name,
   11892                           const TPM2B_DATA& encryption_key_in,
   11893                           const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   11894                           TPM2B_DATA* encryption_key_out,
   11895                           TPM2B_PRIVATE* duplicate,
   11896                           TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   11897                           AuthorizationDelegate* authorization_delegate) {
   11898   VLOG(1) << __func__;
   11899   std::string command;
   11900   TPM_RC rc = SerializeCommand_Duplicate(
   11901       object_handle, object_handle_name, new_parent_handle,
   11902       new_parent_handle_name, encryption_key_in, symmetric_alg, &command,
   11903       authorization_delegate);
   11904   if (rc != TPM_RC_SUCCESS) {
   11905     return rc;
   11906   }
   11907   std::string response = transceiver_->SendCommandAndWait(command);
   11908   rc = ParseResponse_Duplicate(response, encryption_key_out, duplicate,
   11909                                out_sym_seed, authorization_delegate);
   11910   return rc;
   11911 }
   11912 
   11913 TPM_RC Tpm::SerializeCommand_Rewrap(
   11914     const TPMI_DH_OBJECT& old_parent,
   11915     const std::string& old_parent_name,
   11916     const TPMI_DH_OBJECT& new_parent,
   11917     const std::string& new_parent_name,
   11918     const TPM2B_PRIVATE& in_duplicate,
   11919     const TPM2B_NAME& name,
   11920     const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   11921     std::string* serialized_command,
   11922     AuthorizationDelegate* authorization_delegate) {
   11923   VLOG(3) << __func__;
   11924   TPM_RC rc = TPM_RC_SUCCESS;
   11925   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11926   UINT32 command_size = 10;  // Header size.
   11927   std::string handle_section_bytes;
   11928   std::string parameter_section_bytes;
   11929   TPM_CC command_code = TPM_CC_Rewrap;
   11930   bool is_command_parameter_encryption_possible = true;
   11931   bool is_response_parameter_encryption_possible = true;
   11932   std::string command_code_bytes;
   11933   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   11934   if (rc != TPM_RC_SUCCESS) {
   11935     return rc;
   11936   }
   11937   std::string old_parent_bytes;
   11938   rc = Serialize_TPMI_DH_OBJECT(old_parent, &old_parent_bytes);
   11939   if (rc != TPM_RC_SUCCESS) {
   11940     return rc;
   11941   }
   11942   std::string new_parent_bytes;
   11943   rc = Serialize_TPMI_DH_OBJECT(new_parent, &new_parent_bytes);
   11944   if (rc != TPM_RC_SUCCESS) {
   11945     return rc;
   11946   }
   11947   std::string in_duplicate_bytes;
   11948   rc = Serialize_TPM2B_PRIVATE(in_duplicate, &in_duplicate_bytes);
   11949   if (rc != TPM_RC_SUCCESS) {
   11950     return rc;
   11951   }
   11952   std::string name_bytes;
   11953   rc = Serialize_TPM2B_NAME(name, &name_bytes);
   11954   if (rc != TPM_RC_SUCCESS) {
   11955     return rc;
   11956   }
   11957   std::string in_sym_seed_bytes;
   11958   rc = Serialize_TPM2B_ENCRYPTED_SECRET(in_sym_seed, &in_sym_seed_bytes);
   11959   if (rc != TPM_RC_SUCCESS) {
   11960     return rc;
   11961   }
   11962   if (authorization_delegate) {
   11963     // Encrypt just the parameter data, not the size.
   11964     std::string tmp = in_duplicate_bytes.substr(2);
   11965     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   11966       return TRUNKS_RC_ENCRYPTION_FAILED;
   11967     }
   11968     in_duplicate_bytes.replace(2, std::string::npos, tmp);
   11969   }
   11970   std::unique_ptr<crypto::SecureHash> hash(
   11971       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   11972   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   11973   hash->Update(old_parent_name.data(), old_parent_name.size());
   11974   handle_section_bytes += old_parent_bytes;
   11975   command_size += old_parent_bytes.size();
   11976   hash->Update(new_parent_name.data(), new_parent_name.size());
   11977   handle_section_bytes += new_parent_bytes;
   11978   command_size += new_parent_bytes.size();
   11979   hash->Update(in_duplicate_bytes.data(), in_duplicate_bytes.size());
   11980   parameter_section_bytes += in_duplicate_bytes;
   11981   command_size += in_duplicate_bytes.size();
   11982   hash->Update(name_bytes.data(), name_bytes.size());
   11983   parameter_section_bytes += name_bytes;
   11984   command_size += name_bytes.size();
   11985   hash->Update(in_sym_seed_bytes.data(), in_sym_seed_bytes.size());
   11986   parameter_section_bytes += in_sym_seed_bytes;
   11987   command_size += in_sym_seed_bytes.size();
   11988   std::string command_hash(32, 0);
   11989   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   11990   std::string authorization_section_bytes;
   11991   std::string authorization_size_bytes;
   11992   if (authorization_delegate) {
   11993     if (!authorization_delegate->GetCommandAuthorization(
   11994             command_hash, is_command_parameter_encryption_possible,
   11995             is_response_parameter_encryption_possible,
   11996             &authorization_section_bytes)) {
   11997       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11998     }
   11999     if (!authorization_section_bytes.empty()) {
   12000       tag = TPM_ST_SESSIONS;
   12001       std::string tmp;
   12002       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12003                             &authorization_size_bytes);
   12004       if (rc != TPM_RC_SUCCESS) {
   12005         return rc;
   12006       }
   12007       command_size +=
   12008           authorization_size_bytes.size() + authorization_section_bytes.size();
   12009     }
   12010   }
   12011   std::string tag_bytes;
   12012   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   12013   if (rc != TPM_RC_SUCCESS) {
   12014     return rc;
   12015   }
   12016   std::string command_size_bytes;
   12017   rc = Serialize_UINT32(command_size, &command_size_bytes);
   12018   if (rc != TPM_RC_SUCCESS) {
   12019     return rc;
   12020   }
   12021   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   12022                         handle_section_bytes + authorization_size_bytes +
   12023                         authorization_section_bytes + parameter_section_bytes;
   12024   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12025   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12026                                             serialized_command->size());
   12027   return TPM_RC_SUCCESS;
   12028 }
   12029 
   12030 TPM_RC Tpm::ParseResponse_Rewrap(
   12031     const std::string& response,
   12032     TPM2B_PRIVATE* out_duplicate,
   12033     TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   12034     AuthorizationDelegate* authorization_delegate) {
   12035   VLOG(3) << __func__;
   12036   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12037   TPM_RC rc = TPM_RC_SUCCESS;
   12038   std::string buffer(response);
   12039   TPM_ST tag;
   12040   std::string tag_bytes;
   12041   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   12042   if (rc != TPM_RC_SUCCESS) {
   12043     return rc;
   12044   }
   12045   UINT32 response_size;
   12046   std::string response_size_bytes;
   12047   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   12048   if (rc != TPM_RC_SUCCESS) {
   12049     return rc;
   12050   }
   12051   TPM_RC response_code;
   12052   std::string response_code_bytes;
   12053   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   12054   if (rc != TPM_RC_SUCCESS) {
   12055     return rc;
   12056   }
   12057   if (response_size != response.size()) {
   12058     return TPM_RC_SIZE;
   12059   }
   12060   if (response_code != TPM_RC_SUCCESS) {
   12061     return response_code;
   12062   }
   12063   TPM_CC command_code = TPM_CC_Rewrap;
   12064   std::string command_code_bytes;
   12065   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12066   if (rc != TPM_RC_SUCCESS) {
   12067     return rc;
   12068   }
   12069   std::string authorization_section_bytes;
   12070   if (tag == TPM_ST_SESSIONS) {
   12071     UINT32 parameter_section_size = buffer.size();
   12072     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12073     if (rc != TPM_RC_SUCCESS) {
   12074       return rc;
   12075     }
   12076     if (parameter_section_size > buffer.size()) {
   12077       return TPM_RC_INSUFFICIENT;
   12078     }
   12079     authorization_section_bytes = buffer.substr(parameter_section_size);
   12080     // Keep the parameter section in |buffer|.
   12081     buffer.erase(parameter_section_size);
   12082   }
   12083   std::unique_ptr<crypto::SecureHash> hash(
   12084       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12085   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   12086   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12087   hash->Update(buffer.data(), buffer.size());
   12088   std::string response_hash(32, 0);
   12089   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   12090   if (tag == TPM_ST_SESSIONS) {
   12091     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12092     if (!authorization_delegate->CheckResponseAuthorization(
   12093             response_hash, authorization_section_bytes)) {
   12094       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12095     }
   12096   }
   12097   std::string out_duplicate_bytes;
   12098   rc = Parse_TPM2B_PRIVATE(&buffer, out_duplicate, &out_duplicate_bytes);
   12099   if (rc != TPM_RC_SUCCESS) {
   12100     return rc;
   12101   }
   12102   std::string out_sym_seed_bytes;
   12103   rc = Parse_TPM2B_ENCRYPTED_SECRET(&buffer, out_sym_seed, &out_sym_seed_bytes);
   12104   if (rc != TPM_RC_SUCCESS) {
   12105     return rc;
   12106   }
   12107   if (tag == TPM_ST_SESSIONS) {
   12108     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12109     // Decrypt just the parameter data, not the size.
   12110     std::string tmp = out_duplicate_bytes.substr(2);
   12111     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12112       return TRUNKS_RC_ENCRYPTION_FAILED;
   12113     }
   12114     out_duplicate_bytes.replace(2, std::string::npos, tmp);
   12115     rc = Parse_TPM2B_PRIVATE(&out_duplicate_bytes, out_duplicate, nullptr);
   12116     if (rc != TPM_RC_SUCCESS) {
   12117       return rc;
   12118     }
   12119   }
   12120   return TPM_RC_SUCCESS;
   12121 }
   12122 
   12123 void RewrapErrorCallback(const Tpm::RewrapResponse& callback,
   12124                          TPM_RC response_code) {
   12125   VLOG(1) << __func__;
   12126   callback.Run(response_code, TPM2B_PRIVATE(), TPM2B_ENCRYPTED_SECRET());
   12127 }
   12128 
   12129 void RewrapResponseParser(const Tpm::RewrapResponse& callback,
   12130                           AuthorizationDelegate* authorization_delegate,
   12131                           const std::string& response) {
   12132   VLOG(1) << __func__;
   12133   base::Callback<void(TPM_RC)> error_reporter =
   12134       base::Bind(RewrapErrorCallback, callback);
   12135   TPM2B_PRIVATE out_duplicate;
   12136   TPM2B_ENCRYPTED_SECRET out_sym_seed;
   12137   TPM_RC rc = Tpm::ParseResponse_Rewrap(response, &out_duplicate, &out_sym_seed,
   12138                                         authorization_delegate);
   12139   if (rc != TPM_RC_SUCCESS) {
   12140     error_reporter.Run(rc);
   12141     return;
   12142   }
   12143   callback.Run(rc, out_duplicate, out_sym_seed);
   12144 }
   12145 
   12146 void Tpm::Rewrap(const TPMI_DH_OBJECT& old_parent,
   12147                  const std::string& old_parent_name,
   12148                  const TPMI_DH_OBJECT& new_parent,
   12149                  const std::string& new_parent_name,
   12150                  const TPM2B_PRIVATE& in_duplicate,
   12151                  const TPM2B_NAME& name,
   12152                  const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   12153                  AuthorizationDelegate* authorization_delegate,
   12154                  const RewrapResponse& callback) {
   12155   VLOG(1) << __func__;
   12156   base::Callback<void(TPM_RC)> error_reporter =
   12157       base::Bind(RewrapErrorCallback, callback);
   12158   base::Callback<void(const std::string&)> parser =
   12159       base::Bind(RewrapResponseParser, callback, authorization_delegate);
   12160   std::string command;
   12161   TPM_RC rc = SerializeCommand_Rewrap(
   12162       old_parent, old_parent_name, new_parent, new_parent_name, in_duplicate,
   12163       name, in_sym_seed, &command, authorization_delegate);
   12164   if (rc != TPM_RC_SUCCESS) {
   12165     error_reporter.Run(rc);
   12166     return;
   12167   }
   12168   transceiver_->SendCommand(command, parser);
   12169 }
   12170 
   12171 TPM_RC Tpm::RewrapSync(const TPMI_DH_OBJECT& old_parent,
   12172                        const std::string& old_parent_name,
   12173                        const TPMI_DH_OBJECT& new_parent,
   12174                        const std::string& new_parent_name,
   12175                        const TPM2B_PRIVATE& in_duplicate,
   12176                        const TPM2B_NAME& name,
   12177                        const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   12178                        TPM2B_PRIVATE* out_duplicate,
   12179                        TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   12180                        AuthorizationDelegate* authorization_delegate) {
   12181   VLOG(1) << __func__;
   12182   std::string command;
   12183   TPM_RC rc = SerializeCommand_Rewrap(
   12184       old_parent, old_parent_name, new_parent, new_parent_name, in_duplicate,
   12185       name, in_sym_seed, &command, authorization_delegate);
   12186   if (rc != TPM_RC_SUCCESS) {
   12187     return rc;
   12188   }
   12189   std::string response = transceiver_->SendCommandAndWait(command);
   12190   rc = ParseResponse_Rewrap(response, out_duplicate, out_sym_seed,
   12191                             authorization_delegate);
   12192   return rc;
   12193 }
   12194 
   12195 TPM_RC Tpm::SerializeCommand_Import(
   12196     const TPMI_DH_OBJECT& parent_handle,
   12197     const std::string& parent_handle_name,
   12198     const TPM2B_DATA& encryption_key,
   12199     const TPM2B_PUBLIC& object_public,
   12200     const TPM2B_PRIVATE& duplicate,
   12201     const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   12202     const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   12203     std::string* serialized_command,
   12204     AuthorizationDelegate* authorization_delegate) {
   12205   VLOG(3) << __func__;
   12206   TPM_RC rc = TPM_RC_SUCCESS;
   12207   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12208   UINT32 command_size = 10;  // Header size.
   12209   std::string handle_section_bytes;
   12210   std::string parameter_section_bytes;
   12211   TPM_CC command_code = TPM_CC_Import;
   12212   bool is_command_parameter_encryption_possible = true;
   12213   bool is_response_parameter_encryption_possible = true;
   12214   std::string command_code_bytes;
   12215   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12216   if (rc != TPM_RC_SUCCESS) {
   12217     return rc;
   12218   }
   12219   std::string parent_handle_bytes;
   12220   rc = Serialize_TPMI_DH_OBJECT(parent_handle, &parent_handle_bytes);
   12221   if (rc != TPM_RC_SUCCESS) {
   12222     return rc;
   12223   }
   12224   std::string encryption_key_bytes;
   12225   rc = Serialize_TPM2B_DATA(encryption_key, &encryption_key_bytes);
   12226   if (rc != TPM_RC_SUCCESS) {
   12227     return rc;
   12228   }
   12229   std::string object_public_bytes;
   12230   rc = Serialize_TPM2B_PUBLIC(object_public, &object_public_bytes);
   12231   if (rc != TPM_RC_SUCCESS) {
   12232     return rc;
   12233   }
   12234   std::string duplicate_bytes;
   12235   rc = Serialize_TPM2B_PRIVATE(duplicate, &duplicate_bytes);
   12236   if (rc != TPM_RC_SUCCESS) {
   12237     return rc;
   12238   }
   12239   std::string in_sym_seed_bytes;
   12240   rc = Serialize_TPM2B_ENCRYPTED_SECRET(in_sym_seed, &in_sym_seed_bytes);
   12241   if (rc != TPM_RC_SUCCESS) {
   12242     return rc;
   12243   }
   12244   std::string symmetric_alg_bytes;
   12245   rc = Serialize_TPMT_SYM_DEF_OBJECT(symmetric_alg, &symmetric_alg_bytes);
   12246   if (rc != TPM_RC_SUCCESS) {
   12247     return rc;
   12248   }
   12249   if (authorization_delegate) {
   12250     // Encrypt just the parameter data, not the size.
   12251     std::string tmp = encryption_key_bytes.substr(2);
   12252     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   12253       return TRUNKS_RC_ENCRYPTION_FAILED;
   12254     }
   12255     encryption_key_bytes.replace(2, std::string::npos, tmp);
   12256   }
   12257   std::unique_ptr<crypto::SecureHash> hash(
   12258       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12259   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12260   hash->Update(parent_handle_name.data(), parent_handle_name.size());
   12261   handle_section_bytes += parent_handle_bytes;
   12262   command_size += parent_handle_bytes.size();
   12263   hash->Update(encryption_key_bytes.data(), encryption_key_bytes.size());
   12264   parameter_section_bytes += encryption_key_bytes;
   12265   command_size += encryption_key_bytes.size();
   12266   hash->Update(object_public_bytes.data(), object_public_bytes.size());
   12267   parameter_section_bytes += object_public_bytes;
   12268   command_size += object_public_bytes.size();
   12269   hash->Update(duplicate_bytes.data(), duplicate_bytes.size());
   12270   parameter_section_bytes += duplicate_bytes;
   12271   command_size += duplicate_bytes.size();
   12272   hash->Update(in_sym_seed_bytes.data(), in_sym_seed_bytes.size());
   12273   parameter_section_bytes += in_sym_seed_bytes;
   12274   command_size += in_sym_seed_bytes.size();
   12275   hash->Update(symmetric_alg_bytes.data(), symmetric_alg_bytes.size());
   12276   parameter_section_bytes += symmetric_alg_bytes;
   12277   command_size += symmetric_alg_bytes.size();
   12278   std::string command_hash(32, 0);
   12279   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   12280   std::string authorization_section_bytes;
   12281   std::string authorization_size_bytes;
   12282   if (authorization_delegate) {
   12283     if (!authorization_delegate->GetCommandAuthorization(
   12284             command_hash, is_command_parameter_encryption_possible,
   12285             is_response_parameter_encryption_possible,
   12286             &authorization_section_bytes)) {
   12287       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12288     }
   12289     if (!authorization_section_bytes.empty()) {
   12290       tag = TPM_ST_SESSIONS;
   12291       std::string tmp;
   12292       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12293                             &authorization_size_bytes);
   12294       if (rc != TPM_RC_SUCCESS) {
   12295         return rc;
   12296       }
   12297       command_size +=
   12298           authorization_size_bytes.size() + authorization_section_bytes.size();
   12299     }
   12300   }
   12301   std::string tag_bytes;
   12302   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   12303   if (rc != TPM_RC_SUCCESS) {
   12304     return rc;
   12305   }
   12306   std::string command_size_bytes;
   12307   rc = Serialize_UINT32(command_size, &command_size_bytes);
   12308   if (rc != TPM_RC_SUCCESS) {
   12309     return rc;
   12310   }
   12311   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   12312                         handle_section_bytes + authorization_size_bytes +
   12313                         authorization_section_bytes + parameter_section_bytes;
   12314   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12315   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12316                                             serialized_command->size());
   12317   return TPM_RC_SUCCESS;
   12318 }
   12319 
   12320 TPM_RC Tpm::ParseResponse_Import(
   12321     const std::string& response,
   12322     TPM2B_PRIVATE* out_private,
   12323     AuthorizationDelegate* authorization_delegate) {
   12324   VLOG(3) << __func__;
   12325   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12326   TPM_RC rc = TPM_RC_SUCCESS;
   12327   std::string buffer(response);
   12328   TPM_ST tag;
   12329   std::string tag_bytes;
   12330   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   12331   if (rc != TPM_RC_SUCCESS) {
   12332     return rc;
   12333   }
   12334   UINT32 response_size;
   12335   std::string response_size_bytes;
   12336   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   12337   if (rc != TPM_RC_SUCCESS) {
   12338     return rc;
   12339   }
   12340   TPM_RC response_code;
   12341   std::string response_code_bytes;
   12342   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   12343   if (rc != TPM_RC_SUCCESS) {
   12344     return rc;
   12345   }
   12346   if (response_size != response.size()) {
   12347     return TPM_RC_SIZE;
   12348   }
   12349   if (response_code != TPM_RC_SUCCESS) {
   12350     return response_code;
   12351   }
   12352   TPM_CC command_code = TPM_CC_Import;
   12353   std::string command_code_bytes;
   12354   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12355   if (rc != TPM_RC_SUCCESS) {
   12356     return rc;
   12357   }
   12358   std::string authorization_section_bytes;
   12359   if (tag == TPM_ST_SESSIONS) {
   12360     UINT32 parameter_section_size = buffer.size();
   12361     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12362     if (rc != TPM_RC_SUCCESS) {
   12363       return rc;
   12364     }
   12365     if (parameter_section_size > buffer.size()) {
   12366       return TPM_RC_INSUFFICIENT;
   12367     }
   12368     authorization_section_bytes = buffer.substr(parameter_section_size);
   12369     // Keep the parameter section in |buffer|.
   12370     buffer.erase(parameter_section_size);
   12371   }
   12372   std::unique_ptr<crypto::SecureHash> hash(
   12373       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12374   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   12375   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12376   hash->Update(buffer.data(), buffer.size());
   12377   std::string response_hash(32, 0);
   12378   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   12379   if (tag == TPM_ST_SESSIONS) {
   12380     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12381     if (!authorization_delegate->CheckResponseAuthorization(
   12382             response_hash, authorization_section_bytes)) {
   12383       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12384     }
   12385   }
   12386   std::string out_private_bytes;
   12387   rc = Parse_TPM2B_PRIVATE(&buffer, out_private, &out_private_bytes);
   12388   if (rc != TPM_RC_SUCCESS) {
   12389     return rc;
   12390   }
   12391   if (tag == TPM_ST_SESSIONS) {
   12392     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12393     // Decrypt just the parameter data, not the size.
   12394     std::string tmp = out_private_bytes.substr(2);
   12395     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12396       return TRUNKS_RC_ENCRYPTION_FAILED;
   12397     }
   12398     out_private_bytes.replace(2, std::string::npos, tmp);
   12399     rc = Parse_TPM2B_PRIVATE(&out_private_bytes, out_private, nullptr);
   12400     if (rc != TPM_RC_SUCCESS) {
   12401       return rc;
   12402     }
   12403   }
   12404   return TPM_RC_SUCCESS;
   12405 }
   12406 
   12407 void ImportErrorCallback(const Tpm::ImportResponse& callback,
   12408                          TPM_RC response_code) {
   12409   VLOG(1) << __func__;
   12410   callback.Run(response_code, TPM2B_PRIVATE());
   12411 }
   12412 
   12413 void ImportResponseParser(const Tpm::ImportResponse& callback,
   12414                           AuthorizationDelegate* authorization_delegate,
   12415                           const std::string& response) {
   12416   VLOG(1) << __func__;
   12417   base::Callback<void(TPM_RC)> error_reporter =
   12418       base::Bind(ImportErrorCallback, callback);
   12419   TPM2B_PRIVATE out_private;
   12420   TPM_RC rc =
   12421       Tpm::ParseResponse_Import(response, &out_private, authorization_delegate);
   12422   if (rc != TPM_RC_SUCCESS) {
   12423     error_reporter.Run(rc);
   12424     return;
   12425   }
   12426   callback.Run(rc, out_private);
   12427 }
   12428 
   12429 void Tpm::Import(const TPMI_DH_OBJECT& parent_handle,
   12430                  const std::string& parent_handle_name,
   12431                  const TPM2B_DATA& encryption_key,
   12432                  const TPM2B_PUBLIC& object_public,
   12433                  const TPM2B_PRIVATE& duplicate,
   12434                  const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   12435                  const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   12436                  AuthorizationDelegate* authorization_delegate,
   12437                  const ImportResponse& callback) {
   12438   VLOG(1) << __func__;
   12439   base::Callback<void(TPM_RC)> error_reporter =
   12440       base::Bind(ImportErrorCallback, callback);
   12441   base::Callback<void(const std::string&)> parser =
   12442       base::Bind(ImportResponseParser, callback, authorization_delegate);
   12443   std::string command;
   12444   TPM_RC rc = SerializeCommand_Import(
   12445       parent_handle, parent_handle_name, encryption_key, object_public,
   12446       duplicate, in_sym_seed, symmetric_alg, &command, authorization_delegate);
   12447   if (rc != TPM_RC_SUCCESS) {
   12448     error_reporter.Run(rc);
   12449     return;
   12450   }
   12451   transceiver_->SendCommand(command, parser);
   12452 }
   12453 
   12454 TPM_RC Tpm::ImportSync(const TPMI_DH_OBJECT& parent_handle,
   12455                        const std::string& parent_handle_name,
   12456                        const TPM2B_DATA& encryption_key,
   12457                        const TPM2B_PUBLIC& object_public,
   12458                        const TPM2B_PRIVATE& duplicate,
   12459                        const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   12460                        const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   12461                        TPM2B_PRIVATE* out_private,
   12462                        AuthorizationDelegate* authorization_delegate) {
   12463   VLOG(1) << __func__;
   12464   std::string command;
   12465   TPM_RC rc = SerializeCommand_Import(
   12466       parent_handle, parent_handle_name, encryption_key, object_public,
   12467       duplicate, in_sym_seed, symmetric_alg, &command, authorization_delegate);
   12468   if (rc != TPM_RC_SUCCESS) {
   12469     return rc;
   12470   }
   12471   std::string response = transceiver_->SendCommandAndWait(command);
   12472   rc = ParseResponse_Import(response, out_private, authorization_delegate);
   12473   return rc;
   12474 }
   12475 
   12476 TPM_RC Tpm::SerializeCommand_RSA_Encrypt(
   12477     const TPMI_DH_OBJECT& key_handle,
   12478     const std::string& key_handle_name,
   12479     const TPM2B_PUBLIC_KEY_RSA& message,
   12480     const TPMT_RSA_DECRYPT& in_scheme,
   12481     const TPM2B_DATA& label,
   12482     std::string* serialized_command,
   12483     AuthorizationDelegate* authorization_delegate) {
   12484   VLOG(3) << __func__;
   12485   TPM_RC rc = TPM_RC_SUCCESS;
   12486   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12487   UINT32 command_size = 10;  // Header size.
   12488   std::string handle_section_bytes;
   12489   std::string parameter_section_bytes;
   12490   TPM_CC command_code = TPM_CC_RSA_Encrypt;
   12491   bool is_command_parameter_encryption_possible = true;
   12492   bool is_response_parameter_encryption_possible = true;
   12493   std::string command_code_bytes;
   12494   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12495   if (rc != TPM_RC_SUCCESS) {
   12496     return rc;
   12497   }
   12498   std::string key_handle_bytes;
   12499   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   12500   if (rc != TPM_RC_SUCCESS) {
   12501     return rc;
   12502   }
   12503   std::string message_bytes;
   12504   rc = Serialize_TPM2B_PUBLIC_KEY_RSA(message, &message_bytes);
   12505   if (rc != TPM_RC_SUCCESS) {
   12506     return rc;
   12507   }
   12508   std::string in_scheme_bytes;
   12509   rc = Serialize_TPMT_RSA_DECRYPT(in_scheme, &in_scheme_bytes);
   12510   if (rc != TPM_RC_SUCCESS) {
   12511     return rc;
   12512   }
   12513   std::string label_bytes;
   12514   rc = Serialize_TPM2B_DATA(label, &label_bytes);
   12515   if (rc != TPM_RC_SUCCESS) {
   12516     return rc;
   12517   }
   12518   if (authorization_delegate) {
   12519     // Encrypt just the parameter data, not the size.
   12520     std::string tmp = message_bytes.substr(2);
   12521     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   12522       return TRUNKS_RC_ENCRYPTION_FAILED;
   12523     }
   12524     message_bytes.replace(2, std::string::npos, tmp);
   12525   }
   12526   std::unique_ptr<crypto::SecureHash> hash(
   12527       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12528   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12529   hash->Update(key_handle_name.data(), key_handle_name.size());
   12530   handle_section_bytes += key_handle_bytes;
   12531   command_size += key_handle_bytes.size();
   12532   hash->Update(message_bytes.data(), message_bytes.size());
   12533   parameter_section_bytes += message_bytes;
   12534   command_size += message_bytes.size();
   12535   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   12536   parameter_section_bytes += in_scheme_bytes;
   12537   command_size += in_scheme_bytes.size();
   12538   hash->Update(label_bytes.data(), label_bytes.size());
   12539   parameter_section_bytes += label_bytes;
   12540   command_size += label_bytes.size();
   12541   std::string command_hash(32, 0);
   12542   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   12543   std::string authorization_section_bytes;
   12544   std::string authorization_size_bytes;
   12545   if (authorization_delegate) {
   12546     if (!authorization_delegate->GetCommandAuthorization(
   12547             command_hash, is_command_parameter_encryption_possible,
   12548             is_response_parameter_encryption_possible,
   12549             &authorization_section_bytes)) {
   12550       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12551     }
   12552     if (!authorization_section_bytes.empty()) {
   12553       tag = TPM_ST_SESSIONS;
   12554       std::string tmp;
   12555       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12556                             &authorization_size_bytes);
   12557       if (rc != TPM_RC_SUCCESS) {
   12558         return rc;
   12559       }
   12560       command_size +=
   12561           authorization_size_bytes.size() + authorization_section_bytes.size();
   12562     }
   12563   }
   12564   std::string tag_bytes;
   12565   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   12566   if (rc != TPM_RC_SUCCESS) {
   12567     return rc;
   12568   }
   12569   std::string command_size_bytes;
   12570   rc = Serialize_UINT32(command_size, &command_size_bytes);
   12571   if (rc != TPM_RC_SUCCESS) {
   12572     return rc;
   12573   }
   12574   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   12575                         handle_section_bytes + authorization_size_bytes +
   12576                         authorization_section_bytes + parameter_section_bytes;
   12577   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12578   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12579                                             serialized_command->size());
   12580   return TPM_RC_SUCCESS;
   12581 }
   12582 
   12583 TPM_RC Tpm::ParseResponse_RSA_Encrypt(
   12584     const std::string& response,
   12585     TPM2B_PUBLIC_KEY_RSA* out_data,
   12586     AuthorizationDelegate* authorization_delegate) {
   12587   VLOG(3) << __func__;
   12588   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12589   TPM_RC rc = TPM_RC_SUCCESS;
   12590   std::string buffer(response);
   12591   TPM_ST tag;
   12592   std::string tag_bytes;
   12593   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   12594   if (rc != TPM_RC_SUCCESS) {
   12595     return rc;
   12596   }
   12597   UINT32 response_size;
   12598   std::string response_size_bytes;
   12599   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   12600   if (rc != TPM_RC_SUCCESS) {
   12601     return rc;
   12602   }
   12603   TPM_RC response_code;
   12604   std::string response_code_bytes;
   12605   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   12606   if (rc != TPM_RC_SUCCESS) {
   12607     return rc;
   12608   }
   12609   if (response_size != response.size()) {
   12610     return TPM_RC_SIZE;
   12611   }
   12612   if (response_code != TPM_RC_SUCCESS) {
   12613     return response_code;
   12614   }
   12615   TPM_CC command_code = TPM_CC_RSA_Encrypt;
   12616   std::string command_code_bytes;
   12617   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12618   if (rc != TPM_RC_SUCCESS) {
   12619     return rc;
   12620   }
   12621   std::string authorization_section_bytes;
   12622   if (tag == TPM_ST_SESSIONS) {
   12623     UINT32 parameter_section_size = buffer.size();
   12624     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12625     if (rc != TPM_RC_SUCCESS) {
   12626       return rc;
   12627     }
   12628     if (parameter_section_size > buffer.size()) {
   12629       return TPM_RC_INSUFFICIENT;
   12630     }
   12631     authorization_section_bytes = buffer.substr(parameter_section_size);
   12632     // Keep the parameter section in |buffer|.
   12633     buffer.erase(parameter_section_size);
   12634   }
   12635   std::unique_ptr<crypto::SecureHash> hash(
   12636       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12637   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   12638   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12639   hash->Update(buffer.data(), buffer.size());
   12640   std::string response_hash(32, 0);
   12641   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   12642   if (tag == TPM_ST_SESSIONS) {
   12643     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12644     if (!authorization_delegate->CheckResponseAuthorization(
   12645             response_hash, authorization_section_bytes)) {
   12646       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12647     }
   12648   }
   12649   std::string out_data_bytes;
   12650   rc = Parse_TPM2B_PUBLIC_KEY_RSA(&buffer, out_data, &out_data_bytes);
   12651   if (rc != TPM_RC_SUCCESS) {
   12652     return rc;
   12653   }
   12654   if (tag == TPM_ST_SESSIONS) {
   12655     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12656     // Decrypt just the parameter data, not the size.
   12657     std::string tmp = out_data_bytes.substr(2);
   12658     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12659       return TRUNKS_RC_ENCRYPTION_FAILED;
   12660     }
   12661     out_data_bytes.replace(2, std::string::npos, tmp);
   12662     rc = Parse_TPM2B_PUBLIC_KEY_RSA(&out_data_bytes, out_data, nullptr);
   12663     if (rc != TPM_RC_SUCCESS) {
   12664       return rc;
   12665     }
   12666   }
   12667   return TPM_RC_SUCCESS;
   12668 }
   12669 
   12670 void RSA_EncryptErrorCallback(const Tpm::RSA_EncryptResponse& callback,
   12671                               TPM_RC response_code) {
   12672   VLOG(1) << __func__;
   12673   callback.Run(response_code, TPM2B_PUBLIC_KEY_RSA());
   12674 }
   12675 
   12676 void RSA_EncryptResponseParser(const Tpm::RSA_EncryptResponse& callback,
   12677                                AuthorizationDelegate* authorization_delegate,
   12678                                const std::string& response) {
   12679   VLOG(1) << __func__;
   12680   base::Callback<void(TPM_RC)> error_reporter =
   12681       base::Bind(RSA_EncryptErrorCallback, callback);
   12682   TPM2B_PUBLIC_KEY_RSA out_data;
   12683   TPM_RC rc = Tpm::ParseResponse_RSA_Encrypt(response, &out_data,
   12684                                              authorization_delegate);
   12685   if (rc != TPM_RC_SUCCESS) {
   12686     error_reporter.Run(rc);
   12687     return;
   12688   }
   12689   callback.Run(rc, out_data);
   12690 }
   12691 
   12692 void Tpm::RSA_Encrypt(const TPMI_DH_OBJECT& key_handle,
   12693                       const std::string& key_handle_name,
   12694                       const TPM2B_PUBLIC_KEY_RSA& message,
   12695                       const TPMT_RSA_DECRYPT& in_scheme,
   12696                       const TPM2B_DATA& label,
   12697                       AuthorizationDelegate* authorization_delegate,
   12698                       const RSA_EncryptResponse& callback) {
   12699   VLOG(1) << __func__;
   12700   base::Callback<void(TPM_RC)> error_reporter =
   12701       base::Bind(RSA_EncryptErrorCallback, callback);
   12702   base::Callback<void(const std::string&)> parser =
   12703       base::Bind(RSA_EncryptResponseParser, callback, authorization_delegate);
   12704   std::string command;
   12705   TPM_RC rc = SerializeCommand_RSA_Encrypt(key_handle, key_handle_name, message,
   12706                                            in_scheme, label, &command,
   12707                                            authorization_delegate);
   12708   if (rc != TPM_RC_SUCCESS) {
   12709     error_reporter.Run(rc);
   12710     return;
   12711   }
   12712   transceiver_->SendCommand(command, parser);
   12713 }
   12714 
   12715 TPM_RC Tpm::RSA_EncryptSync(const TPMI_DH_OBJECT& key_handle,
   12716                             const std::string& key_handle_name,
   12717                             const TPM2B_PUBLIC_KEY_RSA& message,
   12718                             const TPMT_RSA_DECRYPT& in_scheme,
   12719                             const TPM2B_DATA& label,
   12720                             TPM2B_PUBLIC_KEY_RSA* out_data,
   12721                             AuthorizationDelegate* authorization_delegate) {
   12722   VLOG(1) << __func__;
   12723   std::string command;
   12724   TPM_RC rc = SerializeCommand_RSA_Encrypt(key_handle, key_handle_name, message,
   12725                                            in_scheme, label, &command,
   12726                                            authorization_delegate);
   12727   if (rc != TPM_RC_SUCCESS) {
   12728     return rc;
   12729   }
   12730   std::string response = transceiver_->SendCommandAndWait(command);
   12731   rc = ParseResponse_RSA_Encrypt(response, out_data, authorization_delegate);
   12732   return rc;
   12733 }
   12734 
   12735 TPM_RC Tpm::SerializeCommand_RSA_Decrypt(
   12736     const TPMI_DH_OBJECT& key_handle,
   12737     const std::string& key_handle_name,
   12738     const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   12739     const TPMT_RSA_DECRYPT& in_scheme,
   12740     const TPM2B_DATA& label,
   12741     std::string* serialized_command,
   12742     AuthorizationDelegate* authorization_delegate) {
   12743   VLOG(3) << __func__;
   12744   TPM_RC rc = TPM_RC_SUCCESS;
   12745   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12746   UINT32 command_size = 10;  // Header size.
   12747   std::string handle_section_bytes;
   12748   std::string parameter_section_bytes;
   12749   TPM_CC command_code = TPM_CC_RSA_Decrypt;
   12750   bool is_command_parameter_encryption_possible = true;
   12751   bool is_response_parameter_encryption_possible = true;
   12752   std::string command_code_bytes;
   12753   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12754   if (rc != TPM_RC_SUCCESS) {
   12755     return rc;
   12756   }
   12757   std::string key_handle_bytes;
   12758   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   12759   if (rc != TPM_RC_SUCCESS) {
   12760     return rc;
   12761   }
   12762   std::string cipher_text_bytes;
   12763   rc = Serialize_TPM2B_PUBLIC_KEY_RSA(cipher_text, &cipher_text_bytes);
   12764   if (rc != TPM_RC_SUCCESS) {
   12765     return rc;
   12766   }
   12767   std::string in_scheme_bytes;
   12768   rc = Serialize_TPMT_RSA_DECRYPT(in_scheme, &in_scheme_bytes);
   12769   if (rc != TPM_RC_SUCCESS) {
   12770     return rc;
   12771   }
   12772   std::string label_bytes;
   12773   rc = Serialize_TPM2B_DATA(label, &label_bytes);
   12774   if (rc != TPM_RC_SUCCESS) {
   12775     return rc;
   12776   }
   12777   if (authorization_delegate) {
   12778     // Encrypt just the parameter data, not the size.
   12779     std::string tmp = cipher_text_bytes.substr(2);
   12780     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   12781       return TRUNKS_RC_ENCRYPTION_FAILED;
   12782     }
   12783     cipher_text_bytes.replace(2, std::string::npos, tmp);
   12784   }
   12785   std::unique_ptr<crypto::SecureHash> hash(
   12786       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12787   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12788   hash->Update(key_handle_name.data(), key_handle_name.size());
   12789   handle_section_bytes += key_handle_bytes;
   12790   command_size += key_handle_bytes.size();
   12791   hash->Update(cipher_text_bytes.data(), cipher_text_bytes.size());
   12792   parameter_section_bytes += cipher_text_bytes;
   12793   command_size += cipher_text_bytes.size();
   12794   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   12795   parameter_section_bytes += in_scheme_bytes;
   12796   command_size += in_scheme_bytes.size();
   12797   hash->Update(label_bytes.data(), label_bytes.size());
   12798   parameter_section_bytes += label_bytes;
   12799   command_size += label_bytes.size();
   12800   std::string command_hash(32, 0);
   12801   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   12802   std::string authorization_section_bytes;
   12803   std::string authorization_size_bytes;
   12804   if (authorization_delegate) {
   12805     if (!authorization_delegate->GetCommandAuthorization(
   12806             command_hash, is_command_parameter_encryption_possible,
   12807             is_response_parameter_encryption_possible,
   12808             &authorization_section_bytes)) {
   12809       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12810     }
   12811     if (!authorization_section_bytes.empty()) {
   12812       tag = TPM_ST_SESSIONS;
   12813       std::string tmp;
   12814       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12815                             &authorization_size_bytes);
   12816       if (rc != TPM_RC_SUCCESS) {
   12817         return rc;
   12818       }
   12819       command_size +=
   12820           authorization_size_bytes.size() + authorization_section_bytes.size();
   12821     }
   12822   }
   12823   std::string tag_bytes;
   12824   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   12825   if (rc != TPM_RC_SUCCESS) {
   12826     return rc;
   12827   }
   12828   std::string command_size_bytes;
   12829   rc = Serialize_UINT32(command_size, &command_size_bytes);
   12830   if (rc != TPM_RC_SUCCESS) {
   12831     return rc;
   12832   }
   12833   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   12834                         handle_section_bytes + authorization_size_bytes +
   12835                         authorization_section_bytes + parameter_section_bytes;
   12836   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12837   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12838                                             serialized_command->size());
   12839   return TPM_RC_SUCCESS;
   12840 }
   12841 
   12842 TPM_RC Tpm::ParseResponse_RSA_Decrypt(
   12843     const std::string& response,
   12844     TPM2B_PUBLIC_KEY_RSA* message,
   12845     AuthorizationDelegate* authorization_delegate) {
   12846   VLOG(3) << __func__;
   12847   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12848   TPM_RC rc = TPM_RC_SUCCESS;
   12849   std::string buffer(response);
   12850   TPM_ST tag;
   12851   std::string tag_bytes;
   12852   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   12853   if (rc != TPM_RC_SUCCESS) {
   12854     return rc;
   12855   }
   12856   UINT32 response_size;
   12857   std::string response_size_bytes;
   12858   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   12859   if (rc != TPM_RC_SUCCESS) {
   12860     return rc;
   12861   }
   12862   TPM_RC response_code;
   12863   std::string response_code_bytes;
   12864   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   12865   if (rc != TPM_RC_SUCCESS) {
   12866     return rc;
   12867   }
   12868   if (response_size != response.size()) {
   12869     return TPM_RC_SIZE;
   12870   }
   12871   if (response_code != TPM_RC_SUCCESS) {
   12872     return response_code;
   12873   }
   12874   TPM_CC command_code = TPM_CC_RSA_Decrypt;
   12875   std::string command_code_bytes;
   12876   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   12877   if (rc != TPM_RC_SUCCESS) {
   12878     return rc;
   12879   }
   12880   std::string authorization_section_bytes;
   12881   if (tag == TPM_ST_SESSIONS) {
   12882     UINT32 parameter_section_size = buffer.size();
   12883     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12884     if (rc != TPM_RC_SUCCESS) {
   12885       return rc;
   12886     }
   12887     if (parameter_section_size > buffer.size()) {
   12888       return TPM_RC_INSUFFICIENT;
   12889     }
   12890     authorization_section_bytes = buffer.substr(parameter_section_size);
   12891     // Keep the parameter section in |buffer|.
   12892     buffer.erase(parameter_section_size);
   12893   }
   12894   std::unique_ptr<crypto::SecureHash> hash(
   12895       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   12896   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   12897   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   12898   hash->Update(buffer.data(), buffer.size());
   12899   std::string response_hash(32, 0);
   12900   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   12901   if (tag == TPM_ST_SESSIONS) {
   12902     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12903     if (!authorization_delegate->CheckResponseAuthorization(
   12904             response_hash, authorization_section_bytes)) {
   12905       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12906     }
   12907   }
   12908   std::string message_bytes;
   12909   rc = Parse_TPM2B_PUBLIC_KEY_RSA(&buffer, message, &message_bytes);
   12910   if (rc != TPM_RC_SUCCESS) {
   12911     return rc;
   12912   }
   12913   if (tag == TPM_ST_SESSIONS) {
   12914     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12915     // Decrypt just the parameter data, not the size.
   12916     std::string tmp = message_bytes.substr(2);
   12917     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12918       return TRUNKS_RC_ENCRYPTION_FAILED;
   12919     }
   12920     message_bytes.replace(2, std::string::npos, tmp);
   12921     rc = Parse_TPM2B_PUBLIC_KEY_RSA(&message_bytes, message, nullptr);
   12922     if (rc != TPM_RC_SUCCESS) {
   12923       return rc;
   12924     }
   12925   }
   12926   return TPM_RC_SUCCESS;
   12927 }
   12928 
   12929 void RSA_DecryptErrorCallback(const Tpm::RSA_DecryptResponse& callback,
   12930                               TPM_RC response_code) {
   12931   VLOG(1) << __func__;
   12932   callback.Run(response_code, TPM2B_PUBLIC_KEY_RSA());
   12933 }
   12934 
   12935 void RSA_DecryptResponseParser(const Tpm::RSA_DecryptResponse& callback,
   12936                                AuthorizationDelegate* authorization_delegate,
   12937                                const std::string& response) {
   12938   VLOG(1) << __func__;
   12939   base::Callback<void(TPM_RC)> error_reporter =
   12940       base::Bind(RSA_DecryptErrorCallback, callback);
   12941   TPM2B_PUBLIC_KEY_RSA message;
   12942   TPM_RC rc = Tpm::ParseResponse_RSA_Decrypt(response, &message,
   12943                                              authorization_delegate);
   12944   if (rc != TPM_RC_SUCCESS) {
   12945     error_reporter.Run(rc);
   12946     return;
   12947   }
   12948   callback.Run(rc, message);
   12949 }
   12950 
   12951 void Tpm::RSA_Decrypt(const TPMI_DH_OBJECT& key_handle,
   12952                       const std::string& key_handle_name,
   12953                       const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   12954                       const TPMT_RSA_DECRYPT& in_scheme,
   12955                       const TPM2B_DATA& label,
   12956                       AuthorizationDelegate* authorization_delegate,
   12957                       const RSA_DecryptResponse& callback) {
   12958   VLOG(1) << __func__;
   12959   base::Callback<void(TPM_RC)> error_reporter =
   12960       base::Bind(RSA_DecryptErrorCallback, callback);
   12961   base::Callback<void(const std::string&)> parser =
   12962       base::Bind(RSA_DecryptResponseParser, callback, authorization_delegate);
   12963   std::string command;
   12964   TPM_RC rc = SerializeCommand_RSA_Decrypt(key_handle, key_handle_name,
   12965                                            cipher_text, in_scheme, label,
   12966                                            &command, authorization_delegate);
   12967   if (rc != TPM_RC_SUCCESS) {
   12968     error_reporter.Run(rc);
   12969     return;
   12970   }
   12971   transceiver_->SendCommand(command, parser);
   12972 }
   12973 
   12974 TPM_RC Tpm::RSA_DecryptSync(const TPMI_DH_OBJECT& key_handle,
   12975                             const std::string& key_handle_name,
   12976                             const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   12977                             const TPMT_RSA_DECRYPT& in_scheme,
   12978                             const TPM2B_DATA& label,
   12979                             TPM2B_PUBLIC_KEY_RSA* message,
   12980                             AuthorizationDelegate* authorization_delegate) {
   12981   VLOG(1) << __func__;
   12982   std::string command;
   12983   TPM_RC rc = SerializeCommand_RSA_Decrypt(key_handle, key_handle_name,
   12984                                            cipher_text, in_scheme, label,
   12985                                            &command, authorization_delegate);
   12986   if (rc != TPM_RC_SUCCESS) {
   12987     return rc;
   12988   }
   12989   std::string response = transceiver_->SendCommandAndWait(command);
   12990   rc = ParseResponse_RSA_Decrypt(response, message, authorization_delegate);
   12991   return rc;
   12992 }
   12993 
   12994 TPM_RC Tpm::SerializeCommand_ECDH_KeyGen(
   12995     const TPMI_DH_OBJECT& key_handle,
   12996     const std::string& key_handle_name,
   12997     std::string* serialized_command,
   12998     AuthorizationDelegate* authorization_delegate) {
   12999   VLOG(3) << __func__;
   13000   TPM_RC rc = TPM_RC_SUCCESS;
   13001   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13002   UINT32 command_size = 10;  // Header size.
   13003   std::string handle_section_bytes;
   13004   std::string parameter_section_bytes;
   13005   TPM_CC command_code = TPM_CC_ECDH_KeyGen;
   13006   bool is_command_parameter_encryption_possible = false;
   13007   bool is_response_parameter_encryption_possible = true;
   13008   std::string command_code_bytes;
   13009   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13010   if (rc != TPM_RC_SUCCESS) {
   13011     return rc;
   13012   }
   13013   std::string key_handle_bytes;
   13014   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   13015   if (rc != TPM_RC_SUCCESS) {
   13016     return rc;
   13017   }
   13018   std::unique_ptr<crypto::SecureHash> hash(
   13019       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13020   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13021   hash->Update(key_handle_name.data(), key_handle_name.size());
   13022   handle_section_bytes += key_handle_bytes;
   13023   command_size += key_handle_bytes.size();
   13024   std::string command_hash(32, 0);
   13025   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   13026   std::string authorization_section_bytes;
   13027   std::string authorization_size_bytes;
   13028   if (authorization_delegate) {
   13029     if (!authorization_delegate->GetCommandAuthorization(
   13030             command_hash, is_command_parameter_encryption_possible,
   13031             is_response_parameter_encryption_possible,
   13032             &authorization_section_bytes)) {
   13033       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13034     }
   13035     if (!authorization_section_bytes.empty()) {
   13036       tag = TPM_ST_SESSIONS;
   13037       std::string tmp;
   13038       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13039                             &authorization_size_bytes);
   13040       if (rc != TPM_RC_SUCCESS) {
   13041         return rc;
   13042       }
   13043       command_size +=
   13044           authorization_size_bytes.size() + authorization_section_bytes.size();
   13045     }
   13046   }
   13047   std::string tag_bytes;
   13048   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   13049   if (rc != TPM_RC_SUCCESS) {
   13050     return rc;
   13051   }
   13052   std::string command_size_bytes;
   13053   rc = Serialize_UINT32(command_size, &command_size_bytes);
   13054   if (rc != TPM_RC_SUCCESS) {
   13055     return rc;
   13056   }
   13057   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   13058                         handle_section_bytes + authorization_size_bytes +
   13059                         authorization_section_bytes + parameter_section_bytes;
   13060   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13061   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13062                                             serialized_command->size());
   13063   return TPM_RC_SUCCESS;
   13064 }
   13065 
   13066 TPM_RC Tpm::ParseResponse_ECDH_KeyGen(
   13067     const std::string& response,
   13068     TPM2B_ECC_POINT* z_point,
   13069     TPM2B_ECC_POINT* pub_point,
   13070     AuthorizationDelegate* authorization_delegate) {
   13071   VLOG(3) << __func__;
   13072   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13073   TPM_RC rc = TPM_RC_SUCCESS;
   13074   std::string buffer(response);
   13075   TPM_ST tag;
   13076   std::string tag_bytes;
   13077   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   13078   if (rc != TPM_RC_SUCCESS) {
   13079     return rc;
   13080   }
   13081   UINT32 response_size;
   13082   std::string response_size_bytes;
   13083   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   13084   if (rc != TPM_RC_SUCCESS) {
   13085     return rc;
   13086   }
   13087   TPM_RC response_code;
   13088   std::string response_code_bytes;
   13089   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   13090   if (rc != TPM_RC_SUCCESS) {
   13091     return rc;
   13092   }
   13093   if (response_size != response.size()) {
   13094     return TPM_RC_SIZE;
   13095   }
   13096   if (response_code != TPM_RC_SUCCESS) {
   13097     return response_code;
   13098   }
   13099   TPM_CC command_code = TPM_CC_ECDH_KeyGen;
   13100   std::string command_code_bytes;
   13101   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13102   if (rc != TPM_RC_SUCCESS) {
   13103     return rc;
   13104   }
   13105   std::string authorization_section_bytes;
   13106   if (tag == TPM_ST_SESSIONS) {
   13107     UINT32 parameter_section_size = buffer.size();
   13108     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13109     if (rc != TPM_RC_SUCCESS) {
   13110       return rc;
   13111     }
   13112     if (parameter_section_size > buffer.size()) {
   13113       return TPM_RC_INSUFFICIENT;
   13114     }
   13115     authorization_section_bytes = buffer.substr(parameter_section_size);
   13116     // Keep the parameter section in |buffer|.
   13117     buffer.erase(parameter_section_size);
   13118   }
   13119   std::unique_ptr<crypto::SecureHash> hash(
   13120       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13121   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   13122   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13123   hash->Update(buffer.data(), buffer.size());
   13124   std::string response_hash(32, 0);
   13125   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   13126   if (tag == TPM_ST_SESSIONS) {
   13127     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13128     if (!authorization_delegate->CheckResponseAuthorization(
   13129             response_hash, authorization_section_bytes)) {
   13130       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13131     }
   13132   }
   13133   std::string z_point_bytes;
   13134   rc = Parse_TPM2B_ECC_POINT(&buffer, z_point, &z_point_bytes);
   13135   if (rc != TPM_RC_SUCCESS) {
   13136     return rc;
   13137   }
   13138   std::string pub_point_bytes;
   13139   rc = Parse_TPM2B_ECC_POINT(&buffer, pub_point, &pub_point_bytes);
   13140   if (rc != TPM_RC_SUCCESS) {
   13141     return rc;
   13142   }
   13143   if (tag == TPM_ST_SESSIONS) {
   13144     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13145     // Decrypt just the parameter data, not the size.
   13146     std::string tmp = z_point_bytes.substr(2);
   13147     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13148       return TRUNKS_RC_ENCRYPTION_FAILED;
   13149     }
   13150     z_point_bytes.replace(2, std::string::npos, tmp);
   13151     rc = Parse_TPM2B_ECC_POINT(&z_point_bytes, z_point, nullptr);
   13152     if (rc != TPM_RC_SUCCESS) {
   13153       return rc;
   13154     }
   13155   }
   13156   return TPM_RC_SUCCESS;
   13157 }
   13158 
   13159 void ECDH_KeyGenErrorCallback(const Tpm::ECDH_KeyGenResponse& callback,
   13160                               TPM_RC response_code) {
   13161   VLOG(1) << __func__;
   13162   callback.Run(response_code, TPM2B_ECC_POINT(), TPM2B_ECC_POINT());
   13163 }
   13164 
   13165 void ECDH_KeyGenResponseParser(const Tpm::ECDH_KeyGenResponse& callback,
   13166                                AuthorizationDelegate* authorization_delegate,
   13167                                const std::string& response) {
   13168   VLOG(1) << __func__;
   13169   base::Callback<void(TPM_RC)> error_reporter =
   13170       base::Bind(ECDH_KeyGenErrorCallback, callback);
   13171   TPM2B_ECC_POINT z_point;
   13172   TPM2B_ECC_POINT pub_point;
   13173   TPM_RC rc = Tpm::ParseResponse_ECDH_KeyGen(response, &z_point, &pub_point,
   13174                                              authorization_delegate);
   13175   if (rc != TPM_RC_SUCCESS) {
   13176     error_reporter.Run(rc);
   13177     return;
   13178   }
   13179   callback.Run(rc, z_point, pub_point);
   13180 }
   13181 
   13182 void Tpm::ECDH_KeyGen(const TPMI_DH_OBJECT& key_handle,
   13183                       const std::string& key_handle_name,
   13184                       AuthorizationDelegate* authorization_delegate,
   13185                       const ECDH_KeyGenResponse& callback) {
   13186   VLOG(1) << __func__;
   13187   base::Callback<void(TPM_RC)> error_reporter =
   13188       base::Bind(ECDH_KeyGenErrorCallback, callback);
   13189   base::Callback<void(const std::string&)> parser =
   13190       base::Bind(ECDH_KeyGenResponseParser, callback, authorization_delegate);
   13191   std::string command;
   13192   TPM_RC rc = SerializeCommand_ECDH_KeyGen(key_handle, key_handle_name,
   13193                                            &command, authorization_delegate);
   13194   if (rc != TPM_RC_SUCCESS) {
   13195     error_reporter.Run(rc);
   13196     return;
   13197   }
   13198   transceiver_->SendCommand(command, parser);
   13199 }
   13200 
   13201 TPM_RC Tpm::ECDH_KeyGenSync(const TPMI_DH_OBJECT& key_handle,
   13202                             const std::string& key_handle_name,
   13203                             TPM2B_ECC_POINT* z_point,
   13204                             TPM2B_ECC_POINT* pub_point,
   13205                             AuthorizationDelegate* authorization_delegate) {
   13206   VLOG(1) << __func__;
   13207   std::string command;
   13208   TPM_RC rc = SerializeCommand_ECDH_KeyGen(key_handle, key_handle_name,
   13209                                            &command, authorization_delegate);
   13210   if (rc != TPM_RC_SUCCESS) {
   13211     return rc;
   13212   }
   13213   std::string response = transceiver_->SendCommandAndWait(command);
   13214   rc = ParseResponse_ECDH_KeyGen(response, z_point, pub_point,
   13215                                  authorization_delegate);
   13216   return rc;
   13217 }
   13218 
   13219 TPM_RC Tpm::SerializeCommand_ECDH_ZGen(
   13220     const TPMI_DH_OBJECT& key_handle,
   13221     const std::string& key_handle_name,
   13222     const TPM2B_ECC_POINT& in_point,
   13223     std::string* serialized_command,
   13224     AuthorizationDelegate* authorization_delegate) {
   13225   VLOG(3) << __func__;
   13226   TPM_RC rc = TPM_RC_SUCCESS;
   13227   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13228   UINT32 command_size = 10;  // Header size.
   13229   std::string handle_section_bytes;
   13230   std::string parameter_section_bytes;
   13231   TPM_CC command_code = TPM_CC_ECDH_ZGen;
   13232   bool is_command_parameter_encryption_possible = true;
   13233   bool is_response_parameter_encryption_possible = true;
   13234   std::string command_code_bytes;
   13235   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13236   if (rc != TPM_RC_SUCCESS) {
   13237     return rc;
   13238   }
   13239   std::string key_handle_bytes;
   13240   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   13241   if (rc != TPM_RC_SUCCESS) {
   13242     return rc;
   13243   }
   13244   std::string in_point_bytes;
   13245   rc = Serialize_TPM2B_ECC_POINT(in_point, &in_point_bytes);
   13246   if (rc != TPM_RC_SUCCESS) {
   13247     return rc;
   13248   }
   13249   if (authorization_delegate) {
   13250     // Encrypt just the parameter data, not the size.
   13251     std::string tmp = in_point_bytes.substr(2);
   13252     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   13253       return TRUNKS_RC_ENCRYPTION_FAILED;
   13254     }
   13255     in_point_bytes.replace(2, std::string::npos, tmp);
   13256   }
   13257   std::unique_ptr<crypto::SecureHash> hash(
   13258       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13259   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13260   hash->Update(key_handle_name.data(), key_handle_name.size());
   13261   handle_section_bytes += key_handle_bytes;
   13262   command_size += key_handle_bytes.size();
   13263   hash->Update(in_point_bytes.data(), in_point_bytes.size());
   13264   parameter_section_bytes += in_point_bytes;
   13265   command_size += in_point_bytes.size();
   13266   std::string command_hash(32, 0);
   13267   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   13268   std::string authorization_section_bytes;
   13269   std::string authorization_size_bytes;
   13270   if (authorization_delegate) {
   13271     if (!authorization_delegate->GetCommandAuthorization(
   13272             command_hash, is_command_parameter_encryption_possible,
   13273             is_response_parameter_encryption_possible,
   13274             &authorization_section_bytes)) {
   13275       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13276     }
   13277     if (!authorization_section_bytes.empty()) {
   13278       tag = TPM_ST_SESSIONS;
   13279       std::string tmp;
   13280       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13281                             &authorization_size_bytes);
   13282       if (rc != TPM_RC_SUCCESS) {
   13283         return rc;
   13284       }
   13285       command_size +=
   13286           authorization_size_bytes.size() + authorization_section_bytes.size();
   13287     }
   13288   }
   13289   std::string tag_bytes;
   13290   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   13291   if (rc != TPM_RC_SUCCESS) {
   13292     return rc;
   13293   }
   13294   std::string command_size_bytes;
   13295   rc = Serialize_UINT32(command_size, &command_size_bytes);
   13296   if (rc != TPM_RC_SUCCESS) {
   13297     return rc;
   13298   }
   13299   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   13300                         handle_section_bytes + authorization_size_bytes +
   13301                         authorization_section_bytes + parameter_section_bytes;
   13302   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13303   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13304                                             serialized_command->size());
   13305   return TPM_RC_SUCCESS;
   13306 }
   13307 
   13308 TPM_RC Tpm::ParseResponse_ECDH_ZGen(
   13309     const std::string& response,
   13310     TPM2B_ECC_POINT* out_point,
   13311     AuthorizationDelegate* authorization_delegate) {
   13312   VLOG(3) << __func__;
   13313   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13314   TPM_RC rc = TPM_RC_SUCCESS;
   13315   std::string buffer(response);
   13316   TPM_ST tag;
   13317   std::string tag_bytes;
   13318   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   13319   if (rc != TPM_RC_SUCCESS) {
   13320     return rc;
   13321   }
   13322   UINT32 response_size;
   13323   std::string response_size_bytes;
   13324   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   13325   if (rc != TPM_RC_SUCCESS) {
   13326     return rc;
   13327   }
   13328   TPM_RC response_code;
   13329   std::string response_code_bytes;
   13330   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   13331   if (rc != TPM_RC_SUCCESS) {
   13332     return rc;
   13333   }
   13334   if (response_size != response.size()) {
   13335     return TPM_RC_SIZE;
   13336   }
   13337   if (response_code != TPM_RC_SUCCESS) {
   13338     return response_code;
   13339   }
   13340   TPM_CC command_code = TPM_CC_ECDH_ZGen;
   13341   std::string command_code_bytes;
   13342   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13343   if (rc != TPM_RC_SUCCESS) {
   13344     return rc;
   13345   }
   13346   std::string authorization_section_bytes;
   13347   if (tag == TPM_ST_SESSIONS) {
   13348     UINT32 parameter_section_size = buffer.size();
   13349     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13350     if (rc != TPM_RC_SUCCESS) {
   13351       return rc;
   13352     }
   13353     if (parameter_section_size > buffer.size()) {
   13354       return TPM_RC_INSUFFICIENT;
   13355     }
   13356     authorization_section_bytes = buffer.substr(parameter_section_size);
   13357     // Keep the parameter section in |buffer|.
   13358     buffer.erase(parameter_section_size);
   13359   }
   13360   std::unique_ptr<crypto::SecureHash> hash(
   13361       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13362   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   13363   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13364   hash->Update(buffer.data(), buffer.size());
   13365   std::string response_hash(32, 0);
   13366   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   13367   if (tag == TPM_ST_SESSIONS) {
   13368     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13369     if (!authorization_delegate->CheckResponseAuthorization(
   13370             response_hash, authorization_section_bytes)) {
   13371       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13372     }
   13373   }
   13374   std::string out_point_bytes;
   13375   rc = Parse_TPM2B_ECC_POINT(&buffer, out_point, &out_point_bytes);
   13376   if (rc != TPM_RC_SUCCESS) {
   13377     return rc;
   13378   }
   13379   if (tag == TPM_ST_SESSIONS) {
   13380     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13381     // Decrypt just the parameter data, not the size.
   13382     std::string tmp = out_point_bytes.substr(2);
   13383     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13384       return TRUNKS_RC_ENCRYPTION_FAILED;
   13385     }
   13386     out_point_bytes.replace(2, std::string::npos, tmp);
   13387     rc = Parse_TPM2B_ECC_POINT(&out_point_bytes, out_point, nullptr);
   13388     if (rc != TPM_RC_SUCCESS) {
   13389       return rc;
   13390     }
   13391   }
   13392   return TPM_RC_SUCCESS;
   13393 }
   13394 
   13395 void ECDH_ZGenErrorCallback(const Tpm::ECDH_ZGenResponse& callback,
   13396                             TPM_RC response_code) {
   13397   VLOG(1) << __func__;
   13398   callback.Run(response_code, TPM2B_ECC_POINT());
   13399 }
   13400 
   13401 void ECDH_ZGenResponseParser(const Tpm::ECDH_ZGenResponse& callback,
   13402                              AuthorizationDelegate* authorization_delegate,
   13403                              const std::string& response) {
   13404   VLOG(1) << __func__;
   13405   base::Callback<void(TPM_RC)> error_reporter =
   13406       base::Bind(ECDH_ZGenErrorCallback, callback);
   13407   TPM2B_ECC_POINT out_point;
   13408   TPM_RC rc = Tpm::ParseResponse_ECDH_ZGen(response, &out_point,
   13409                                            authorization_delegate);
   13410   if (rc != TPM_RC_SUCCESS) {
   13411     error_reporter.Run(rc);
   13412     return;
   13413   }
   13414   callback.Run(rc, out_point);
   13415 }
   13416 
   13417 void Tpm::ECDH_ZGen(const TPMI_DH_OBJECT& key_handle,
   13418                     const std::string& key_handle_name,
   13419                     const TPM2B_ECC_POINT& in_point,
   13420                     AuthorizationDelegate* authorization_delegate,
   13421                     const ECDH_ZGenResponse& callback) {
   13422   VLOG(1) << __func__;
   13423   base::Callback<void(TPM_RC)> error_reporter =
   13424       base::Bind(ECDH_ZGenErrorCallback, callback);
   13425   base::Callback<void(const std::string&)> parser =
   13426       base::Bind(ECDH_ZGenResponseParser, callback, authorization_delegate);
   13427   std::string command;
   13428   TPM_RC rc = SerializeCommand_ECDH_ZGen(key_handle, key_handle_name, in_point,
   13429                                          &command, authorization_delegate);
   13430   if (rc != TPM_RC_SUCCESS) {
   13431     error_reporter.Run(rc);
   13432     return;
   13433   }
   13434   transceiver_->SendCommand(command, parser);
   13435 }
   13436 
   13437 TPM_RC Tpm::ECDH_ZGenSync(const TPMI_DH_OBJECT& key_handle,
   13438                           const std::string& key_handle_name,
   13439                           const TPM2B_ECC_POINT& in_point,
   13440                           TPM2B_ECC_POINT* out_point,
   13441                           AuthorizationDelegate* authorization_delegate) {
   13442   VLOG(1) << __func__;
   13443   std::string command;
   13444   TPM_RC rc = SerializeCommand_ECDH_ZGen(key_handle, key_handle_name, in_point,
   13445                                          &command, authorization_delegate);
   13446   if (rc != TPM_RC_SUCCESS) {
   13447     return rc;
   13448   }
   13449   std::string response = transceiver_->SendCommandAndWait(command);
   13450   rc = ParseResponse_ECDH_ZGen(response, out_point, authorization_delegate);
   13451   return rc;
   13452 }
   13453 
   13454 TPM_RC Tpm::SerializeCommand_ECC_Parameters(
   13455     const TPMI_ECC_CURVE& curve_id,
   13456     std::string* serialized_command,
   13457     AuthorizationDelegate* authorization_delegate) {
   13458   VLOG(3) << __func__;
   13459   TPM_RC rc = TPM_RC_SUCCESS;
   13460   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13461   UINT32 command_size = 10;  // Header size.
   13462   std::string handle_section_bytes;
   13463   std::string parameter_section_bytes;
   13464   TPM_CC command_code = TPM_CC_ECC_Parameters;
   13465   bool is_command_parameter_encryption_possible = false;
   13466   bool is_response_parameter_encryption_possible = false;
   13467   std::string command_code_bytes;
   13468   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13469   if (rc != TPM_RC_SUCCESS) {
   13470     return rc;
   13471   }
   13472   std::string curve_id_bytes;
   13473   rc = Serialize_TPMI_ECC_CURVE(curve_id, &curve_id_bytes);
   13474   if (rc != TPM_RC_SUCCESS) {
   13475     return rc;
   13476   }
   13477   std::unique_ptr<crypto::SecureHash> hash(
   13478       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13479   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13480   hash->Update(curve_id_bytes.data(), curve_id_bytes.size());
   13481   parameter_section_bytes += curve_id_bytes;
   13482   command_size += curve_id_bytes.size();
   13483   std::string command_hash(32, 0);
   13484   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   13485   std::string authorization_section_bytes;
   13486   std::string authorization_size_bytes;
   13487   if (authorization_delegate) {
   13488     if (!authorization_delegate->GetCommandAuthorization(
   13489             command_hash, is_command_parameter_encryption_possible,
   13490             is_response_parameter_encryption_possible,
   13491             &authorization_section_bytes)) {
   13492       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13493     }
   13494     if (!authorization_section_bytes.empty()) {
   13495       tag = TPM_ST_SESSIONS;
   13496       std::string tmp;
   13497       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13498                             &authorization_size_bytes);
   13499       if (rc != TPM_RC_SUCCESS) {
   13500         return rc;
   13501       }
   13502       command_size +=
   13503           authorization_size_bytes.size() + authorization_section_bytes.size();
   13504     }
   13505   }
   13506   std::string tag_bytes;
   13507   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   13508   if (rc != TPM_RC_SUCCESS) {
   13509     return rc;
   13510   }
   13511   std::string command_size_bytes;
   13512   rc = Serialize_UINT32(command_size, &command_size_bytes);
   13513   if (rc != TPM_RC_SUCCESS) {
   13514     return rc;
   13515   }
   13516   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   13517                         handle_section_bytes + authorization_size_bytes +
   13518                         authorization_section_bytes + parameter_section_bytes;
   13519   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13520   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13521                                             serialized_command->size());
   13522   return TPM_RC_SUCCESS;
   13523 }
   13524 
   13525 TPM_RC Tpm::ParseResponse_ECC_Parameters(
   13526     const std::string& response,
   13527     TPMS_ALGORITHM_DETAIL_ECC* parameters,
   13528     AuthorizationDelegate* authorization_delegate) {
   13529   VLOG(3) << __func__;
   13530   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13531   TPM_RC rc = TPM_RC_SUCCESS;
   13532   std::string buffer(response);
   13533   TPM_ST tag;
   13534   std::string tag_bytes;
   13535   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   13536   if (rc != TPM_RC_SUCCESS) {
   13537     return rc;
   13538   }
   13539   UINT32 response_size;
   13540   std::string response_size_bytes;
   13541   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   13542   if (rc != TPM_RC_SUCCESS) {
   13543     return rc;
   13544   }
   13545   TPM_RC response_code;
   13546   std::string response_code_bytes;
   13547   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   13548   if (rc != TPM_RC_SUCCESS) {
   13549     return rc;
   13550   }
   13551   if (response_size != response.size()) {
   13552     return TPM_RC_SIZE;
   13553   }
   13554   if (response_code != TPM_RC_SUCCESS) {
   13555     return response_code;
   13556   }
   13557   TPM_CC command_code = TPM_CC_ECC_Parameters;
   13558   std::string command_code_bytes;
   13559   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13560   if (rc != TPM_RC_SUCCESS) {
   13561     return rc;
   13562   }
   13563   std::string authorization_section_bytes;
   13564   if (tag == TPM_ST_SESSIONS) {
   13565     UINT32 parameter_section_size = buffer.size();
   13566     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13567     if (rc != TPM_RC_SUCCESS) {
   13568       return rc;
   13569     }
   13570     if (parameter_section_size > buffer.size()) {
   13571       return TPM_RC_INSUFFICIENT;
   13572     }
   13573     authorization_section_bytes = buffer.substr(parameter_section_size);
   13574     // Keep the parameter section in |buffer|.
   13575     buffer.erase(parameter_section_size);
   13576   }
   13577   std::unique_ptr<crypto::SecureHash> hash(
   13578       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13579   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   13580   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13581   hash->Update(buffer.data(), buffer.size());
   13582   std::string response_hash(32, 0);
   13583   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   13584   if (tag == TPM_ST_SESSIONS) {
   13585     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13586     if (!authorization_delegate->CheckResponseAuthorization(
   13587             response_hash, authorization_section_bytes)) {
   13588       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13589     }
   13590   }
   13591   std::string parameters_bytes;
   13592   rc = Parse_TPMS_ALGORITHM_DETAIL_ECC(&buffer, parameters, &parameters_bytes);
   13593   if (rc != TPM_RC_SUCCESS) {
   13594     return rc;
   13595   }
   13596   return TPM_RC_SUCCESS;
   13597 }
   13598 
   13599 void ECC_ParametersErrorCallback(const Tpm::ECC_ParametersResponse& callback,
   13600                                  TPM_RC response_code) {
   13601   VLOG(1) << __func__;
   13602   callback.Run(response_code, TPMS_ALGORITHM_DETAIL_ECC());
   13603 }
   13604 
   13605 void ECC_ParametersResponseParser(const Tpm::ECC_ParametersResponse& callback,
   13606                                   AuthorizationDelegate* authorization_delegate,
   13607                                   const std::string& response) {
   13608   VLOG(1) << __func__;
   13609   base::Callback<void(TPM_RC)> error_reporter =
   13610       base::Bind(ECC_ParametersErrorCallback, callback);
   13611   TPMS_ALGORITHM_DETAIL_ECC parameters;
   13612   TPM_RC rc = Tpm::ParseResponse_ECC_Parameters(response, &parameters,
   13613                                                 authorization_delegate);
   13614   if (rc != TPM_RC_SUCCESS) {
   13615     error_reporter.Run(rc);
   13616     return;
   13617   }
   13618   callback.Run(rc, parameters);
   13619 }
   13620 
   13621 void Tpm::ECC_Parameters(const TPMI_ECC_CURVE& curve_id,
   13622                          AuthorizationDelegate* authorization_delegate,
   13623                          const ECC_ParametersResponse& callback) {
   13624   VLOG(1) << __func__;
   13625   base::Callback<void(TPM_RC)> error_reporter =
   13626       base::Bind(ECC_ParametersErrorCallback, callback);
   13627   base::Callback<void(const std::string&)> parser = base::Bind(
   13628       ECC_ParametersResponseParser, callback, authorization_delegate);
   13629   std::string command;
   13630   TPM_RC rc = SerializeCommand_ECC_Parameters(curve_id, &command,
   13631                                               authorization_delegate);
   13632   if (rc != TPM_RC_SUCCESS) {
   13633     error_reporter.Run(rc);
   13634     return;
   13635   }
   13636   transceiver_->SendCommand(command, parser);
   13637 }
   13638 
   13639 TPM_RC Tpm::ECC_ParametersSync(const TPMI_ECC_CURVE& curve_id,
   13640                                TPMS_ALGORITHM_DETAIL_ECC* parameters,
   13641                                AuthorizationDelegate* authorization_delegate) {
   13642   VLOG(1) << __func__;
   13643   std::string command;
   13644   TPM_RC rc = SerializeCommand_ECC_Parameters(curve_id, &command,
   13645                                               authorization_delegate);
   13646   if (rc != TPM_RC_SUCCESS) {
   13647     return rc;
   13648   }
   13649   std::string response = transceiver_->SendCommandAndWait(command);
   13650   rc = ParseResponse_ECC_Parameters(response, parameters,
   13651                                     authorization_delegate);
   13652   return rc;
   13653 }
   13654 
   13655 TPM_RC Tpm::SerializeCommand_ZGen_2Phase(
   13656     const TPMI_DH_OBJECT& key_a,
   13657     const std::string& key_a_name,
   13658     const TPM2B_ECC_POINT& in_qs_b,
   13659     const TPM2B_ECC_POINT& in_qe_b,
   13660     const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   13661     const UINT16& counter,
   13662     std::string* serialized_command,
   13663     AuthorizationDelegate* authorization_delegate) {
   13664   VLOG(3) << __func__;
   13665   TPM_RC rc = TPM_RC_SUCCESS;
   13666   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13667   UINT32 command_size = 10;  // Header size.
   13668   std::string handle_section_bytes;
   13669   std::string parameter_section_bytes;
   13670   TPM_CC command_code = TPM_CC_ZGen_2Phase;
   13671   bool is_command_parameter_encryption_possible = true;
   13672   bool is_response_parameter_encryption_possible = true;
   13673   std::string command_code_bytes;
   13674   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13675   if (rc != TPM_RC_SUCCESS) {
   13676     return rc;
   13677   }
   13678   std::string key_a_bytes;
   13679   rc = Serialize_TPMI_DH_OBJECT(key_a, &key_a_bytes);
   13680   if (rc != TPM_RC_SUCCESS) {
   13681     return rc;
   13682   }
   13683   std::string in_qs_b_bytes;
   13684   rc = Serialize_TPM2B_ECC_POINT(in_qs_b, &in_qs_b_bytes);
   13685   if (rc != TPM_RC_SUCCESS) {
   13686     return rc;
   13687   }
   13688   std::string in_qe_b_bytes;
   13689   rc = Serialize_TPM2B_ECC_POINT(in_qe_b, &in_qe_b_bytes);
   13690   if (rc != TPM_RC_SUCCESS) {
   13691     return rc;
   13692   }
   13693   std::string in_scheme_bytes;
   13694   rc = Serialize_TPMI_ECC_KEY_EXCHANGE(in_scheme, &in_scheme_bytes);
   13695   if (rc != TPM_RC_SUCCESS) {
   13696     return rc;
   13697   }
   13698   std::string counter_bytes;
   13699   rc = Serialize_UINT16(counter, &counter_bytes);
   13700   if (rc != TPM_RC_SUCCESS) {
   13701     return rc;
   13702   }
   13703   if (authorization_delegate) {
   13704     // Encrypt just the parameter data, not the size.
   13705     std::string tmp = in_qs_b_bytes.substr(2);
   13706     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   13707       return TRUNKS_RC_ENCRYPTION_FAILED;
   13708     }
   13709     in_qs_b_bytes.replace(2, std::string::npos, tmp);
   13710   }
   13711   std::unique_ptr<crypto::SecureHash> hash(
   13712       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13713   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13714   hash->Update(key_a_name.data(), key_a_name.size());
   13715   handle_section_bytes += key_a_bytes;
   13716   command_size += key_a_bytes.size();
   13717   hash->Update(in_qs_b_bytes.data(), in_qs_b_bytes.size());
   13718   parameter_section_bytes += in_qs_b_bytes;
   13719   command_size += in_qs_b_bytes.size();
   13720   hash->Update(in_qe_b_bytes.data(), in_qe_b_bytes.size());
   13721   parameter_section_bytes += in_qe_b_bytes;
   13722   command_size += in_qe_b_bytes.size();
   13723   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   13724   parameter_section_bytes += in_scheme_bytes;
   13725   command_size += in_scheme_bytes.size();
   13726   hash->Update(counter_bytes.data(), counter_bytes.size());
   13727   parameter_section_bytes += counter_bytes;
   13728   command_size += counter_bytes.size();
   13729   std::string command_hash(32, 0);
   13730   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   13731   std::string authorization_section_bytes;
   13732   std::string authorization_size_bytes;
   13733   if (authorization_delegate) {
   13734     if (!authorization_delegate->GetCommandAuthorization(
   13735             command_hash, is_command_parameter_encryption_possible,
   13736             is_response_parameter_encryption_possible,
   13737             &authorization_section_bytes)) {
   13738       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13739     }
   13740     if (!authorization_section_bytes.empty()) {
   13741       tag = TPM_ST_SESSIONS;
   13742       std::string tmp;
   13743       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13744                             &authorization_size_bytes);
   13745       if (rc != TPM_RC_SUCCESS) {
   13746         return rc;
   13747       }
   13748       command_size +=
   13749           authorization_size_bytes.size() + authorization_section_bytes.size();
   13750     }
   13751   }
   13752   std::string tag_bytes;
   13753   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   13754   if (rc != TPM_RC_SUCCESS) {
   13755     return rc;
   13756   }
   13757   std::string command_size_bytes;
   13758   rc = Serialize_UINT32(command_size, &command_size_bytes);
   13759   if (rc != TPM_RC_SUCCESS) {
   13760     return rc;
   13761   }
   13762   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   13763                         handle_section_bytes + authorization_size_bytes +
   13764                         authorization_section_bytes + parameter_section_bytes;
   13765   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13766   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13767                                             serialized_command->size());
   13768   return TPM_RC_SUCCESS;
   13769 }
   13770 
   13771 TPM_RC Tpm::ParseResponse_ZGen_2Phase(
   13772     const std::string& response,
   13773     TPM2B_ECC_POINT* out_z1,
   13774     TPM2B_ECC_POINT* out_z2,
   13775     AuthorizationDelegate* authorization_delegate) {
   13776   VLOG(3) << __func__;
   13777   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13778   TPM_RC rc = TPM_RC_SUCCESS;
   13779   std::string buffer(response);
   13780   TPM_ST tag;
   13781   std::string tag_bytes;
   13782   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   13783   if (rc != TPM_RC_SUCCESS) {
   13784     return rc;
   13785   }
   13786   UINT32 response_size;
   13787   std::string response_size_bytes;
   13788   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   13789   if (rc != TPM_RC_SUCCESS) {
   13790     return rc;
   13791   }
   13792   TPM_RC response_code;
   13793   std::string response_code_bytes;
   13794   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   13795   if (rc != TPM_RC_SUCCESS) {
   13796     return rc;
   13797   }
   13798   if (response_size != response.size()) {
   13799     return TPM_RC_SIZE;
   13800   }
   13801   if (response_code != TPM_RC_SUCCESS) {
   13802     return response_code;
   13803   }
   13804   TPM_CC command_code = TPM_CC_ZGen_2Phase;
   13805   std::string command_code_bytes;
   13806   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13807   if (rc != TPM_RC_SUCCESS) {
   13808     return rc;
   13809   }
   13810   std::string authorization_section_bytes;
   13811   if (tag == TPM_ST_SESSIONS) {
   13812     UINT32 parameter_section_size = buffer.size();
   13813     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13814     if (rc != TPM_RC_SUCCESS) {
   13815       return rc;
   13816     }
   13817     if (parameter_section_size > buffer.size()) {
   13818       return TPM_RC_INSUFFICIENT;
   13819     }
   13820     authorization_section_bytes = buffer.substr(parameter_section_size);
   13821     // Keep the parameter section in |buffer|.
   13822     buffer.erase(parameter_section_size);
   13823   }
   13824   std::unique_ptr<crypto::SecureHash> hash(
   13825       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13826   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   13827   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13828   hash->Update(buffer.data(), buffer.size());
   13829   std::string response_hash(32, 0);
   13830   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   13831   if (tag == TPM_ST_SESSIONS) {
   13832     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13833     if (!authorization_delegate->CheckResponseAuthorization(
   13834             response_hash, authorization_section_bytes)) {
   13835       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13836     }
   13837   }
   13838   std::string out_z1_bytes;
   13839   rc = Parse_TPM2B_ECC_POINT(&buffer, out_z1, &out_z1_bytes);
   13840   if (rc != TPM_RC_SUCCESS) {
   13841     return rc;
   13842   }
   13843   std::string out_z2_bytes;
   13844   rc = Parse_TPM2B_ECC_POINT(&buffer, out_z2, &out_z2_bytes);
   13845   if (rc != TPM_RC_SUCCESS) {
   13846     return rc;
   13847   }
   13848   if (tag == TPM_ST_SESSIONS) {
   13849     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13850     // Decrypt just the parameter data, not the size.
   13851     std::string tmp = out_z1_bytes.substr(2);
   13852     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13853       return TRUNKS_RC_ENCRYPTION_FAILED;
   13854     }
   13855     out_z1_bytes.replace(2, std::string::npos, tmp);
   13856     rc = Parse_TPM2B_ECC_POINT(&out_z1_bytes, out_z1, nullptr);
   13857     if (rc != TPM_RC_SUCCESS) {
   13858       return rc;
   13859     }
   13860   }
   13861   return TPM_RC_SUCCESS;
   13862 }
   13863 
   13864 void ZGen_2PhaseErrorCallback(const Tpm::ZGen_2PhaseResponse& callback,
   13865                               TPM_RC response_code) {
   13866   VLOG(1) << __func__;
   13867   callback.Run(response_code, TPM2B_ECC_POINT(), TPM2B_ECC_POINT());
   13868 }
   13869 
   13870 void ZGen_2PhaseResponseParser(const Tpm::ZGen_2PhaseResponse& callback,
   13871                                AuthorizationDelegate* authorization_delegate,
   13872                                const std::string& response) {
   13873   VLOG(1) << __func__;
   13874   base::Callback<void(TPM_RC)> error_reporter =
   13875       base::Bind(ZGen_2PhaseErrorCallback, callback);
   13876   TPM2B_ECC_POINT out_z1;
   13877   TPM2B_ECC_POINT out_z2;
   13878   TPM_RC rc = Tpm::ParseResponse_ZGen_2Phase(response, &out_z1, &out_z2,
   13879                                              authorization_delegate);
   13880   if (rc != TPM_RC_SUCCESS) {
   13881     error_reporter.Run(rc);
   13882     return;
   13883   }
   13884   callback.Run(rc, out_z1, out_z2);
   13885 }
   13886 
   13887 void Tpm::ZGen_2Phase(const TPMI_DH_OBJECT& key_a,
   13888                       const std::string& key_a_name,
   13889                       const TPM2B_ECC_POINT& in_qs_b,
   13890                       const TPM2B_ECC_POINT& in_qe_b,
   13891                       const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   13892                       const UINT16& counter,
   13893                       AuthorizationDelegate* authorization_delegate,
   13894                       const ZGen_2PhaseResponse& callback) {
   13895   VLOG(1) << __func__;
   13896   base::Callback<void(TPM_RC)> error_reporter =
   13897       base::Bind(ZGen_2PhaseErrorCallback, callback);
   13898   base::Callback<void(const std::string&)> parser =
   13899       base::Bind(ZGen_2PhaseResponseParser, callback, authorization_delegate);
   13900   std::string command;
   13901   TPM_RC rc = SerializeCommand_ZGen_2Phase(key_a, key_a_name, in_qs_b, in_qe_b,
   13902                                            in_scheme, counter, &command,
   13903                                            authorization_delegate);
   13904   if (rc != TPM_RC_SUCCESS) {
   13905     error_reporter.Run(rc);
   13906     return;
   13907   }
   13908   transceiver_->SendCommand(command, parser);
   13909 }
   13910 
   13911 TPM_RC Tpm::ZGen_2PhaseSync(const TPMI_DH_OBJECT& key_a,
   13912                             const std::string& key_a_name,
   13913                             const TPM2B_ECC_POINT& in_qs_b,
   13914                             const TPM2B_ECC_POINT& in_qe_b,
   13915                             const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   13916                             const UINT16& counter,
   13917                             TPM2B_ECC_POINT* out_z1,
   13918                             TPM2B_ECC_POINT* out_z2,
   13919                             AuthorizationDelegate* authorization_delegate) {
   13920   VLOG(1) << __func__;
   13921   std::string command;
   13922   TPM_RC rc = SerializeCommand_ZGen_2Phase(key_a, key_a_name, in_qs_b, in_qe_b,
   13923                                            in_scheme, counter, &command,
   13924                                            authorization_delegate);
   13925   if (rc != TPM_RC_SUCCESS) {
   13926     return rc;
   13927   }
   13928   std::string response = transceiver_->SendCommandAndWait(command);
   13929   rc = ParseResponse_ZGen_2Phase(response, out_z1, out_z2,
   13930                                  authorization_delegate);
   13931   return rc;
   13932 }
   13933 
   13934 TPM_RC Tpm::SerializeCommand_EncryptDecrypt(
   13935     const TPMI_DH_OBJECT& key_handle,
   13936     const std::string& key_handle_name,
   13937     const TPMI_YES_NO& decrypt,
   13938     const TPMI_ALG_SYM_MODE& mode,
   13939     const TPM2B_IV& iv_in,
   13940     const TPM2B_MAX_BUFFER& in_data,
   13941     std::string* serialized_command,
   13942     AuthorizationDelegate* authorization_delegate) {
   13943   VLOG(3) << __func__;
   13944   TPM_RC rc = TPM_RC_SUCCESS;
   13945   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13946   UINT32 command_size = 10;  // Header size.
   13947   std::string handle_section_bytes;
   13948   std::string parameter_section_bytes;
   13949   TPM_CC command_code = TPM_CC_EncryptDecrypt;
   13950   bool is_command_parameter_encryption_possible = false;
   13951   bool is_response_parameter_encryption_possible = true;
   13952   std::string command_code_bytes;
   13953   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   13954   if (rc != TPM_RC_SUCCESS) {
   13955     return rc;
   13956   }
   13957   std::string key_handle_bytes;
   13958   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   13959   if (rc != TPM_RC_SUCCESS) {
   13960     return rc;
   13961   }
   13962   std::string decrypt_bytes;
   13963   rc = Serialize_TPMI_YES_NO(decrypt, &decrypt_bytes);
   13964   if (rc != TPM_RC_SUCCESS) {
   13965     return rc;
   13966   }
   13967   std::string mode_bytes;
   13968   rc = Serialize_TPMI_ALG_SYM_MODE(mode, &mode_bytes);
   13969   if (rc != TPM_RC_SUCCESS) {
   13970     return rc;
   13971   }
   13972   std::string iv_in_bytes;
   13973   rc = Serialize_TPM2B_IV(iv_in, &iv_in_bytes);
   13974   if (rc != TPM_RC_SUCCESS) {
   13975     return rc;
   13976   }
   13977   std::string in_data_bytes;
   13978   rc = Serialize_TPM2B_MAX_BUFFER(in_data, &in_data_bytes);
   13979   if (rc != TPM_RC_SUCCESS) {
   13980     return rc;
   13981   }
   13982   std::unique_ptr<crypto::SecureHash> hash(
   13983       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   13984   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   13985   hash->Update(key_handle_name.data(), key_handle_name.size());
   13986   handle_section_bytes += key_handle_bytes;
   13987   command_size += key_handle_bytes.size();
   13988   hash->Update(decrypt_bytes.data(), decrypt_bytes.size());
   13989   parameter_section_bytes += decrypt_bytes;
   13990   command_size += decrypt_bytes.size();
   13991   hash->Update(mode_bytes.data(), mode_bytes.size());
   13992   parameter_section_bytes += mode_bytes;
   13993   command_size += mode_bytes.size();
   13994   hash->Update(iv_in_bytes.data(), iv_in_bytes.size());
   13995   parameter_section_bytes += iv_in_bytes;
   13996   command_size += iv_in_bytes.size();
   13997   hash->Update(in_data_bytes.data(), in_data_bytes.size());
   13998   parameter_section_bytes += in_data_bytes;
   13999   command_size += in_data_bytes.size();
   14000   std::string command_hash(32, 0);
   14001   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   14002   std::string authorization_section_bytes;
   14003   std::string authorization_size_bytes;
   14004   if (authorization_delegate) {
   14005     if (!authorization_delegate->GetCommandAuthorization(
   14006             command_hash, is_command_parameter_encryption_possible,
   14007             is_response_parameter_encryption_possible,
   14008             &authorization_section_bytes)) {
   14009       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14010     }
   14011     if (!authorization_section_bytes.empty()) {
   14012       tag = TPM_ST_SESSIONS;
   14013       std::string tmp;
   14014       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14015                             &authorization_size_bytes);
   14016       if (rc != TPM_RC_SUCCESS) {
   14017         return rc;
   14018       }
   14019       command_size +=
   14020           authorization_size_bytes.size() + authorization_section_bytes.size();
   14021     }
   14022   }
   14023   std::string tag_bytes;
   14024   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   14025   if (rc != TPM_RC_SUCCESS) {
   14026     return rc;
   14027   }
   14028   std::string command_size_bytes;
   14029   rc = Serialize_UINT32(command_size, &command_size_bytes);
   14030   if (rc != TPM_RC_SUCCESS) {
   14031     return rc;
   14032   }
   14033   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   14034                         handle_section_bytes + authorization_size_bytes +
   14035                         authorization_section_bytes + parameter_section_bytes;
   14036   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14037   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14038                                             serialized_command->size());
   14039   return TPM_RC_SUCCESS;
   14040 }
   14041 
   14042 TPM_RC Tpm::ParseResponse_EncryptDecrypt(
   14043     const std::string& response,
   14044     TPM2B_MAX_BUFFER* out_data,
   14045     TPM2B_IV* iv_out,
   14046     AuthorizationDelegate* authorization_delegate) {
   14047   VLOG(3) << __func__;
   14048   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14049   TPM_RC rc = TPM_RC_SUCCESS;
   14050   std::string buffer(response);
   14051   TPM_ST tag;
   14052   std::string tag_bytes;
   14053   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   14054   if (rc != TPM_RC_SUCCESS) {
   14055     return rc;
   14056   }
   14057   UINT32 response_size;
   14058   std::string response_size_bytes;
   14059   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   14060   if (rc != TPM_RC_SUCCESS) {
   14061     return rc;
   14062   }
   14063   TPM_RC response_code;
   14064   std::string response_code_bytes;
   14065   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   14066   if (rc != TPM_RC_SUCCESS) {
   14067     return rc;
   14068   }
   14069   if (response_size != response.size()) {
   14070     return TPM_RC_SIZE;
   14071   }
   14072   if (response_code != TPM_RC_SUCCESS) {
   14073     return response_code;
   14074   }
   14075   TPM_CC command_code = TPM_CC_EncryptDecrypt;
   14076   std::string command_code_bytes;
   14077   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14078   if (rc != TPM_RC_SUCCESS) {
   14079     return rc;
   14080   }
   14081   std::string authorization_section_bytes;
   14082   if (tag == TPM_ST_SESSIONS) {
   14083     UINT32 parameter_section_size = buffer.size();
   14084     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14085     if (rc != TPM_RC_SUCCESS) {
   14086       return rc;
   14087     }
   14088     if (parameter_section_size > buffer.size()) {
   14089       return TPM_RC_INSUFFICIENT;
   14090     }
   14091     authorization_section_bytes = buffer.substr(parameter_section_size);
   14092     // Keep the parameter section in |buffer|.
   14093     buffer.erase(parameter_section_size);
   14094   }
   14095   std::unique_ptr<crypto::SecureHash> hash(
   14096       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14097   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   14098   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14099   hash->Update(buffer.data(), buffer.size());
   14100   std::string response_hash(32, 0);
   14101   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   14102   if (tag == TPM_ST_SESSIONS) {
   14103     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14104     if (!authorization_delegate->CheckResponseAuthorization(
   14105             response_hash, authorization_section_bytes)) {
   14106       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14107     }
   14108   }
   14109   std::string out_data_bytes;
   14110   rc = Parse_TPM2B_MAX_BUFFER(&buffer, out_data, &out_data_bytes);
   14111   if (rc != TPM_RC_SUCCESS) {
   14112     return rc;
   14113   }
   14114   std::string iv_out_bytes;
   14115   rc = Parse_TPM2B_IV(&buffer, iv_out, &iv_out_bytes);
   14116   if (rc != TPM_RC_SUCCESS) {
   14117     return rc;
   14118   }
   14119   if (tag == TPM_ST_SESSIONS) {
   14120     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14121     // Decrypt just the parameter data, not the size.
   14122     std::string tmp = out_data_bytes.substr(2);
   14123     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14124       return TRUNKS_RC_ENCRYPTION_FAILED;
   14125     }
   14126     out_data_bytes.replace(2, std::string::npos, tmp);
   14127     rc = Parse_TPM2B_MAX_BUFFER(&out_data_bytes, out_data, nullptr);
   14128     if (rc != TPM_RC_SUCCESS) {
   14129       return rc;
   14130     }
   14131   }
   14132   return TPM_RC_SUCCESS;
   14133 }
   14134 
   14135 void EncryptDecryptErrorCallback(const Tpm::EncryptDecryptResponse& callback,
   14136                                  TPM_RC response_code) {
   14137   VLOG(1) << __func__;
   14138   callback.Run(response_code, TPM2B_MAX_BUFFER(), TPM2B_IV());
   14139 }
   14140 
   14141 void EncryptDecryptResponseParser(const Tpm::EncryptDecryptResponse& callback,
   14142                                   AuthorizationDelegate* authorization_delegate,
   14143                                   const std::string& response) {
   14144   VLOG(1) << __func__;
   14145   base::Callback<void(TPM_RC)> error_reporter =
   14146       base::Bind(EncryptDecryptErrorCallback, callback);
   14147   TPM2B_MAX_BUFFER out_data;
   14148   TPM2B_IV iv_out;
   14149   TPM_RC rc = Tpm::ParseResponse_EncryptDecrypt(response, &out_data, &iv_out,
   14150                                                 authorization_delegate);
   14151   if (rc != TPM_RC_SUCCESS) {
   14152     error_reporter.Run(rc);
   14153     return;
   14154   }
   14155   callback.Run(rc, out_data, iv_out);
   14156 }
   14157 
   14158 void Tpm::EncryptDecrypt(const TPMI_DH_OBJECT& key_handle,
   14159                          const std::string& key_handle_name,
   14160                          const TPMI_YES_NO& decrypt,
   14161                          const TPMI_ALG_SYM_MODE& mode,
   14162                          const TPM2B_IV& iv_in,
   14163                          const TPM2B_MAX_BUFFER& in_data,
   14164                          AuthorizationDelegate* authorization_delegate,
   14165                          const EncryptDecryptResponse& callback) {
   14166   VLOG(1) << __func__;
   14167   base::Callback<void(TPM_RC)> error_reporter =
   14168       base::Bind(EncryptDecryptErrorCallback, callback);
   14169   base::Callback<void(const std::string&)> parser = base::Bind(
   14170       EncryptDecryptResponseParser, callback, authorization_delegate);
   14171   std::string command;
   14172   TPM_RC rc = SerializeCommand_EncryptDecrypt(key_handle, key_handle_name,
   14173                                               decrypt, mode, iv_in, in_data,
   14174                                               &command, authorization_delegate);
   14175   if (rc != TPM_RC_SUCCESS) {
   14176     error_reporter.Run(rc);
   14177     return;
   14178   }
   14179   transceiver_->SendCommand(command, parser);
   14180 }
   14181 
   14182 TPM_RC Tpm::EncryptDecryptSync(const TPMI_DH_OBJECT& key_handle,
   14183                                const std::string& key_handle_name,
   14184                                const TPMI_YES_NO& decrypt,
   14185                                const TPMI_ALG_SYM_MODE& mode,
   14186                                const TPM2B_IV& iv_in,
   14187                                const TPM2B_MAX_BUFFER& in_data,
   14188                                TPM2B_MAX_BUFFER* out_data,
   14189                                TPM2B_IV* iv_out,
   14190                                AuthorizationDelegate* authorization_delegate) {
   14191   VLOG(1) << __func__;
   14192   std::string command;
   14193   TPM_RC rc = SerializeCommand_EncryptDecrypt(key_handle, key_handle_name,
   14194                                               decrypt, mode, iv_in, in_data,
   14195                                               &command, authorization_delegate);
   14196   if (rc != TPM_RC_SUCCESS) {
   14197     return rc;
   14198   }
   14199   std::string response = transceiver_->SendCommandAndWait(command);
   14200   rc = ParseResponse_EncryptDecrypt(response, out_data, iv_out,
   14201                                     authorization_delegate);
   14202   return rc;
   14203 }
   14204 
   14205 TPM_RC Tpm::SerializeCommand_Hash(
   14206     const TPM2B_MAX_BUFFER& data,
   14207     const TPMI_ALG_HASH& hash_alg,
   14208     const TPMI_RH_HIERARCHY& hierarchy,
   14209     std::string* serialized_command,
   14210     AuthorizationDelegate* authorization_delegate) {
   14211   VLOG(3) << __func__;
   14212   TPM_RC rc = TPM_RC_SUCCESS;
   14213   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14214   UINT32 command_size = 10;  // Header size.
   14215   std::string handle_section_bytes;
   14216   std::string parameter_section_bytes;
   14217   TPM_CC command_code = TPM_CC_Hash;
   14218   bool is_command_parameter_encryption_possible = true;
   14219   bool is_response_parameter_encryption_possible = true;
   14220   std::string command_code_bytes;
   14221   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14222   if (rc != TPM_RC_SUCCESS) {
   14223     return rc;
   14224   }
   14225   std::string data_bytes;
   14226   rc = Serialize_TPM2B_MAX_BUFFER(data, &data_bytes);
   14227   if (rc != TPM_RC_SUCCESS) {
   14228     return rc;
   14229   }
   14230   std::string hash_alg_bytes;
   14231   rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes);
   14232   if (rc != TPM_RC_SUCCESS) {
   14233     return rc;
   14234   }
   14235   std::string hierarchy_bytes;
   14236   rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes);
   14237   if (rc != TPM_RC_SUCCESS) {
   14238     return rc;
   14239   }
   14240   if (authorization_delegate) {
   14241     // Encrypt just the parameter data, not the size.
   14242     std::string tmp = data_bytes.substr(2);
   14243     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   14244       return TRUNKS_RC_ENCRYPTION_FAILED;
   14245     }
   14246     data_bytes.replace(2, std::string::npos, tmp);
   14247   }
   14248   std::unique_ptr<crypto::SecureHash> hash(
   14249       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14250   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14251   hash->Update(data_bytes.data(), data_bytes.size());
   14252   parameter_section_bytes += data_bytes;
   14253   command_size += data_bytes.size();
   14254   hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size());
   14255   parameter_section_bytes += hash_alg_bytes;
   14256   command_size += hash_alg_bytes.size();
   14257   hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size());
   14258   parameter_section_bytes += hierarchy_bytes;
   14259   command_size += hierarchy_bytes.size();
   14260   std::string command_hash(32, 0);
   14261   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   14262   std::string authorization_section_bytes;
   14263   std::string authorization_size_bytes;
   14264   if (authorization_delegate) {
   14265     if (!authorization_delegate->GetCommandAuthorization(
   14266             command_hash, is_command_parameter_encryption_possible,
   14267             is_response_parameter_encryption_possible,
   14268             &authorization_section_bytes)) {
   14269       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14270     }
   14271     if (!authorization_section_bytes.empty()) {
   14272       tag = TPM_ST_SESSIONS;
   14273       std::string tmp;
   14274       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14275                             &authorization_size_bytes);
   14276       if (rc != TPM_RC_SUCCESS) {
   14277         return rc;
   14278       }
   14279       command_size +=
   14280           authorization_size_bytes.size() + authorization_section_bytes.size();
   14281     }
   14282   }
   14283   std::string tag_bytes;
   14284   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   14285   if (rc != TPM_RC_SUCCESS) {
   14286     return rc;
   14287   }
   14288   std::string command_size_bytes;
   14289   rc = Serialize_UINT32(command_size, &command_size_bytes);
   14290   if (rc != TPM_RC_SUCCESS) {
   14291     return rc;
   14292   }
   14293   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   14294                         handle_section_bytes + authorization_size_bytes +
   14295                         authorization_section_bytes + parameter_section_bytes;
   14296   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14297   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14298                                             serialized_command->size());
   14299   return TPM_RC_SUCCESS;
   14300 }
   14301 
   14302 TPM_RC Tpm::ParseResponse_Hash(const std::string& response,
   14303                                TPM2B_DIGEST* out_hash,
   14304                                TPMT_TK_HASHCHECK* validation,
   14305                                AuthorizationDelegate* authorization_delegate) {
   14306   VLOG(3) << __func__;
   14307   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14308   TPM_RC rc = TPM_RC_SUCCESS;
   14309   std::string buffer(response);
   14310   TPM_ST tag;
   14311   std::string tag_bytes;
   14312   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   14313   if (rc != TPM_RC_SUCCESS) {
   14314     return rc;
   14315   }
   14316   UINT32 response_size;
   14317   std::string response_size_bytes;
   14318   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   14319   if (rc != TPM_RC_SUCCESS) {
   14320     return rc;
   14321   }
   14322   TPM_RC response_code;
   14323   std::string response_code_bytes;
   14324   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   14325   if (rc != TPM_RC_SUCCESS) {
   14326     return rc;
   14327   }
   14328   if (response_size != response.size()) {
   14329     return TPM_RC_SIZE;
   14330   }
   14331   if (response_code != TPM_RC_SUCCESS) {
   14332     return response_code;
   14333   }
   14334   TPM_CC command_code = TPM_CC_Hash;
   14335   std::string command_code_bytes;
   14336   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14337   if (rc != TPM_RC_SUCCESS) {
   14338     return rc;
   14339   }
   14340   std::string authorization_section_bytes;
   14341   if (tag == TPM_ST_SESSIONS) {
   14342     UINT32 parameter_section_size = buffer.size();
   14343     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14344     if (rc != TPM_RC_SUCCESS) {
   14345       return rc;
   14346     }
   14347     if (parameter_section_size > buffer.size()) {
   14348       return TPM_RC_INSUFFICIENT;
   14349     }
   14350     authorization_section_bytes = buffer.substr(parameter_section_size);
   14351     // Keep the parameter section in |buffer|.
   14352     buffer.erase(parameter_section_size);
   14353   }
   14354   std::unique_ptr<crypto::SecureHash> hash(
   14355       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14356   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   14357   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14358   hash->Update(buffer.data(), buffer.size());
   14359   std::string response_hash(32, 0);
   14360   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   14361   if (tag == TPM_ST_SESSIONS) {
   14362     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14363     if (!authorization_delegate->CheckResponseAuthorization(
   14364             response_hash, authorization_section_bytes)) {
   14365       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14366     }
   14367   }
   14368   std::string out_hash_bytes;
   14369   rc = Parse_TPM2B_DIGEST(&buffer, out_hash, &out_hash_bytes);
   14370   if (rc != TPM_RC_SUCCESS) {
   14371     return rc;
   14372   }
   14373   std::string validation_bytes;
   14374   rc = Parse_TPMT_TK_HASHCHECK(&buffer, validation, &validation_bytes);
   14375   if (rc != TPM_RC_SUCCESS) {
   14376     return rc;
   14377   }
   14378   if (tag == TPM_ST_SESSIONS) {
   14379     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14380     // Decrypt just the parameter data, not the size.
   14381     std::string tmp = out_hash_bytes.substr(2);
   14382     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14383       return TRUNKS_RC_ENCRYPTION_FAILED;
   14384     }
   14385     out_hash_bytes.replace(2, std::string::npos, tmp);
   14386     rc = Parse_TPM2B_DIGEST(&out_hash_bytes, out_hash, nullptr);
   14387     if (rc != TPM_RC_SUCCESS) {
   14388       return rc;
   14389     }
   14390   }
   14391   return TPM_RC_SUCCESS;
   14392 }
   14393 
   14394 void HashErrorCallback(const Tpm::HashResponse& callback,
   14395                        TPM_RC response_code) {
   14396   VLOG(1) << __func__;
   14397   callback.Run(response_code, TPM2B_DIGEST(), TPMT_TK_HASHCHECK());
   14398 }
   14399 
   14400 void HashResponseParser(const Tpm::HashResponse& callback,
   14401                         AuthorizationDelegate* authorization_delegate,
   14402                         const std::string& response) {
   14403   VLOG(1) << __func__;
   14404   base::Callback<void(TPM_RC)> error_reporter =
   14405       base::Bind(HashErrorCallback, callback);
   14406   TPM2B_DIGEST out_hash;
   14407   TPMT_TK_HASHCHECK validation;
   14408   TPM_RC rc = Tpm::ParseResponse_Hash(response, &out_hash, &validation,
   14409                                       authorization_delegate);
   14410   if (rc != TPM_RC_SUCCESS) {
   14411     error_reporter.Run(rc);
   14412     return;
   14413   }
   14414   callback.Run(rc, out_hash, validation);
   14415 }
   14416 
   14417 void Tpm::Hash(const TPM2B_MAX_BUFFER& data,
   14418                const TPMI_ALG_HASH& hash_alg,
   14419                const TPMI_RH_HIERARCHY& hierarchy,
   14420                AuthorizationDelegate* authorization_delegate,
   14421                const HashResponse& callback) {
   14422   VLOG(1) << __func__;
   14423   base::Callback<void(TPM_RC)> error_reporter =
   14424       base::Bind(HashErrorCallback, callback);
   14425   base::Callback<void(const std::string&)> parser =
   14426       base::Bind(HashResponseParser, callback, authorization_delegate);
   14427   std::string command;
   14428   TPM_RC rc = SerializeCommand_Hash(data, hash_alg, hierarchy, &command,
   14429                                     authorization_delegate);
   14430   if (rc != TPM_RC_SUCCESS) {
   14431     error_reporter.Run(rc);
   14432     return;
   14433   }
   14434   transceiver_->SendCommand(command, parser);
   14435 }
   14436 
   14437 TPM_RC Tpm::HashSync(const TPM2B_MAX_BUFFER& data,
   14438                      const TPMI_ALG_HASH& hash_alg,
   14439                      const TPMI_RH_HIERARCHY& hierarchy,
   14440                      TPM2B_DIGEST* out_hash,
   14441                      TPMT_TK_HASHCHECK* validation,
   14442                      AuthorizationDelegate* authorization_delegate) {
   14443   VLOG(1) << __func__;
   14444   std::string command;
   14445   TPM_RC rc = SerializeCommand_Hash(data, hash_alg, hierarchy, &command,
   14446                                     authorization_delegate);
   14447   if (rc != TPM_RC_SUCCESS) {
   14448     return rc;
   14449   }
   14450   std::string response = transceiver_->SendCommandAndWait(command);
   14451   rc = ParseResponse_Hash(response, out_hash, validation,
   14452                           authorization_delegate);
   14453   return rc;
   14454 }
   14455 
   14456 TPM_RC Tpm::SerializeCommand_HMAC(
   14457     const TPMI_DH_OBJECT& handle,
   14458     const std::string& handle_name,
   14459     const TPM2B_MAX_BUFFER& buffer,
   14460     const TPMI_ALG_HASH& hash_alg,
   14461     std::string* serialized_command,
   14462     AuthorizationDelegate* authorization_delegate) {
   14463   VLOG(3) << __func__;
   14464   TPM_RC rc = TPM_RC_SUCCESS;
   14465   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14466   UINT32 command_size = 10;  // Header size.
   14467   std::string handle_section_bytes;
   14468   std::string parameter_section_bytes;
   14469   TPM_CC command_code = TPM_CC_HMAC;
   14470   bool is_command_parameter_encryption_possible = true;
   14471   bool is_response_parameter_encryption_possible = true;
   14472   std::string command_code_bytes;
   14473   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14474   if (rc != TPM_RC_SUCCESS) {
   14475     return rc;
   14476   }
   14477   std::string handle_bytes;
   14478   rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes);
   14479   if (rc != TPM_RC_SUCCESS) {
   14480     return rc;
   14481   }
   14482   std::string buffer_bytes;
   14483   rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes);
   14484   if (rc != TPM_RC_SUCCESS) {
   14485     return rc;
   14486   }
   14487   std::string hash_alg_bytes;
   14488   rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes);
   14489   if (rc != TPM_RC_SUCCESS) {
   14490     return rc;
   14491   }
   14492   if (authorization_delegate) {
   14493     // Encrypt just the parameter data, not the size.
   14494     std::string tmp = buffer_bytes.substr(2);
   14495     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   14496       return TRUNKS_RC_ENCRYPTION_FAILED;
   14497     }
   14498     buffer_bytes.replace(2, std::string::npos, tmp);
   14499   }
   14500   std::unique_ptr<crypto::SecureHash> hash(
   14501       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14502   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14503   hash->Update(handle_name.data(), handle_name.size());
   14504   handle_section_bytes += handle_bytes;
   14505   command_size += handle_bytes.size();
   14506   hash->Update(buffer_bytes.data(), buffer_bytes.size());
   14507   parameter_section_bytes += buffer_bytes;
   14508   command_size += buffer_bytes.size();
   14509   hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size());
   14510   parameter_section_bytes += hash_alg_bytes;
   14511   command_size += hash_alg_bytes.size();
   14512   std::string command_hash(32, 0);
   14513   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   14514   std::string authorization_section_bytes;
   14515   std::string authorization_size_bytes;
   14516   if (authorization_delegate) {
   14517     if (!authorization_delegate->GetCommandAuthorization(
   14518             command_hash, is_command_parameter_encryption_possible,
   14519             is_response_parameter_encryption_possible,
   14520             &authorization_section_bytes)) {
   14521       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14522     }
   14523     if (!authorization_section_bytes.empty()) {
   14524       tag = TPM_ST_SESSIONS;
   14525       std::string tmp;
   14526       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14527                             &authorization_size_bytes);
   14528       if (rc != TPM_RC_SUCCESS) {
   14529         return rc;
   14530       }
   14531       command_size +=
   14532           authorization_size_bytes.size() + authorization_section_bytes.size();
   14533     }
   14534   }
   14535   std::string tag_bytes;
   14536   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   14537   if (rc != TPM_RC_SUCCESS) {
   14538     return rc;
   14539   }
   14540   std::string command_size_bytes;
   14541   rc = Serialize_UINT32(command_size, &command_size_bytes);
   14542   if (rc != TPM_RC_SUCCESS) {
   14543     return rc;
   14544   }
   14545   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   14546                         handle_section_bytes + authorization_size_bytes +
   14547                         authorization_section_bytes + parameter_section_bytes;
   14548   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14549   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14550                                             serialized_command->size());
   14551   return TPM_RC_SUCCESS;
   14552 }
   14553 
   14554 TPM_RC Tpm::ParseResponse_HMAC(const std::string& response,
   14555                                TPM2B_DIGEST* out_hmac,
   14556                                AuthorizationDelegate* authorization_delegate) {
   14557   VLOG(3) << __func__;
   14558   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14559   TPM_RC rc = TPM_RC_SUCCESS;
   14560   std::string buffer(response);
   14561   TPM_ST tag;
   14562   std::string tag_bytes;
   14563   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   14564   if (rc != TPM_RC_SUCCESS) {
   14565     return rc;
   14566   }
   14567   UINT32 response_size;
   14568   std::string response_size_bytes;
   14569   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   14570   if (rc != TPM_RC_SUCCESS) {
   14571     return rc;
   14572   }
   14573   TPM_RC response_code;
   14574   std::string response_code_bytes;
   14575   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   14576   if (rc != TPM_RC_SUCCESS) {
   14577     return rc;
   14578   }
   14579   if (response_size != response.size()) {
   14580     return TPM_RC_SIZE;
   14581   }
   14582   if (response_code != TPM_RC_SUCCESS) {
   14583     return response_code;
   14584   }
   14585   TPM_CC command_code = TPM_CC_HMAC;
   14586   std::string command_code_bytes;
   14587   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14588   if (rc != TPM_RC_SUCCESS) {
   14589     return rc;
   14590   }
   14591   std::string authorization_section_bytes;
   14592   if (tag == TPM_ST_SESSIONS) {
   14593     UINT32 parameter_section_size = buffer.size();
   14594     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14595     if (rc != TPM_RC_SUCCESS) {
   14596       return rc;
   14597     }
   14598     if (parameter_section_size > buffer.size()) {
   14599       return TPM_RC_INSUFFICIENT;
   14600     }
   14601     authorization_section_bytes = buffer.substr(parameter_section_size);
   14602     // Keep the parameter section in |buffer|.
   14603     buffer.erase(parameter_section_size);
   14604   }
   14605   std::unique_ptr<crypto::SecureHash> hash(
   14606       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14607   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   14608   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14609   hash->Update(buffer.data(), buffer.size());
   14610   std::string response_hash(32, 0);
   14611   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   14612   if (tag == TPM_ST_SESSIONS) {
   14613     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14614     if (!authorization_delegate->CheckResponseAuthorization(
   14615             response_hash, authorization_section_bytes)) {
   14616       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14617     }
   14618   }
   14619   std::string out_hmac_bytes;
   14620   rc = Parse_TPM2B_DIGEST(&buffer, out_hmac, &out_hmac_bytes);
   14621   if (rc != TPM_RC_SUCCESS) {
   14622     return rc;
   14623   }
   14624   if (tag == TPM_ST_SESSIONS) {
   14625     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14626     // Decrypt just the parameter data, not the size.
   14627     std::string tmp = out_hmac_bytes.substr(2);
   14628     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14629       return TRUNKS_RC_ENCRYPTION_FAILED;
   14630     }
   14631     out_hmac_bytes.replace(2, std::string::npos, tmp);
   14632     rc = Parse_TPM2B_DIGEST(&out_hmac_bytes, out_hmac, nullptr);
   14633     if (rc != TPM_RC_SUCCESS) {
   14634       return rc;
   14635     }
   14636   }
   14637   return TPM_RC_SUCCESS;
   14638 }
   14639 
   14640 void HMACErrorCallback(const Tpm::HMACResponse& callback,
   14641                        TPM_RC response_code) {
   14642   VLOG(1) << __func__;
   14643   callback.Run(response_code, TPM2B_DIGEST());
   14644 }
   14645 
   14646 void HMACResponseParser(const Tpm::HMACResponse& callback,
   14647                         AuthorizationDelegate* authorization_delegate,
   14648                         const std::string& response) {
   14649   VLOG(1) << __func__;
   14650   base::Callback<void(TPM_RC)> error_reporter =
   14651       base::Bind(HMACErrorCallback, callback);
   14652   TPM2B_DIGEST out_hmac;
   14653   TPM_RC rc =
   14654       Tpm::ParseResponse_HMAC(response, &out_hmac, authorization_delegate);
   14655   if (rc != TPM_RC_SUCCESS) {
   14656     error_reporter.Run(rc);
   14657     return;
   14658   }
   14659   callback.Run(rc, out_hmac);
   14660 }
   14661 
   14662 void Tpm::HMAC(const TPMI_DH_OBJECT& handle,
   14663                const std::string& handle_name,
   14664                const TPM2B_MAX_BUFFER& buffer,
   14665                const TPMI_ALG_HASH& hash_alg,
   14666                AuthorizationDelegate* authorization_delegate,
   14667                const HMACResponse& callback) {
   14668   VLOG(1) << __func__;
   14669   base::Callback<void(TPM_RC)> error_reporter =
   14670       base::Bind(HMACErrorCallback, callback);
   14671   base::Callback<void(const std::string&)> parser =
   14672       base::Bind(HMACResponseParser, callback, authorization_delegate);
   14673   std::string command;
   14674   TPM_RC rc = SerializeCommand_HMAC(handle, handle_name, buffer, hash_alg,
   14675                                     &command, authorization_delegate);
   14676   if (rc != TPM_RC_SUCCESS) {
   14677     error_reporter.Run(rc);
   14678     return;
   14679   }
   14680   transceiver_->SendCommand(command, parser);
   14681 }
   14682 
   14683 TPM_RC Tpm::HMACSync(const TPMI_DH_OBJECT& handle,
   14684                      const std::string& handle_name,
   14685                      const TPM2B_MAX_BUFFER& buffer,
   14686                      const TPMI_ALG_HASH& hash_alg,
   14687                      TPM2B_DIGEST* out_hmac,
   14688                      AuthorizationDelegate* authorization_delegate) {
   14689   VLOG(1) << __func__;
   14690   std::string command;
   14691   TPM_RC rc = SerializeCommand_HMAC(handle, handle_name, buffer, hash_alg,
   14692                                     &command, authorization_delegate);
   14693   if (rc != TPM_RC_SUCCESS) {
   14694     return rc;
   14695   }
   14696   std::string response = transceiver_->SendCommandAndWait(command);
   14697   rc = ParseResponse_HMAC(response, out_hmac, authorization_delegate);
   14698   return rc;
   14699 }
   14700 
   14701 TPM_RC Tpm::SerializeCommand_GetRandom(
   14702     const UINT16& bytes_requested,
   14703     std::string* serialized_command,
   14704     AuthorizationDelegate* authorization_delegate) {
   14705   VLOG(3) << __func__;
   14706   TPM_RC rc = TPM_RC_SUCCESS;
   14707   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14708   UINT32 command_size = 10;  // Header size.
   14709   std::string handle_section_bytes;
   14710   std::string parameter_section_bytes;
   14711   TPM_CC command_code = TPM_CC_GetRandom;
   14712   bool is_command_parameter_encryption_possible = false;
   14713   bool is_response_parameter_encryption_possible = true;
   14714   std::string command_code_bytes;
   14715   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14716   if (rc != TPM_RC_SUCCESS) {
   14717     return rc;
   14718   }
   14719   std::string bytes_requested_bytes;
   14720   rc = Serialize_UINT16(bytes_requested, &bytes_requested_bytes);
   14721   if (rc != TPM_RC_SUCCESS) {
   14722     return rc;
   14723   }
   14724   std::unique_ptr<crypto::SecureHash> hash(
   14725       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14726   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14727   hash->Update(bytes_requested_bytes.data(), bytes_requested_bytes.size());
   14728   parameter_section_bytes += bytes_requested_bytes;
   14729   command_size += bytes_requested_bytes.size();
   14730   std::string command_hash(32, 0);
   14731   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   14732   std::string authorization_section_bytes;
   14733   std::string authorization_size_bytes;
   14734   if (authorization_delegate) {
   14735     if (!authorization_delegate->GetCommandAuthorization(
   14736             command_hash, is_command_parameter_encryption_possible,
   14737             is_response_parameter_encryption_possible,
   14738             &authorization_section_bytes)) {
   14739       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14740     }
   14741     if (!authorization_section_bytes.empty()) {
   14742       tag = TPM_ST_SESSIONS;
   14743       std::string tmp;
   14744       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14745                             &authorization_size_bytes);
   14746       if (rc != TPM_RC_SUCCESS) {
   14747         return rc;
   14748       }
   14749       command_size +=
   14750           authorization_size_bytes.size() + authorization_section_bytes.size();
   14751     }
   14752   }
   14753   std::string tag_bytes;
   14754   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   14755   if (rc != TPM_RC_SUCCESS) {
   14756     return rc;
   14757   }
   14758   std::string command_size_bytes;
   14759   rc = Serialize_UINT32(command_size, &command_size_bytes);
   14760   if (rc != TPM_RC_SUCCESS) {
   14761     return rc;
   14762   }
   14763   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   14764                         handle_section_bytes + authorization_size_bytes +
   14765                         authorization_section_bytes + parameter_section_bytes;
   14766   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14767   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14768                                             serialized_command->size());
   14769   return TPM_RC_SUCCESS;
   14770 }
   14771 
   14772 TPM_RC Tpm::ParseResponse_GetRandom(
   14773     const std::string& response,
   14774     TPM2B_DIGEST* random_bytes,
   14775     AuthorizationDelegate* authorization_delegate) {
   14776   VLOG(3) << __func__;
   14777   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14778   TPM_RC rc = TPM_RC_SUCCESS;
   14779   std::string buffer(response);
   14780   TPM_ST tag;
   14781   std::string tag_bytes;
   14782   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   14783   if (rc != TPM_RC_SUCCESS) {
   14784     return rc;
   14785   }
   14786   UINT32 response_size;
   14787   std::string response_size_bytes;
   14788   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   14789   if (rc != TPM_RC_SUCCESS) {
   14790     return rc;
   14791   }
   14792   TPM_RC response_code;
   14793   std::string response_code_bytes;
   14794   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   14795   if (rc != TPM_RC_SUCCESS) {
   14796     return rc;
   14797   }
   14798   if (response_size != response.size()) {
   14799     return TPM_RC_SIZE;
   14800   }
   14801   if (response_code != TPM_RC_SUCCESS) {
   14802     return response_code;
   14803   }
   14804   TPM_CC command_code = TPM_CC_GetRandom;
   14805   std::string command_code_bytes;
   14806   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14807   if (rc != TPM_RC_SUCCESS) {
   14808     return rc;
   14809   }
   14810   std::string authorization_section_bytes;
   14811   if (tag == TPM_ST_SESSIONS) {
   14812     UINT32 parameter_section_size = buffer.size();
   14813     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14814     if (rc != TPM_RC_SUCCESS) {
   14815       return rc;
   14816     }
   14817     if (parameter_section_size > buffer.size()) {
   14818       return TPM_RC_INSUFFICIENT;
   14819     }
   14820     authorization_section_bytes = buffer.substr(parameter_section_size);
   14821     // Keep the parameter section in |buffer|.
   14822     buffer.erase(parameter_section_size);
   14823   }
   14824   std::unique_ptr<crypto::SecureHash> hash(
   14825       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14826   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   14827   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14828   hash->Update(buffer.data(), buffer.size());
   14829   std::string response_hash(32, 0);
   14830   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   14831   if (tag == TPM_ST_SESSIONS) {
   14832     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14833     if (!authorization_delegate->CheckResponseAuthorization(
   14834             response_hash, authorization_section_bytes)) {
   14835       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14836     }
   14837   }
   14838   std::string random_bytes_bytes;
   14839   rc = Parse_TPM2B_DIGEST(&buffer, random_bytes, &random_bytes_bytes);
   14840   if (rc != TPM_RC_SUCCESS) {
   14841     return rc;
   14842   }
   14843   if (tag == TPM_ST_SESSIONS) {
   14844     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14845     // Decrypt just the parameter data, not the size.
   14846     std::string tmp = random_bytes_bytes.substr(2);
   14847     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14848       return TRUNKS_RC_ENCRYPTION_FAILED;
   14849     }
   14850     random_bytes_bytes.replace(2, std::string::npos, tmp);
   14851     rc = Parse_TPM2B_DIGEST(&random_bytes_bytes, random_bytes, nullptr);
   14852     if (rc != TPM_RC_SUCCESS) {
   14853       return rc;
   14854     }
   14855   }
   14856   return TPM_RC_SUCCESS;
   14857 }
   14858 
   14859 void GetRandomErrorCallback(const Tpm::GetRandomResponse& callback,
   14860                             TPM_RC response_code) {
   14861   VLOG(1) << __func__;
   14862   callback.Run(response_code, TPM2B_DIGEST());
   14863 }
   14864 
   14865 void GetRandomResponseParser(const Tpm::GetRandomResponse& callback,
   14866                              AuthorizationDelegate* authorization_delegate,
   14867                              const std::string& response) {
   14868   VLOG(1) << __func__;
   14869   base::Callback<void(TPM_RC)> error_reporter =
   14870       base::Bind(GetRandomErrorCallback, callback);
   14871   TPM2B_DIGEST random_bytes;
   14872   TPM_RC rc = Tpm::ParseResponse_GetRandom(response, &random_bytes,
   14873                                            authorization_delegate);
   14874   if (rc != TPM_RC_SUCCESS) {
   14875     error_reporter.Run(rc);
   14876     return;
   14877   }
   14878   callback.Run(rc, random_bytes);
   14879 }
   14880 
   14881 void Tpm::GetRandom(const UINT16& bytes_requested,
   14882                     AuthorizationDelegate* authorization_delegate,
   14883                     const GetRandomResponse& callback) {
   14884   VLOG(1) << __func__;
   14885   base::Callback<void(TPM_RC)> error_reporter =
   14886       base::Bind(GetRandomErrorCallback, callback);
   14887   base::Callback<void(const std::string&)> parser =
   14888       base::Bind(GetRandomResponseParser, callback, authorization_delegate);
   14889   std::string command;
   14890   TPM_RC rc = SerializeCommand_GetRandom(bytes_requested, &command,
   14891                                          authorization_delegate);
   14892   if (rc != TPM_RC_SUCCESS) {
   14893     error_reporter.Run(rc);
   14894     return;
   14895   }
   14896   transceiver_->SendCommand(command, parser);
   14897 }
   14898 
   14899 TPM_RC Tpm::GetRandomSync(const UINT16& bytes_requested,
   14900                           TPM2B_DIGEST* random_bytes,
   14901                           AuthorizationDelegate* authorization_delegate) {
   14902   VLOG(1) << __func__;
   14903   std::string command;
   14904   TPM_RC rc = SerializeCommand_GetRandom(bytes_requested, &command,
   14905                                          authorization_delegate);
   14906   if (rc != TPM_RC_SUCCESS) {
   14907     return rc;
   14908   }
   14909   std::string response = transceiver_->SendCommandAndWait(command);
   14910   rc = ParseResponse_GetRandom(response, random_bytes, authorization_delegate);
   14911   return rc;
   14912 }
   14913 
   14914 TPM_RC Tpm::SerializeCommand_StirRandom(
   14915     const TPM2B_SENSITIVE_DATA& in_data,
   14916     std::string* serialized_command,
   14917     AuthorizationDelegate* authorization_delegate) {
   14918   VLOG(3) << __func__;
   14919   TPM_RC rc = TPM_RC_SUCCESS;
   14920   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14921   UINT32 command_size = 10;  // Header size.
   14922   std::string handle_section_bytes;
   14923   std::string parameter_section_bytes;
   14924   TPM_CC command_code = TPM_CC_StirRandom;
   14925   bool is_command_parameter_encryption_possible = true;
   14926   bool is_response_parameter_encryption_possible = false;
   14927   std::string command_code_bytes;
   14928   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   14929   if (rc != TPM_RC_SUCCESS) {
   14930     return rc;
   14931   }
   14932   std::string in_data_bytes;
   14933   rc = Serialize_TPM2B_SENSITIVE_DATA(in_data, &in_data_bytes);
   14934   if (rc != TPM_RC_SUCCESS) {
   14935     return rc;
   14936   }
   14937   if (authorization_delegate) {
   14938     // Encrypt just the parameter data, not the size.
   14939     std::string tmp = in_data_bytes.substr(2);
   14940     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   14941       return TRUNKS_RC_ENCRYPTION_FAILED;
   14942     }
   14943     in_data_bytes.replace(2, std::string::npos, tmp);
   14944   }
   14945   std::unique_ptr<crypto::SecureHash> hash(
   14946       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   14947   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   14948   hash->Update(in_data_bytes.data(), in_data_bytes.size());
   14949   parameter_section_bytes += in_data_bytes;
   14950   command_size += in_data_bytes.size();
   14951   std::string command_hash(32, 0);
   14952   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   14953   std::string authorization_section_bytes;
   14954   std::string authorization_size_bytes;
   14955   if (authorization_delegate) {
   14956     if (!authorization_delegate->GetCommandAuthorization(
   14957             command_hash, is_command_parameter_encryption_possible,
   14958             is_response_parameter_encryption_possible,
   14959             &authorization_section_bytes)) {
   14960       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14961     }
   14962     if (!authorization_section_bytes.empty()) {
   14963       tag = TPM_ST_SESSIONS;
   14964       std::string tmp;
   14965       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14966                             &authorization_size_bytes);
   14967       if (rc != TPM_RC_SUCCESS) {
   14968         return rc;
   14969       }
   14970       command_size +=
   14971           authorization_size_bytes.size() + authorization_section_bytes.size();
   14972     }
   14973   }
   14974   std::string tag_bytes;
   14975   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   14976   if (rc != TPM_RC_SUCCESS) {
   14977     return rc;
   14978   }
   14979   std::string command_size_bytes;
   14980   rc = Serialize_UINT32(command_size, &command_size_bytes);
   14981   if (rc != TPM_RC_SUCCESS) {
   14982     return rc;
   14983   }
   14984   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   14985                         handle_section_bytes + authorization_size_bytes +
   14986                         authorization_section_bytes + parameter_section_bytes;
   14987   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14988   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14989                                             serialized_command->size());
   14990   return TPM_RC_SUCCESS;
   14991 }
   14992 
   14993 TPM_RC Tpm::ParseResponse_StirRandom(
   14994     const std::string& response,
   14995     AuthorizationDelegate* authorization_delegate) {
   14996   VLOG(3) << __func__;
   14997   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14998   TPM_RC rc = TPM_RC_SUCCESS;
   14999   std::string buffer(response);
   15000   TPM_ST tag;
   15001   std::string tag_bytes;
   15002   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   15003   if (rc != TPM_RC_SUCCESS) {
   15004     return rc;
   15005   }
   15006   UINT32 response_size;
   15007   std::string response_size_bytes;
   15008   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   15009   if (rc != TPM_RC_SUCCESS) {
   15010     return rc;
   15011   }
   15012   TPM_RC response_code;
   15013   std::string response_code_bytes;
   15014   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   15015   if (rc != TPM_RC_SUCCESS) {
   15016     return rc;
   15017   }
   15018   if (response_size != response.size()) {
   15019     return TPM_RC_SIZE;
   15020   }
   15021   if (response_code != TPM_RC_SUCCESS) {
   15022     return response_code;
   15023   }
   15024   TPM_CC command_code = TPM_CC_StirRandom;
   15025   std::string command_code_bytes;
   15026   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15027   if (rc != TPM_RC_SUCCESS) {
   15028     return rc;
   15029   }
   15030   std::string authorization_section_bytes;
   15031   if (tag == TPM_ST_SESSIONS) {
   15032     UINT32 parameter_section_size = buffer.size();
   15033     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15034     if (rc != TPM_RC_SUCCESS) {
   15035       return rc;
   15036     }
   15037     if (parameter_section_size > buffer.size()) {
   15038       return TPM_RC_INSUFFICIENT;
   15039     }
   15040     authorization_section_bytes = buffer.substr(parameter_section_size);
   15041     // Keep the parameter section in |buffer|.
   15042     buffer.erase(parameter_section_size);
   15043   }
   15044   std::unique_ptr<crypto::SecureHash> hash(
   15045       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15046   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   15047   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15048   hash->Update(buffer.data(), buffer.size());
   15049   std::string response_hash(32, 0);
   15050   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   15051   if (tag == TPM_ST_SESSIONS) {
   15052     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15053     if (!authorization_delegate->CheckResponseAuthorization(
   15054             response_hash, authorization_section_bytes)) {
   15055       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15056     }
   15057   }
   15058   return TPM_RC_SUCCESS;
   15059 }
   15060 
   15061 void StirRandomErrorCallback(const Tpm::StirRandomResponse& callback,
   15062                              TPM_RC response_code) {
   15063   VLOG(1) << __func__;
   15064   callback.Run(response_code);
   15065 }
   15066 
   15067 void StirRandomResponseParser(const Tpm::StirRandomResponse& callback,
   15068                               AuthorizationDelegate* authorization_delegate,
   15069                               const std::string& response) {
   15070   VLOG(1) << __func__;
   15071   base::Callback<void(TPM_RC)> error_reporter =
   15072       base::Bind(StirRandomErrorCallback, callback);
   15073   TPM_RC rc = Tpm::ParseResponse_StirRandom(response, authorization_delegate);
   15074   if (rc != TPM_RC_SUCCESS) {
   15075     error_reporter.Run(rc);
   15076     return;
   15077   }
   15078   callback.Run(rc);
   15079 }
   15080 
   15081 void Tpm::StirRandom(const TPM2B_SENSITIVE_DATA& in_data,
   15082                      AuthorizationDelegate* authorization_delegate,
   15083                      const StirRandomResponse& callback) {
   15084   VLOG(1) << __func__;
   15085   base::Callback<void(TPM_RC)> error_reporter =
   15086       base::Bind(StirRandomErrorCallback, callback);
   15087   base::Callback<void(const std::string&)> parser =
   15088       base::Bind(StirRandomResponseParser, callback, authorization_delegate);
   15089   std::string command;
   15090   TPM_RC rc =
   15091       SerializeCommand_StirRandom(in_data, &command, authorization_delegate);
   15092   if (rc != TPM_RC_SUCCESS) {
   15093     error_reporter.Run(rc);
   15094     return;
   15095   }
   15096   transceiver_->SendCommand(command, parser);
   15097 }
   15098 
   15099 TPM_RC Tpm::StirRandomSync(const TPM2B_SENSITIVE_DATA& in_data,
   15100                            AuthorizationDelegate* authorization_delegate) {
   15101   VLOG(1) << __func__;
   15102   std::string command;
   15103   TPM_RC rc =
   15104       SerializeCommand_StirRandom(in_data, &command, authorization_delegate);
   15105   if (rc != TPM_RC_SUCCESS) {
   15106     return rc;
   15107   }
   15108   std::string response = transceiver_->SendCommandAndWait(command);
   15109   rc = ParseResponse_StirRandom(response, authorization_delegate);
   15110   return rc;
   15111 }
   15112 
   15113 TPM_RC Tpm::SerializeCommand_HMAC_Start(
   15114     const TPMI_DH_OBJECT& handle,
   15115     const std::string& handle_name,
   15116     const TPM2B_AUTH& auth,
   15117     const TPMI_ALG_HASH& hash_alg,
   15118     std::string* serialized_command,
   15119     AuthorizationDelegate* authorization_delegate) {
   15120   VLOG(3) << __func__;
   15121   TPM_RC rc = TPM_RC_SUCCESS;
   15122   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15123   UINT32 command_size = 10;  // Header size.
   15124   std::string handle_section_bytes;
   15125   std::string parameter_section_bytes;
   15126   TPM_CC command_code = TPM_CC_HMAC_Start;
   15127   bool is_command_parameter_encryption_possible = true;
   15128   bool is_response_parameter_encryption_possible = false;
   15129   std::string command_code_bytes;
   15130   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15131   if (rc != TPM_RC_SUCCESS) {
   15132     return rc;
   15133   }
   15134   std::string handle_bytes;
   15135   rc = Serialize_TPMI_DH_OBJECT(handle, &handle_bytes);
   15136   if (rc != TPM_RC_SUCCESS) {
   15137     return rc;
   15138   }
   15139   std::string auth_bytes;
   15140   rc = Serialize_TPM2B_AUTH(auth, &auth_bytes);
   15141   if (rc != TPM_RC_SUCCESS) {
   15142     return rc;
   15143   }
   15144   std::string hash_alg_bytes;
   15145   rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes);
   15146   if (rc != TPM_RC_SUCCESS) {
   15147     return rc;
   15148   }
   15149   if (authorization_delegate) {
   15150     // Encrypt just the parameter data, not the size.
   15151     std::string tmp = auth_bytes.substr(2);
   15152     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15153       return TRUNKS_RC_ENCRYPTION_FAILED;
   15154     }
   15155     auth_bytes.replace(2, std::string::npos, tmp);
   15156   }
   15157   std::unique_ptr<crypto::SecureHash> hash(
   15158       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15159   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15160   hash->Update(handle_name.data(), handle_name.size());
   15161   handle_section_bytes += handle_bytes;
   15162   command_size += handle_bytes.size();
   15163   hash->Update(auth_bytes.data(), auth_bytes.size());
   15164   parameter_section_bytes += auth_bytes;
   15165   command_size += auth_bytes.size();
   15166   hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size());
   15167   parameter_section_bytes += hash_alg_bytes;
   15168   command_size += hash_alg_bytes.size();
   15169   std::string command_hash(32, 0);
   15170   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   15171   std::string authorization_section_bytes;
   15172   std::string authorization_size_bytes;
   15173   if (authorization_delegate) {
   15174     if (!authorization_delegate->GetCommandAuthorization(
   15175             command_hash, is_command_parameter_encryption_possible,
   15176             is_response_parameter_encryption_possible,
   15177             &authorization_section_bytes)) {
   15178       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15179     }
   15180     if (!authorization_section_bytes.empty()) {
   15181       tag = TPM_ST_SESSIONS;
   15182       std::string tmp;
   15183       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15184                             &authorization_size_bytes);
   15185       if (rc != TPM_RC_SUCCESS) {
   15186         return rc;
   15187       }
   15188       command_size +=
   15189           authorization_size_bytes.size() + authorization_section_bytes.size();
   15190     }
   15191   }
   15192   std::string tag_bytes;
   15193   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   15194   if (rc != TPM_RC_SUCCESS) {
   15195     return rc;
   15196   }
   15197   std::string command_size_bytes;
   15198   rc = Serialize_UINT32(command_size, &command_size_bytes);
   15199   if (rc != TPM_RC_SUCCESS) {
   15200     return rc;
   15201   }
   15202   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   15203                         handle_section_bytes + authorization_size_bytes +
   15204                         authorization_section_bytes + parameter_section_bytes;
   15205   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15206   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15207                                             serialized_command->size());
   15208   return TPM_RC_SUCCESS;
   15209 }
   15210 
   15211 TPM_RC Tpm::ParseResponse_HMAC_Start(
   15212     const std::string& response,
   15213     TPMI_DH_OBJECT* sequence_handle,
   15214     AuthorizationDelegate* authorization_delegate) {
   15215   VLOG(3) << __func__;
   15216   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15217   TPM_RC rc = TPM_RC_SUCCESS;
   15218   std::string buffer(response);
   15219   TPM_ST tag;
   15220   std::string tag_bytes;
   15221   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   15222   if (rc != TPM_RC_SUCCESS) {
   15223     return rc;
   15224   }
   15225   UINT32 response_size;
   15226   std::string response_size_bytes;
   15227   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   15228   if (rc != TPM_RC_SUCCESS) {
   15229     return rc;
   15230   }
   15231   TPM_RC response_code;
   15232   std::string response_code_bytes;
   15233   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   15234   if (rc != TPM_RC_SUCCESS) {
   15235     return rc;
   15236   }
   15237   if (response_size != response.size()) {
   15238     return TPM_RC_SIZE;
   15239   }
   15240   if (response_code != TPM_RC_SUCCESS) {
   15241     return response_code;
   15242   }
   15243   std::string sequence_handle_bytes;
   15244   rc = Parse_TPMI_DH_OBJECT(&buffer, sequence_handle, &sequence_handle_bytes);
   15245   if (rc != TPM_RC_SUCCESS) {
   15246     return rc;
   15247   }
   15248   TPM_CC command_code = TPM_CC_HMAC_Start;
   15249   std::string command_code_bytes;
   15250   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15251   if (rc != TPM_RC_SUCCESS) {
   15252     return rc;
   15253   }
   15254   std::string authorization_section_bytes;
   15255   if (tag == TPM_ST_SESSIONS) {
   15256     UINT32 parameter_section_size = buffer.size();
   15257     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15258     if (rc != TPM_RC_SUCCESS) {
   15259       return rc;
   15260     }
   15261     if (parameter_section_size > buffer.size()) {
   15262       return TPM_RC_INSUFFICIENT;
   15263     }
   15264     authorization_section_bytes = buffer.substr(parameter_section_size);
   15265     // Keep the parameter section in |buffer|.
   15266     buffer.erase(parameter_section_size);
   15267   }
   15268   std::unique_ptr<crypto::SecureHash> hash(
   15269       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15270   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   15271   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15272   hash->Update(buffer.data(), buffer.size());
   15273   std::string response_hash(32, 0);
   15274   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   15275   if (tag == TPM_ST_SESSIONS) {
   15276     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15277     if (!authorization_delegate->CheckResponseAuthorization(
   15278             response_hash, authorization_section_bytes)) {
   15279       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15280     }
   15281   }
   15282   return TPM_RC_SUCCESS;
   15283 }
   15284 
   15285 void HMAC_StartErrorCallback(const Tpm::HMAC_StartResponse& callback,
   15286                              TPM_RC response_code) {
   15287   VLOG(1) << __func__;
   15288   callback.Run(response_code, TPMI_DH_OBJECT());
   15289 }
   15290 
   15291 void HMAC_StartResponseParser(const Tpm::HMAC_StartResponse& callback,
   15292                               AuthorizationDelegate* authorization_delegate,
   15293                               const std::string& response) {
   15294   VLOG(1) << __func__;
   15295   base::Callback<void(TPM_RC)> error_reporter =
   15296       base::Bind(HMAC_StartErrorCallback, callback);
   15297   TPMI_DH_OBJECT sequence_handle;
   15298   TPM_RC rc = Tpm::ParseResponse_HMAC_Start(response, &sequence_handle,
   15299                                             authorization_delegate);
   15300   if (rc != TPM_RC_SUCCESS) {
   15301     error_reporter.Run(rc);
   15302     return;
   15303   }
   15304   callback.Run(rc, sequence_handle);
   15305 }
   15306 
   15307 void Tpm::HMAC_Start(const TPMI_DH_OBJECT& handle,
   15308                      const std::string& handle_name,
   15309                      const TPM2B_AUTH& auth,
   15310                      const TPMI_ALG_HASH& hash_alg,
   15311                      AuthorizationDelegate* authorization_delegate,
   15312                      const HMAC_StartResponse& callback) {
   15313   VLOG(1) << __func__;
   15314   base::Callback<void(TPM_RC)> error_reporter =
   15315       base::Bind(HMAC_StartErrorCallback, callback);
   15316   base::Callback<void(const std::string&)> parser =
   15317       base::Bind(HMAC_StartResponseParser, callback, authorization_delegate);
   15318   std::string command;
   15319   TPM_RC rc = SerializeCommand_HMAC_Start(handle, handle_name, auth, hash_alg,
   15320                                           &command, authorization_delegate);
   15321   if (rc != TPM_RC_SUCCESS) {
   15322     error_reporter.Run(rc);
   15323     return;
   15324   }
   15325   transceiver_->SendCommand(command, parser);
   15326 }
   15327 
   15328 TPM_RC Tpm::HMAC_StartSync(const TPMI_DH_OBJECT& handle,
   15329                            const std::string& handle_name,
   15330                            const TPM2B_AUTH& auth,
   15331                            const TPMI_ALG_HASH& hash_alg,
   15332                            TPMI_DH_OBJECT* sequence_handle,
   15333                            AuthorizationDelegate* authorization_delegate) {
   15334   VLOG(1) << __func__;
   15335   std::string command;
   15336   TPM_RC rc = SerializeCommand_HMAC_Start(handle, handle_name, auth, hash_alg,
   15337                                           &command, authorization_delegate);
   15338   if (rc != TPM_RC_SUCCESS) {
   15339     return rc;
   15340   }
   15341   std::string response = transceiver_->SendCommandAndWait(command);
   15342   rc = ParseResponse_HMAC_Start(response, sequence_handle,
   15343                                 authorization_delegate);
   15344   return rc;
   15345 }
   15346 
   15347 TPM_RC Tpm::SerializeCommand_HashSequenceStart(
   15348     const TPM2B_AUTH& auth,
   15349     const TPMI_ALG_HASH& hash_alg,
   15350     std::string* serialized_command,
   15351     AuthorizationDelegate* authorization_delegate) {
   15352   VLOG(3) << __func__;
   15353   TPM_RC rc = TPM_RC_SUCCESS;
   15354   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15355   UINT32 command_size = 10;  // Header size.
   15356   std::string handle_section_bytes;
   15357   std::string parameter_section_bytes;
   15358   TPM_CC command_code = TPM_CC_HashSequenceStart;
   15359   bool is_command_parameter_encryption_possible = true;
   15360   bool is_response_parameter_encryption_possible = false;
   15361   std::string command_code_bytes;
   15362   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15363   if (rc != TPM_RC_SUCCESS) {
   15364     return rc;
   15365   }
   15366   std::string auth_bytes;
   15367   rc = Serialize_TPM2B_AUTH(auth, &auth_bytes);
   15368   if (rc != TPM_RC_SUCCESS) {
   15369     return rc;
   15370   }
   15371   std::string hash_alg_bytes;
   15372   rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes);
   15373   if (rc != TPM_RC_SUCCESS) {
   15374     return rc;
   15375   }
   15376   if (authorization_delegate) {
   15377     // Encrypt just the parameter data, not the size.
   15378     std::string tmp = auth_bytes.substr(2);
   15379     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15380       return TRUNKS_RC_ENCRYPTION_FAILED;
   15381     }
   15382     auth_bytes.replace(2, std::string::npos, tmp);
   15383   }
   15384   std::unique_ptr<crypto::SecureHash> hash(
   15385       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15386   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15387   hash->Update(auth_bytes.data(), auth_bytes.size());
   15388   parameter_section_bytes += auth_bytes;
   15389   command_size += auth_bytes.size();
   15390   hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size());
   15391   parameter_section_bytes += hash_alg_bytes;
   15392   command_size += hash_alg_bytes.size();
   15393   std::string command_hash(32, 0);
   15394   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   15395   std::string authorization_section_bytes;
   15396   std::string authorization_size_bytes;
   15397   if (authorization_delegate) {
   15398     if (!authorization_delegate->GetCommandAuthorization(
   15399             command_hash, is_command_parameter_encryption_possible,
   15400             is_response_parameter_encryption_possible,
   15401             &authorization_section_bytes)) {
   15402       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15403     }
   15404     if (!authorization_section_bytes.empty()) {
   15405       tag = TPM_ST_SESSIONS;
   15406       std::string tmp;
   15407       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15408                             &authorization_size_bytes);
   15409       if (rc != TPM_RC_SUCCESS) {
   15410         return rc;
   15411       }
   15412       command_size +=
   15413           authorization_size_bytes.size() + authorization_section_bytes.size();
   15414     }
   15415   }
   15416   std::string tag_bytes;
   15417   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   15418   if (rc != TPM_RC_SUCCESS) {
   15419     return rc;
   15420   }
   15421   std::string command_size_bytes;
   15422   rc = Serialize_UINT32(command_size, &command_size_bytes);
   15423   if (rc != TPM_RC_SUCCESS) {
   15424     return rc;
   15425   }
   15426   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   15427                         handle_section_bytes + authorization_size_bytes +
   15428                         authorization_section_bytes + parameter_section_bytes;
   15429   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15430   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15431                                             serialized_command->size());
   15432   return TPM_RC_SUCCESS;
   15433 }
   15434 
   15435 TPM_RC Tpm::ParseResponse_HashSequenceStart(
   15436     const std::string& response,
   15437     TPMI_DH_OBJECT* sequence_handle,
   15438     AuthorizationDelegate* authorization_delegate) {
   15439   VLOG(3) << __func__;
   15440   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15441   TPM_RC rc = TPM_RC_SUCCESS;
   15442   std::string buffer(response);
   15443   TPM_ST tag;
   15444   std::string tag_bytes;
   15445   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   15446   if (rc != TPM_RC_SUCCESS) {
   15447     return rc;
   15448   }
   15449   UINT32 response_size;
   15450   std::string response_size_bytes;
   15451   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   15452   if (rc != TPM_RC_SUCCESS) {
   15453     return rc;
   15454   }
   15455   TPM_RC response_code;
   15456   std::string response_code_bytes;
   15457   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   15458   if (rc != TPM_RC_SUCCESS) {
   15459     return rc;
   15460   }
   15461   if (response_size != response.size()) {
   15462     return TPM_RC_SIZE;
   15463   }
   15464   if (response_code != TPM_RC_SUCCESS) {
   15465     return response_code;
   15466   }
   15467   std::string sequence_handle_bytes;
   15468   rc = Parse_TPMI_DH_OBJECT(&buffer, sequence_handle, &sequence_handle_bytes);
   15469   if (rc != TPM_RC_SUCCESS) {
   15470     return rc;
   15471   }
   15472   TPM_CC command_code = TPM_CC_HashSequenceStart;
   15473   std::string command_code_bytes;
   15474   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15475   if (rc != TPM_RC_SUCCESS) {
   15476     return rc;
   15477   }
   15478   std::string authorization_section_bytes;
   15479   if (tag == TPM_ST_SESSIONS) {
   15480     UINT32 parameter_section_size = buffer.size();
   15481     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15482     if (rc != TPM_RC_SUCCESS) {
   15483       return rc;
   15484     }
   15485     if (parameter_section_size > buffer.size()) {
   15486       return TPM_RC_INSUFFICIENT;
   15487     }
   15488     authorization_section_bytes = buffer.substr(parameter_section_size);
   15489     // Keep the parameter section in |buffer|.
   15490     buffer.erase(parameter_section_size);
   15491   }
   15492   std::unique_ptr<crypto::SecureHash> hash(
   15493       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15494   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   15495   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15496   hash->Update(buffer.data(), buffer.size());
   15497   std::string response_hash(32, 0);
   15498   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   15499   if (tag == TPM_ST_SESSIONS) {
   15500     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15501     if (!authorization_delegate->CheckResponseAuthorization(
   15502             response_hash, authorization_section_bytes)) {
   15503       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15504     }
   15505   }
   15506   return TPM_RC_SUCCESS;
   15507 }
   15508 
   15509 void HashSequenceStartErrorCallback(
   15510     const Tpm::HashSequenceStartResponse& callback,
   15511     TPM_RC response_code) {
   15512   VLOG(1) << __func__;
   15513   callback.Run(response_code, TPMI_DH_OBJECT());
   15514 }
   15515 
   15516 void HashSequenceStartResponseParser(
   15517     const Tpm::HashSequenceStartResponse& callback,
   15518     AuthorizationDelegate* authorization_delegate,
   15519     const std::string& response) {
   15520   VLOG(1) << __func__;
   15521   base::Callback<void(TPM_RC)> error_reporter =
   15522       base::Bind(HashSequenceStartErrorCallback, callback);
   15523   TPMI_DH_OBJECT sequence_handle;
   15524   TPM_RC rc = Tpm::ParseResponse_HashSequenceStart(response, &sequence_handle,
   15525                                                    authorization_delegate);
   15526   if (rc != TPM_RC_SUCCESS) {
   15527     error_reporter.Run(rc);
   15528     return;
   15529   }
   15530   callback.Run(rc, sequence_handle);
   15531 }
   15532 
   15533 void Tpm::HashSequenceStart(const TPM2B_AUTH& auth,
   15534                             const TPMI_ALG_HASH& hash_alg,
   15535                             AuthorizationDelegate* authorization_delegate,
   15536                             const HashSequenceStartResponse& callback) {
   15537   VLOG(1) << __func__;
   15538   base::Callback<void(TPM_RC)> error_reporter =
   15539       base::Bind(HashSequenceStartErrorCallback, callback);
   15540   base::Callback<void(const std::string&)> parser = base::Bind(
   15541       HashSequenceStartResponseParser, callback, authorization_delegate);
   15542   std::string command;
   15543   TPM_RC rc = SerializeCommand_HashSequenceStart(auth, hash_alg, &command,
   15544                                                  authorization_delegate);
   15545   if (rc != TPM_RC_SUCCESS) {
   15546     error_reporter.Run(rc);
   15547     return;
   15548   }
   15549   transceiver_->SendCommand(command, parser);
   15550 }
   15551 
   15552 TPM_RC Tpm::HashSequenceStartSync(
   15553     const TPM2B_AUTH& auth,
   15554     const TPMI_ALG_HASH& hash_alg,
   15555     TPMI_DH_OBJECT* sequence_handle,
   15556     AuthorizationDelegate* authorization_delegate) {
   15557   VLOG(1) << __func__;
   15558   std::string command;
   15559   TPM_RC rc = SerializeCommand_HashSequenceStart(auth, hash_alg, &command,
   15560                                                  authorization_delegate);
   15561   if (rc != TPM_RC_SUCCESS) {
   15562     return rc;
   15563   }
   15564   std::string response = transceiver_->SendCommandAndWait(command);
   15565   rc = ParseResponse_HashSequenceStart(response, sequence_handle,
   15566                                        authorization_delegate);
   15567   return rc;
   15568 }
   15569 
   15570 TPM_RC Tpm::SerializeCommand_SequenceUpdate(
   15571     const TPMI_DH_OBJECT& sequence_handle,
   15572     const std::string& sequence_handle_name,
   15573     const TPM2B_MAX_BUFFER& buffer,
   15574     std::string* serialized_command,
   15575     AuthorizationDelegate* authorization_delegate) {
   15576   VLOG(3) << __func__;
   15577   TPM_RC rc = TPM_RC_SUCCESS;
   15578   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15579   UINT32 command_size = 10;  // Header size.
   15580   std::string handle_section_bytes;
   15581   std::string parameter_section_bytes;
   15582   TPM_CC command_code = TPM_CC_SequenceUpdate;
   15583   bool is_command_parameter_encryption_possible = true;
   15584   bool is_response_parameter_encryption_possible = false;
   15585   std::string command_code_bytes;
   15586   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15587   if (rc != TPM_RC_SUCCESS) {
   15588     return rc;
   15589   }
   15590   std::string sequence_handle_bytes;
   15591   rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes);
   15592   if (rc != TPM_RC_SUCCESS) {
   15593     return rc;
   15594   }
   15595   std::string buffer_bytes;
   15596   rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes);
   15597   if (rc != TPM_RC_SUCCESS) {
   15598     return rc;
   15599   }
   15600   if (authorization_delegate) {
   15601     // Encrypt just the parameter data, not the size.
   15602     std::string tmp = buffer_bytes.substr(2);
   15603     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15604       return TRUNKS_RC_ENCRYPTION_FAILED;
   15605     }
   15606     buffer_bytes.replace(2, std::string::npos, tmp);
   15607   }
   15608   std::unique_ptr<crypto::SecureHash> hash(
   15609       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15610   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15611   hash->Update(sequence_handle_name.data(), sequence_handle_name.size());
   15612   handle_section_bytes += sequence_handle_bytes;
   15613   command_size += sequence_handle_bytes.size();
   15614   hash->Update(buffer_bytes.data(), buffer_bytes.size());
   15615   parameter_section_bytes += buffer_bytes;
   15616   command_size += buffer_bytes.size();
   15617   std::string command_hash(32, 0);
   15618   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   15619   std::string authorization_section_bytes;
   15620   std::string authorization_size_bytes;
   15621   if (authorization_delegate) {
   15622     if (!authorization_delegate->GetCommandAuthorization(
   15623             command_hash, is_command_parameter_encryption_possible,
   15624             is_response_parameter_encryption_possible,
   15625             &authorization_section_bytes)) {
   15626       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15627     }
   15628     if (!authorization_section_bytes.empty()) {
   15629       tag = TPM_ST_SESSIONS;
   15630       std::string tmp;
   15631       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15632                             &authorization_size_bytes);
   15633       if (rc != TPM_RC_SUCCESS) {
   15634         return rc;
   15635       }
   15636       command_size +=
   15637           authorization_size_bytes.size() + authorization_section_bytes.size();
   15638     }
   15639   }
   15640   std::string tag_bytes;
   15641   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   15642   if (rc != TPM_RC_SUCCESS) {
   15643     return rc;
   15644   }
   15645   std::string command_size_bytes;
   15646   rc = Serialize_UINT32(command_size, &command_size_bytes);
   15647   if (rc != TPM_RC_SUCCESS) {
   15648     return rc;
   15649   }
   15650   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   15651                         handle_section_bytes + authorization_size_bytes +
   15652                         authorization_section_bytes + parameter_section_bytes;
   15653   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15654   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15655                                             serialized_command->size());
   15656   return TPM_RC_SUCCESS;
   15657 }
   15658 
   15659 TPM_RC Tpm::ParseResponse_SequenceUpdate(
   15660     const std::string& response,
   15661     AuthorizationDelegate* authorization_delegate) {
   15662   VLOG(3) << __func__;
   15663   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15664   TPM_RC rc = TPM_RC_SUCCESS;
   15665   std::string buffer(response);
   15666   TPM_ST tag;
   15667   std::string tag_bytes;
   15668   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   15669   if (rc != TPM_RC_SUCCESS) {
   15670     return rc;
   15671   }
   15672   UINT32 response_size;
   15673   std::string response_size_bytes;
   15674   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   15675   if (rc != TPM_RC_SUCCESS) {
   15676     return rc;
   15677   }
   15678   TPM_RC response_code;
   15679   std::string response_code_bytes;
   15680   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   15681   if (rc != TPM_RC_SUCCESS) {
   15682     return rc;
   15683   }
   15684   if (response_size != response.size()) {
   15685     return TPM_RC_SIZE;
   15686   }
   15687   if (response_code != TPM_RC_SUCCESS) {
   15688     return response_code;
   15689   }
   15690   TPM_CC command_code = TPM_CC_SequenceUpdate;
   15691   std::string command_code_bytes;
   15692   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15693   if (rc != TPM_RC_SUCCESS) {
   15694     return rc;
   15695   }
   15696   std::string authorization_section_bytes;
   15697   if (tag == TPM_ST_SESSIONS) {
   15698     UINT32 parameter_section_size = buffer.size();
   15699     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15700     if (rc != TPM_RC_SUCCESS) {
   15701       return rc;
   15702     }
   15703     if (parameter_section_size > buffer.size()) {
   15704       return TPM_RC_INSUFFICIENT;
   15705     }
   15706     authorization_section_bytes = buffer.substr(parameter_section_size);
   15707     // Keep the parameter section in |buffer|.
   15708     buffer.erase(parameter_section_size);
   15709   }
   15710   std::unique_ptr<crypto::SecureHash> hash(
   15711       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15712   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   15713   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15714   hash->Update(buffer.data(), buffer.size());
   15715   std::string response_hash(32, 0);
   15716   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   15717   if (tag == TPM_ST_SESSIONS) {
   15718     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15719     if (!authorization_delegate->CheckResponseAuthorization(
   15720             response_hash, authorization_section_bytes)) {
   15721       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15722     }
   15723   }
   15724   return TPM_RC_SUCCESS;
   15725 }
   15726 
   15727 void SequenceUpdateErrorCallback(const Tpm::SequenceUpdateResponse& callback,
   15728                                  TPM_RC response_code) {
   15729   VLOG(1) << __func__;
   15730   callback.Run(response_code);
   15731 }
   15732 
   15733 void SequenceUpdateResponseParser(const Tpm::SequenceUpdateResponse& callback,
   15734                                   AuthorizationDelegate* authorization_delegate,
   15735                                   const std::string& response) {
   15736   VLOG(1) << __func__;
   15737   base::Callback<void(TPM_RC)> error_reporter =
   15738       base::Bind(SequenceUpdateErrorCallback, callback);
   15739   TPM_RC rc =
   15740       Tpm::ParseResponse_SequenceUpdate(response, authorization_delegate);
   15741   if (rc != TPM_RC_SUCCESS) {
   15742     error_reporter.Run(rc);
   15743     return;
   15744   }
   15745   callback.Run(rc);
   15746 }
   15747 
   15748 void Tpm::SequenceUpdate(const TPMI_DH_OBJECT& sequence_handle,
   15749                          const std::string& sequence_handle_name,
   15750                          const TPM2B_MAX_BUFFER& buffer,
   15751                          AuthorizationDelegate* authorization_delegate,
   15752                          const SequenceUpdateResponse& callback) {
   15753   VLOG(1) << __func__;
   15754   base::Callback<void(TPM_RC)> error_reporter =
   15755       base::Bind(SequenceUpdateErrorCallback, callback);
   15756   base::Callback<void(const std::string&)> parser = base::Bind(
   15757       SequenceUpdateResponseParser, callback, authorization_delegate);
   15758   std::string command;
   15759   TPM_RC rc =
   15760       SerializeCommand_SequenceUpdate(sequence_handle, sequence_handle_name,
   15761                                       buffer, &command, authorization_delegate);
   15762   if (rc != TPM_RC_SUCCESS) {
   15763     error_reporter.Run(rc);
   15764     return;
   15765   }
   15766   transceiver_->SendCommand(command, parser);
   15767 }
   15768 
   15769 TPM_RC Tpm::SequenceUpdateSync(const TPMI_DH_OBJECT& sequence_handle,
   15770                                const std::string& sequence_handle_name,
   15771                                const TPM2B_MAX_BUFFER& buffer,
   15772                                AuthorizationDelegate* authorization_delegate) {
   15773   VLOG(1) << __func__;
   15774   std::string command;
   15775   TPM_RC rc =
   15776       SerializeCommand_SequenceUpdate(sequence_handle, sequence_handle_name,
   15777                                       buffer, &command, authorization_delegate);
   15778   if (rc != TPM_RC_SUCCESS) {
   15779     return rc;
   15780   }
   15781   std::string response = transceiver_->SendCommandAndWait(command);
   15782   rc = ParseResponse_SequenceUpdate(response, authorization_delegate);
   15783   return rc;
   15784 }
   15785 
   15786 TPM_RC Tpm::SerializeCommand_SequenceComplete(
   15787     const TPMI_DH_OBJECT& sequence_handle,
   15788     const std::string& sequence_handle_name,
   15789     const TPM2B_MAX_BUFFER& buffer,
   15790     const TPMI_RH_HIERARCHY& hierarchy,
   15791     std::string* serialized_command,
   15792     AuthorizationDelegate* authorization_delegate) {
   15793   VLOG(3) << __func__;
   15794   TPM_RC rc = TPM_RC_SUCCESS;
   15795   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15796   UINT32 command_size = 10;  // Header size.
   15797   std::string handle_section_bytes;
   15798   std::string parameter_section_bytes;
   15799   TPM_CC command_code = TPM_CC_SequenceComplete;
   15800   bool is_command_parameter_encryption_possible = true;
   15801   bool is_response_parameter_encryption_possible = true;
   15802   std::string command_code_bytes;
   15803   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15804   if (rc != TPM_RC_SUCCESS) {
   15805     return rc;
   15806   }
   15807   std::string sequence_handle_bytes;
   15808   rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes);
   15809   if (rc != TPM_RC_SUCCESS) {
   15810     return rc;
   15811   }
   15812   std::string buffer_bytes;
   15813   rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes);
   15814   if (rc != TPM_RC_SUCCESS) {
   15815     return rc;
   15816   }
   15817   std::string hierarchy_bytes;
   15818   rc = Serialize_TPMI_RH_HIERARCHY(hierarchy, &hierarchy_bytes);
   15819   if (rc != TPM_RC_SUCCESS) {
   15820     return rc;
   15821   }
   15822   if (authorization_delegate) {
   15823     // Encrypt just the parameter data, not the size.
   15824     std::string tmp = buffer_bytes.substr(2);
   15825     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15826       return TRUNKS_RC_ENCRYPTION_FAILED;
   15827     }
   15828     buffer_bytes.replace(2, std::string::npos, tmp);
   15829   }
   15830   std::unique_ptr<crypto::SecureHash> hash(
   15831       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15832   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15833   hash->Update(sequence_handle_name.data(), sequence_handle_name.size());
   15834   handle_section_bytes += sequence_handle_bytes;
   15835   command_size += sequence_handle_bytes.size();
   15836   hash->Update(buffer_bytes.data(), buffer_bytes.size());
   15837   parameter_section_bytes += buffer_bytes;
   15838   command_size += buffer_bytes.size();
   15839   hash->Update(hierarchy_bytes.data(), hierarchy_bytes.size());
   15840   parameter_section_bytes += hierarchy_bytes;
   15841   command_size += hierarchy_bytes.size();
   15842   std::string command_hash(32, 0);
   15843   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   15844   std::string authorization_section_bytes;
   15845   std::string authorization_size_bytes;
   15846   if (authorization_delegate) {
   15847     if (!authorization_delegate->GetCommandAuthorization(
   15848             command_hash, is_command_parameter_encryption_possible,
   15849             is_response_parameter_encryption_possible,
   15850             &authorization_section_bytes)) {
   15851       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15852     }
   15853     if (!authorization_section_bytes.empty()) {
   15854       tag = TPM_ST_SESSIONS;
   15855       std::string tmp;
   15856       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15857                             &authorization_size_bytes);
   15858       if (rc != TPM_RC_SUCCESS) {
   15859         return rc;
   15860       }
   15861       command_size +=
   15862           authorization_size_bytes.size() + authorization_section_bytes.size();
   15863     }
   15864   }
   15865   std::string tag_bytes;
   15866   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   15867   if (rc != TPM_RC_SUCCESS) {
   15868     return rc;
   15869   }
   15870   std::string command_size_bytes;
   15871   rc = Serialize_UINT32(command_size, &command_size_bytes);
   15872   if (rc != TPM_RC_SUCCESS) {
   15873     return rc;
   15874   }
   15875   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   15876                         handle_section_bytes + authorization_size_bytes +
   15877                         authorization_section_bytes + parameter_section_bytes;
   15878   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15879   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15880                                             serialized_command->size());
   15881   return TPM_RC_SUCCESS;
   15882 }
   15883 
   15884 TPM_RC Tpm::ParseResponse_SequenceComplete(
   15885     const std::string& response,
   15886     TPM2B_DIGEST* result,
   15887     TPMT_TK_HASHCHECK* validation,
   15888     AuthorizationDelegate* authorization_delegate) {
   15889   VLOG(3) << __func__;
   15890   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15891   TPM_RC rc = TPM_RC_SUCCESS;
   15892   std::string buffer(response);
   15893   TPM_ST tag;
   15894   std::string tag_bytes;
   15895   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   15896   if (rc != TPM_RC_SUCCESS) {
   15897     return rc;
   15898   }
   15899   UINT32 response_size;
   15900   std::string response_size_bytes;
   15901   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   15902   if (rc != TPM_RC_SUCCESS) {
   15903     return rc;
   15904   }
   15905   TPM_RC response_code;
   15906   std::string response_code_bytes;
   15907   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   15908   if (rc != TPM_RC_SUCCESS) {
   15909     return rc;
   15910   }
   15911   if (response_size != response.size()) {
   15912     return TPM_RC_SIZE;
   15913   }
   15914   if (response_code != TPM_RC_SUCCESS) {
   15915     return response_code;
   15916   }
   15917   TPM_CC command_code = TPM_CC_SequenceComplete;
   15918   std::string command_code_bytes;
   15919   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   15920   if (rc != TPM_RC_SUCCESS) {
   15921     return rc;
   15922   }
   15923   std::string authorization_section_bytes;
   15924   if (tag == TPM_ST_SESSIONS) {
   15925     UINT32 parameter_section_size = buffer.size();
   15926     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15927     if (rc != TPM_RC_SUCCESS) {
   15928       return rc;
   15929     }
   15930     if (parameter_section_size > buffer.size()) {
   15931       return TPM_RC_INSUFFICIENT;
   15932     }
   15933     authorization_section_bytes = buffer.substr(parameter_section_size);
   15934     // Keep the parameter section in |buffer|.
   15935     buffer.erase(parameter_section_size);
   15936   }
   15937   std::unique_ptr<crypto::SecureHash> hash(
   15938       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   15939   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   15940   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   15941   hash->Update(buffer.data(), buffer.size());
   15942   std::string response_hash(32, 0);
   15943   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   15944   if (tag == TPM_ST_SESSIONS) {
   15945     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15946     if (!authorization_delegate->CheckResponseAuthorization(
   15947             response_hash, authorization_section_bytes)) {
   15948       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15949     }
   15950   }
   15951   std::string result_bytes;
   15952   rc = Parse_TPM2B_DIGEST(&buffer, result, &result_bytes);
   15953   if (rc != TPM_RC_SUCCESS) {
   15954     return rc;
   15955   }
   15956   std::string validation_bytes;
   15957   rc = Parse_TPMT_TK_HASHCHECK(&buffer, validation, &validation_bytes);
   15958   if (rc != TPM_RC_SUCCESS) {
   15959     return rc;
   15960   }
   15961   if (tag == TPM_ST_SESSIONS) {
   15962     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15963     // Decrypt just the parameter data, not the size.
   15964     std::string tmp = result_bytes.substr(2);
   15965     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   15966       return TRUNKS_RC_ENCRYPTION_FAILED;
   15967     }
   15968     result_bytes.replace(2, std::string::npos, tmp);
   15969     rc = Parse_TPM2B_DIGEST(&result_bytes, result, nullptr);
   15970     if (rc != TPM_RC_SUCCESS) {
   15971       return rc;
   15972     }
   15973   }
   15974   return TPM_RC_SUCCESS;
   15975 }
   15976 
   15977 void SequenceCompleteErrorCallback(
   15978     const Tpm::SequenceCompleteResponse& callback,
   15979     TPM_RC response_code) {
   15980   VLOG(1) << __func__;
   15981   callback.Run(response_code, TPM2B_DIGEST(), TPMT_TK_HASHCHECK());
   15982 }
   15983 
   15984 void SequenceCompleteResponseParser(
   15985     const Tpm::SequenceCompleteResponse& callback,
   15986     AuthorizationDelegate* authorization_delegate,
   15987     const std::string& response) {
   15988   VLOG(1) << __func__;
   15989   base::Callback<void(TPM_RC)> error_reporter =
   15990       base::Bind(SequenceCompleteErrorCallback, callback);
   15991   TPM2B_DIGEST result;
   15992   TPMT_TK_HASHCHECK validation;
   15993   TPM_RC rc = Tpm::ParseResponse_SequenceComplete(
   15994       response, &result, &validation, authorization_delegate);
   15995   if (rc != TPM_RC_SUCCESS) {
   15996     error_reporter.Run(rc);
   15997     return;
   15998   }
   15999   callback.Run(rc, result, validation);
   16000 }
   16001 
   16002 void Tpm::SequenceComplete(const TPMI_DH_OBJECT& sequence_handle,
   16003                            const std::string& sequence_handle_name,
   16004                            const TPM2B_MAX_BUFFER& buffer,
   16005                            const TPMI_RH_HIERARCHY& hierarchy,
   16006                            AuthorizationDelegate* authorization_delegate,
   16007                            const SequenceCompleteResponse& callback) {
   16008   VLOG(1) << __func__;
   16009   base::Callback<void(TPM_RC)> error_reporter =
   16010       base::Bind(SequenceCompleteErrorCallback, callback);
   16011   base::Callback<void(const std::string&)> parser = base::Bind(
   16012       SequenceCompleteResponseParser, callback, authorization_delegate);
   16013   std::string command;
   16014   TPM_RC rc = SerializeCommand_SequenceComplete(
   16015       sequence_handle, sequence_handle_name, buffer, hierarchy, &command,
   16016       authorization_delegate);
   16017   if (rc != TPM_RC_SUCCESS) {
   16018     error_reporter.Run(rc);
   16019     return;
   16020   }
   16021   transceiver_->SendCommand(command, parser);
   16022 }
   16023 
   16024 TPM_RC Tpm::SequenceCompleteSync(
   16025     const TPMI_DH_OBJECT& sequence_handle,
   16026     const std::string& sequence_handle_name,
   16027     const TPM2B_MAX_BUFFER& buffer,
   16028     const TPMI_RH_HIERARCHY& hierarchy,
   16029     TPM2B_DIGEST* result,
   16030     TPMT_TK_HASHCHECK* validation,
   16031     AuthorizationDelegate* authorization_delegate) {
   16032   VLOG(1) << __func__;
   16033   std::string command;
   16034   TPM_RC rc = SerializeCommand_SequenceComplete(
   16035       sequence_handle, sequence_handle_name, buffer, hierarchy, &command,
   16036       authorization_delegate);
   16037   if (rc != TPM_RC_SUCCESS) {
   16038     return rc;
   16039   }
   16040   std::string response = transceiver_->SendCommandAndWait(command);
   16041   rc = ParseResponse_SequenceComplete(response, result, validation,
   16042                                       authorization_delegate);
   16043   return rc;
   16044 }
   16045 
   16046 TPM_RC Tpm::SerializeCommand_EventSequenceComplete(
   16047     const TPMI_DH_PCR& pcr_handle,
   16048     const std::string& pcr_handle_name,
   16049     const TPMI_DH_OBJECT& sequence_handle,
   16050     const std::string& sequence_handle_name,
   16051     const TPM2B_MAX_BUFFER& buffer,
   16052     std::string* serialized_command,
   16053     AuthorizationDelegate* authorization_delegate) {
   16054   VLOG(3) << __func__;
   16055   TPM_RC rc = TPM_RC_SUCCESS;
   16056   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16057   UINT32 command_size = 10;  // Header size.
   16058   std::string handle_section_bytes;
   16059   std::string parameter_section_bytes;
   16060   TPM_CC command_code = TPM_CC_EventSequenceComplete;
   16061   bool is_command_parameter_encryption_possible = true;
   16062   bool is_response_parameter_encryption_possible = false;
   16063   std::string command_code_bytes;
   16064   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16065   if (rc != TPM_RC_SUCCESS) {
   16066     return rc;
   16067   }
   16068   std::string pcr_handle_bytes;
   16069   rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes);
   16070   if (rc != TPM_RC_SUCCESS) {
   16071     return rc;
   16072   }
   16073   std::string sequence_handle_bytes;
   16074   rc = Serialize_TPMI_DH_OBJECT(sequence_handle, &sequence_handle_bytes);
   16075   if (rc != TPM_RC_SUCCESS) {
   16076     return rc;
   16077   }
   16078   std::string buffer_bytes;
   16079   rc = Serialize_TPM2B_MAX_BUFFER(buffer, &buffer_bytes);
   16080   if (rc != TPM_RC_SUCCESS) {
   16081     return rc;
   16082   }
   16083   if (authorization_delegate) {
   16084     // Encrypt just the parameter data, not the size.
   16085     std::string tmp = buffer_bytes.substr(2);
   16086     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   16087       return TRUNKS_RC_ENCRYPTION_FAILED;
   16088     }
   16089     buffer_bytes.replace(2, std::string::npos, tmp);
   16090   }
   16091   std::unique_ptr<crypto::SecureHash> hash(
   16092       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16093   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16094   hash->Update(pcr_handle_name.data(), pcr_handle_name.size());
   16095   handle_section_bytes += pcr_handle_bytes;
   16096   command_size += pcr_handle_bytes.size();
   16097   hash->Update(sequence_handle_name.data(), sequence_handle_name.size());
   16098   handle_section_bytes += sequence_handle_bytes;
   16099   command_size += sequence_handle_bytes.size();
   16100   hash->Update(buffer_bytes.data(), buffer_bytes.size());
   16101   parameter_section_bytes += buffer_bytes;
   16102   command_size += buffer_bytes.size();
   16103   std::string command_hash(32, 0);
   16104   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   16105   std::string authorization_section_bytes;
   16106   std::string authorization_size_bytes;
   16107   if (authorization_delegate) {
   16108     if (!authorization_delegate->GetCommandAuthorization(
   16109             command_hash, is_command_parameter_encryption_possible,
   16110             is_response_parameter_encryption_possible,
   16111             &authorization_section_bytes)) {
   16112       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16113     }
   16114     if (!authorization_section_bytes.empty()) {
   16115       tag = TPM_ST_SESSIONS;
   16116       std::string tmp;
   16117       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16118                             &authorization_size_bytes);
   16119       if (rc != TPM_RC_SUCCESS) {
   16120         return rc;
   16121       }
   16122       command_size +=
   16123           authorization_size_bytes.size() + authorization_section_bytes.size();
   16124     }
   16125   }
   16126   std::string tag_bytes;
   16127   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   16128   if (rc != TPM_RC_SUCCESS) {
   16129     return rc;
   16130   }
   16131   std::string command_size_bytes;
   16132   rc = Serialize_UINT32(command_size, &command_size_bytes);
   16133   if (rc != TPM_RC_SUCCESS) {
   16134     return rc;
   16135   }
   16136   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   16137                         handle_section_bytes + authorization_size_bytes +
   16138                         authorization_section_bytes + parameter_section_bytes;
   16139   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16140   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16141                                             serialized_command->size());
   16142   return TPM_RC_SUCCESS;
   16143 }
   16144 
   16145 TPM_RC Tpm::ParseResponse_EventSequenceComplete(
   16146     const std::string& response,
   16147     TPML_DIGEST_VALUES* results,
   16148     AuthorizationDelegate* authorization_delegate) {
   16149   VLOG(3) << __func__;
   16150   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16151   TPM_RC rc = TPM_RC_SUCCESS;
   16152   std::string buffer(response);
   16153   TPM_ST tag;
   16154   std::string tag_bytes;
   16155   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   16156   if (rc != TPM_RC_SUCCESS) {
   16157     return rc;
   16158   }
   16159   UINT32 response_size;
   16160   std::string response_size_bytes;
   16161   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   16162   if (rc != TPM_RC_SUCCESS) {
   16163     return rc;
   16164   }
   16165   TPM_RC response_code;
   16166   std::string response_code_bytes;
   16167   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   16168   if (rc != TPM_RC_SUCCESS) {
   16169     return rc;
   16170   }
   16171   if (response_size != response.size()) {
   16172     return TPM_RC_SIZE;
   16173   }
   16174   if (response_code != TPM_RC_SUCCESS) {
   16175     return response_code;
   16176   }
   16177   TPM_CC command_code = TPM_CC_EventSequenceComplete;
   16178   std::string command_code_bytes;
   16179   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16180   if (rc != TPM_RC_SUCCESS) {
   16181     return rc;
   16182   }
   16183   std::string authorization_section_bytes;
   16184   if (tag == TPM_ST_SESSIONS) {
   16185     UINT32 parameter_section_size = buffer.size();
   16186     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16187     if (rc != TPM_RC_SUCCESS) {
   16188       return rc;
   16189     }
   16190     if (parameter_section_size > buffer.size()) {
   16191       return TPM_RC_INSUFFICIENT;
   16192     }
   16193     authorization_section_bytes = buffer.substr(parameter_section_size);
   16194     // Keep the parameter section in |buffer|.
   16195     buffer.erase(parameter_section_size);
   16196   }
   16197   std::unique_ptr<crypto::SecureHash> hash(
   16198       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16199   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   16200   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16201   hash->Update(buffer.data(), buffer.size());
   16202   std::string response_hash(32, 0);
   16203   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   16204   if (tag == TPM_ST_SESSIONS) {
   16205     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16206     if (!authorization_delegate->CheckResponseAuthorization(
   16207             response_hash, authorization_section_bytes)) {
   16208       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16209     }
   16210   }
   16211   std::string results_bytes;
   16212   rc = Parse_TPML_DIGEST_VALUES(&buffer, results, &results_bytes);
   16213   if (rc != TPM_RC_SUCCESS) {
   16214     return rc;
   16215   }
   16216   return TPM_RC_SUCCESS;
   16217 }
   16218 
   16219 void EventSequenceCompleteErrorCallback(
   16220     const Tpm::EventSequenceCompleteResponse& callback,
   16221     TPM_RC response_code) {
   16222   VLOG(1) << __func__;
   16223   callback.Run(response_code, TPML_DIGEST_VALUES());
   16224 }
   16225 
   16226 void EventSequenceCompleteResponseParser(
   16227     const Tpm::EventSequenceCompleteResponse& callback,
   16228     AuthorizationDelegate* authorization_delegate,
   16229     const std::string& response) {
   16230   VLOG(1) << __func__;
   16231   base::Callback<void(TPM_RC)> error_reporter =
   16232       base::Bind(EventSequenceCompleteErrorCallback, callback);
   16233   TPML_DIGEST_VALUES results;
   16234   TPM_RC rc = Tpm::ParseResponse_EventSequenceComplete(response, &results,
   16235                                                        authorization_delegate);
   16236   if (rc != TPM_RC_SUCCESS) {
   16237     error_reporter.Run(rc);
   16238     return;
   16239   }
   16240   callback.Run(rc, results);
   16241 }
   16242 
   16243 void Tpm::EventSequenceComplete(const TPMI_DH_PCR& pcr_handle,
   16244                                 const std::string& pcr_handle_name,
   16245                                 const TPMI_DH_OBJECT& sequence_handle,
   16246                                 const std::string& sequence_handle_name,
   16247                                 const TPM2B_MAX_BUFFER& buffer,
   16248                                 AuthorizationDelegate* authorization_delegate,
   16249                                 const EventSequenceCompleteResponse& callback) {
   16250   VLOG(1) << __func__;
   16251   base::Callback<void(TPM_RC)> error_reporter =
   16252       base::Bind(EventSequenceCompleteErrorCallback, callback);
   16253   base::Callback<void(const std::string&)> parser = base::Bind(
   16254       EventSequenceCompleteResponseParser, callback, authorization_delegate);
   16255   std::string command;
   16256   TPM_RC rc = SerializeCommand_EventSequenceComplete(
   16257       pcr_handle, pcr_handle_name, sequence_handle, sequence_handle_name,
   16258       buffer, &command, authorization_delegate);
   16259   if (rc != TPM_RC_SUCCESS) {
   16260     error_reporter.Run(rc);
   16261     return;
   16262   }
   16263   transceiver_->SendCommand(command, parser);
   16264 }
   16265 
   16266 TPM_RC Tpm::EventSequenceCompleteSync(
   16267     const TPMI_DH_PCR& pcr_handle,
   16268     const std::string& pcr_handle_name,
   16269     const TPMI_DH_OBJECT& sequence_handle,
   16270     const std::string& sequence_handle_name,
   16271     const TPM2B_MAX_BUFFER& buffer,
   16272     TPML_DIGEST_VALUES* results,
   16273     AuthorizationDelegate* authorization_delegate) {
   16274   VLOG(1) << __func__;
   16275   std::string command;
   16276   TPM_RC rc = SerializeCommand_EventSequenceComplete(
   16277       pcr_handle, pcr_handle_name, sequence_handle, sequence_handle_name,
   16278       buffer, &command, authorization_delegate);
   16279   if (rc != TPM_RC_SUCCESS) {
   16280     return rc;
   16281   }
   16282   std::string response = transceiver_->SendCommandAndWait(command);
   16283   rc = ParseResponse_EventSequenceComplete(response, results,
   16284                                            authorization_delegate);
   16285   return rc;
   16286 }
   16287 
   16288 TPM_RC Tpm::SerializeCommand_Certify(
   16289     const TPMI_DH_OBJECT& object_handle,
   16290     const std::string& object_handle_name,
   16291     const TPMI_DH_OBJECT& sign_handle,
   16292     const std::string& sign_handle_name,
   16293     const TPM2B_DATA& qualifying_data,
   16294     const TPMT_SIG_SCHEME& in_scheme,
   16295     std::string* serialized_command,
   16296     AuthorizationDelegate* authorization_delegate) {
   16297   VLOG(3) << __func__;
   16298   TPM_RC rc = TPM_RC_SUCCESS;
   16299   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16300   UINT32 command_size = 10;  // Header size.
   16301   std::string handle_section_bytes;
   16302   std::string parameter_section_bytes;
   16303   TPM_CC command_code = TPM_CC_Certify;
   16304   bool is_command_parameter_encryption_possible = true;
   16305   bool is_response_parameter_encryption_possible = true;
   16306   std::string command_code_bytes;
   16307   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16308   if (rc != TPM_RC_SUCCESS) {
   16309     return rc;
   16310   }
   16311   std::string object_handle_bytes;
   16312   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   16313   if (rc != TPM_RC_SUCCESS) {
   16314     return rc;
   16315   }
   16316   std::string sign_handle_bytes;
   16317   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   16318   if (rc != TPM_RC_SUCCESS) {
   16319     return rc;
   16320   }
   16321   std::string qualifying_data_bytes;
   16322   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   16323   if (rc != TPM_RC_SUCCESS) {
   16324     return rc;
   16325   }
   16326   std::string in_scheme_bytes;
   16327   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   16328   if (rc != TPM_RC_SUCCESS) {
   16329     return rc;
   16330   }
   16331   if (authorization_delegate) {
   16332     // Encrypt just the parameter data, not the size.
   16333     std::string tmp = qualifying_data_bytes.substr(2);
   16334     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   16335       return TRUNKS_RC_ENCRYPTION_FAILED;
   16336     }
   16337     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   16338   }
   16339   std::unique_ptr<crypto::SecureHash> hash(
   16340       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16341   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16342   hash->Update(object_handle_name.data(), object_handle_name.size());
   16343   handle_section_bytes += object_handle_bytes;
   16344   command_size += object_handle_bytes.size();
   16345   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   16346   handle_section_bytes += sign_handle_bytes;
   16347   command_size += sign_handle_bytes.size();
   16348   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   16349   parameter_section_bytes += qualifying_data_bytes;
   16350   command_size += qualifying_data_bytes.size();
   16351   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   16352   parameter_section_bytes += in_scheme_bytes;
   16353   command_size += in_scheme_bytes.size();
   16354   std::string command_hash(32, 0);
   16355   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   16356   std::string authorization_section_bytes;
   16357   std::string authorization_size_bytes;
   16358   if (authorization_delegate) {
   16359     if (!authorization_delegate->GetCommandAuthorization(
   16360             command_hash, is_command_parameter_encryption_possible,
   16361             is_response_parameter_encryption_possible,
   16362             &authorization_section_bytes)) {
   16363       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16364     }
   16365     if (!authorization_section_bytes.empty()) {
   16366       tag = TPM_ST_SESSIONS;
   16367       std::string tmp;
   16368       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16369                             &authorization_size_bytes);
   16370       if (rc != TPM_RC_SUCCESS) {
   16371         return rc;
   16372       }
   16373       command_size +=
   16374           authorization_size_bytes.size() + authorization_section_bytes.size();
   16375     }
   16376   }
   16377   std::string tag_bytes;
   16378   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   16379   if (rc != TPM_RC_SUCCESS) {
   16380     return rc;
   16381   }
   16382   std::string command_size_bytes;
   16383   rc = Serialize_UINT32(command_size, &command_size_bytes);
   16384   if (rc != TPM_RC_SUCCESS) {
   16385     return rc;
   16386   }
   16387   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   16388                         handle_section_bytes + authorization_size_bytes +
   16389                         authorization_section_bytes + parameter_section_bytes;
   16390   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16391   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16392                                             serialized_command->size());
   16393   return TPM_RC_SUCCESS;
   16394 }
   16395 
   16396 TPM_RC Tpm::ParseResponse_Certify(
   16397     const std::string& response,
   16398     TPM2B_ATTEST* certify_info,
   16399     TPMT_SIGNATURE* signature,
   16400     AuthorizationDelegate* authorization_delegate) {
   16401   VLOG(3) << __func__;
   16402   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16403   TPM_RC rc = TPM_RC_SUCCESS;
   16404   std::string buffer(response);
   16405   TPM_ST tag;
   16406   std::string tag_bytes;
   16407   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   16408   if (rc != TPM_RC_SUCCESS) {
   16409     return rc;
   16410   }
   16411   UINT32 response_size;
   16412   std::string response_size_bytes;
   16413   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   16414   if (rc != TPM_RC_SUCCESS) {
   16415     return rc;
   16416   }
   16417   TPM_RC response_code;
   16418   std::string response_code_bytes;
   16419   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   16420   if (rc != TPM_RC_SUCCESS) {
   16421     return rc;
   16422   }
   16423   if (response_size != response.size()) {
   16424     return TPM_RC_SIZE;
   16425   }
   16426   if (response_code != TPM_RC_SUCCESS) {
   16427     return response_code;
   16428   }
   16429   TPM_CC command_code = TPM_CC_Certify;
   16430   std::string command_code_bytes;
   16431   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16432   if (rc != TPM_RC_SUCCESS) {
   16433     return rc;
   16434   }
   16435   std::string authorization_section_bytes;
   16436   if (tag == TPM_ST_SESSIONS) {
   16437     UINT32 parameter_section_size = buffer.size();
   16438     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16439     if (rc != TPM_RC_SUCCESS) {
   16440       return rc;
   16441     }
   16442     if (parameter_section_size > buffer.size()) {
   16443       return TPM_RC_INSUFFICIENT;
   16444     }
   16445     authorization_section_bytes = buffer.substr(parameter_section_size);
   16446     // Keep the parameter section in |buffer|.
   16447     buffer.erase(parameter_section_size);
   16448   }
   16449   std::unique_ptr<crypto::SecureHash> hash(
   16450       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16451   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   16452   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16453   hash->Update(buffer.data(), buffer.size());
   16454   std::string response_hash(32, 0);
   16455   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   16456   if (tag == TPM_ST_SESSIONS) {
   16457     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16458     if (!authorization_delegate->CheckResponseAuthorization(
   16459             response_hash, authorization_section_bytes)) {
   16460       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16461     }
   16462   }
   16463   std::string certify_info_bytes;
   16464   rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes);
   16465   if (rc != TPM_RC_SUCCESS) {
   16466     return rc;
   16467   }
   16468   std::string signature_bytes;
   16469   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   16470   if (rc != TPM_RC_SUCCESS) {
   16471     return rc;
   16472   }
   16473   if (tag == TPM_ST_SESSIONS) {
   16474     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16475     // Decrypt just the parameter data, not the size.
   16476     std::string tmp = certify_info_bytes.substr(2);
   16477     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   16478       return TRUNKS_RC_ENCRYPTION_FAILED;
   16479     }
   16480     certify_info_bytes.replace(2, std::string::npos, tmp);
   16481     rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr);
   16482     if (rc != TPM_RC_SUCCESS) {
   16483       return rc;
   16484     }
   16485   }
   16486   return TPM_RC_SUCCESS;
   16487 }
   16488 
   16489 void CertifyErrorCallback(const Tpm::CertifyResponse& callback,
   16490                           TPM_RC response_code) {
   16491   VLOG(1) << __func__;
   16492   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   16493 }
   16494 
   16495 void CertifyResponseParser(const Tpm::CertifyResponse& callback,
   16496                            AuthorizationDelegate* authorization_delegate,
   16497                            const std::string& response) {
   16498   VLOG(1) << __func__;
   16499   base::Callback<void(TPM_RC)> error_reporter =
   16500       base::Bind(CertifyErrorCallback, callback);
   16501   TPM2B_ATTEST certify_info;
   16502   TPMT_SIGNATURE signature;
   16503   TPM_RC rc = Tpm::ParseResponse_Certify(response, &certify_info, &signature,
   16504                                          authorization_delegate);
   16505   if (rc != TPM_RC_SUCCESS) {
   16506     error_reporter.Run(rc);
   16507     return;
   16508   }
   16509   callback.Run(rc, certify_info, signature);
   16510 }
   16511 
   16512 void Tpm::Certify(const TPMI_DH_OBJECT& object_handle,
   16513                   const std::string& object_handle_name,
   16514                   const TPMI_DH_OBJECT& sign_handle,
   16515                   const std::string& sign_handle_name,
   16516                   const TPM2B_DATA& qualifying_data,
   16517                   const TPMT_SIG_SCHEME& in_scheme,
   16518                   AuthorizationDelegate* authorization_delegate,
   16519                   const CertifyResponse& callback) {
   16520   VLOG(1) << __func__;
   16521   base::Callback<void(TPM_RC)> error_reporter =
   16522       base::Bind(CertifyErrorCallback, callback);
   16523   base::Callback<void(const std::string&)> parser =
   16524       base::Bind(CertifyResponseParser, callback, authorization_delegate);
   16525   std::string command;
   16526   TPM_RC rc = SerializeCommand_Certify(
   16527       object_handle, object_handle_name, sign_handle, sign_handle_name,
   16528       qualifying_data, in_scheme, &command, authorization_delegate);
   16529   if (rc != TPM_RC_SUCCESS) {
   16530     error_reporter.Run(rc);
   16531     return;
   16532   }
   16533   transceiver_->SendCommand(command, parser);
   16534 }
   16535 
   16536 TPM_RC Tpm::CertifySync(const TPMI_DH_OBJECT& object_handle,
   16537                         const std::string& object_handle_name,
   16538                         const TPMI_DH_OBJECT& sign_handle,
   16539                         const std::string& sign_handle_name,
   16540                         const TPM2B_DATA& qualifying_data,
   16541                         const TPMT_SIG_SCHEME& in_scheme,
   16542                         TPM2B_ATTEST* certify_info,
   16543                         TPMT_SIGNATURE* signature,
   16544                         AuthorizationDelegate* authorization_delegate) {
   16545   VLOG(1) << __func__;
   16546   std::string command;
   16547   TPM_RC rc = SerializeCommand_Certify(
   16548       object_handle, object_handle_name, sign_handle, sign_handle_name,
   16549       qualifying_data, in_scheme, &command, authorization_delegate);
   16550   if (rc != TPM_RC_SUCCESS) {
   16551     return rc;
   16552   }
   16553   std::string response = transceiver_->SendCommandAndWait(command);
   16554   rc = ParseResponse_Certify(response, certify_info, signature,
   16555                              authorization_delegate);
   16556   return rc;
   16557 }
   16558 
   16559 TPM_RC Tpm::SerializeCommand_CertifyCreation(
   16560     const TPMI_DH_OBJECT& sign_handle,
   16561     const std::string& sign_handle_name,
   16562     const TPMI_DH_OBJECT& object_handle,
   16563     const std::string& object_handle_name,
   16564     const TPM2B_DATA& qualifying_data,
   16565     const TPM2B_DIGEST& creation_hash,
   16566     const TPMT_SIG_SCHEME& in_scheme,
   16567     const TPMT_TK_CREATION& creation_ticket,
   16568     std::string* serialized_command,
   16569     AuthorizationDelegate* authorization_delegate) {
   16570   VLOG(3) << __func__;
   16571   TPM_RC rc = TPM_RC_SUCCESS;
   16572   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16573   UINT32 command_size = 10;  // Header size.
   16574   std::string handle_section_bytes;
   16575   std::string parameter_section_bytes;
   16576   TPM_CC command_code = TPM_CC_CertifyCreation;
   16577   bool is_command_parameter_encryption_possible = true;
   16578   bool is_response_parameter_encryption_possible = true;
   16579   std::string command_code_bytes;
   16580   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16581   if (rc != TPM_RC_SUCCESS) {
   16582     return rc;
   16583   }
   16584   std::string sign_handle_bytes;
   16585   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   16586   if (rc != TPM_RC_SUCCESS) {
   16587     return rc;
   16588   }
   16589   std::string object_handle_bytes;
   16590   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   16591   if (rc != TPM_RC_SUCCESS) {
   16592     return rc;
   16593   }
   16594   std::string qualifying_data_bytes;
   16595   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   16596   if (rc != TPM_RC_SUCCESS) {
   16597     return rc;
   16598   }
   16599   std::string creation_hash_bytes;
   16600   rc = Serialize_TPM2B_DIGEST(creation_hash, &creation_hash_bytes);
   16601   if (rc != TPM_RC_SUCCESS) {
   16602     return rc;
   16603   }
   16604   std::string in_scheme_bytes;
   16605   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   16606   if (rc != TPM_RC_SUCCESS) {
   16607     return rc;
   16608   }
   16609   std::string creation_ticket_bytes;
   16610   rc = Serialize_TPMT_TK_CREATION(creation_ticket, &creation_ticket_bytes);
   16611   if (rc != TPM_RC_SUCCESS) {
   16612     return rc;
   16613   }
   16614   if (authorization_delegate) {
   16615     // Encrypt just the parameter data, not the size.
   16616     std::string tmp = qualifying_data_bytes.substr(2);
   16617     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   16618       return TRUNKS_RC_ENCRYPTION_FAILED;
   16619     }
   16620     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   16621   }
   16622   std::unique_ptr<crypto::SecureHash> hash(
   16623       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16624   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16625   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   16626   handle_section_bytes += sign_handle_bytes;
   16627   command_size += sign_handle_bytes.size();
   16628   hash->Update(object_handle_name.data(), object_handle_name.size());
   16629   handle_section_bytes += object_handle_bytes;
   16630   command_size += object_handle_bytes.size();
   16631   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   16632   parameter_section_bytes += qualifying_data_bytes;
   16633   command_size += qualifying_data_bytes.size();
   16634   hash->Update(creation_hash_bytes.data(), creation_hash_bytes.size());
   16635   parameter_section_bytes += creation_hash_bytes;
   16636   command_size += creation_hash_bytes.size();
   16637   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   16638   parameter_section_bytes += in_scheme_bytes;
   16639   command_size += in_scheme_bytes.size();
   16640   hash->Update(creation_ticket_bytes.data(), creation_ticket_bytes.size());
   16641   parameter_section_bytes += creation_ticket_bytes;
   16642   command_size += creation_ticket_bytes.size();
   16643   std::string command_hash(32, 0);
   16644   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   16645   std::string authorization_section_bytes;
   16646   std::string authorization_size_bytes;
   16647   if (authorization_delegate) {
   16648     if (!authorization_delegate->GetCommandAuthorization(
   16649             command_hash, is_command_parameter_encryption_possible,
   16650             is_response_parameter_encryption_possible,
   16651             &authorization_section_bytes)) {
   16652       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16653     }
   16654     if (!authorization_section_bytes.empty()) {
   16655       tag = TPM_ST_SESSIONS;
   16656       std::string tmp;
   16657       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16658                             &authorization_size_bytes);
   16659       if (rc != TPM_RC_SUCCESS) {
   16660         return rc;
   16661       }
   16662       command_size +=
   16663           authorization_size_bytes.size() + authorization_section_bytes.size();
   16664     }
   16665   }
   16666   std::string tag_bytes;
   16667   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   16668   if (rc != TPM_RC_SUCCESS) {
   16669     return rc;
   16670   }
   16671   std::string command_size_bytes;
   16672   rc = Serialize_UINT32(command_size, &command_size_bytes);
   16673   if (rc != TPM_RC_SUCCESS) {
   16674     return rc;
   16675   }
   16676   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   16677                         handle_section_bytes + authorization_size_bytes +
   16678                         authorization_section_bytes + parameter_section_bytes;
   16679   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16680   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16681                                             serialized_command->size());
   16682   return TPM_RC_SUCCESS;
   16683 }
   16684 
   16685 TPM_RC Tpm::ParseResponse_CertifyCreation(
   16686     const std::string& response,
   16687     TPM2B_ATTEST* certify_info,
   16688     TPMT_SIGNATURE* signature,
   16689     AuthorizationDelegate* authorization_delegate) {
   16690   VLOG(3) << __func__;
   16691   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16692   TPM_RC rc = TPM_RC_SUCCESS;
   16693   std::string buffer(response);
   16694   TPM_ST tag;
   16695   std::string tag_bytes;
   16696   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   16697   if (rc != TPM_RC_SUCCESS) {
   16698     return rc;
   16699   }
   16700   UINT32 response_size;
   16701   std::string response_size_bytes;
   16702   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   16703   if (rc != TPM_RC_SUCCESS) {
   16704     return rc;
   16705   }
   16706   TPM_RC response_code;
   16707   std::string response_code_bytes;
   16708   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   16709   if (rc != TPM_RC_SUCCESS) {
   16710     return rc;
   16711   }
   16712   if (response_size != response.size()) {
   16713     return TPM_RC_SIZE;
   16714   }
   16715   if (response_code != TPM_RC_SUCCESS) {
   16716     return response_code;
   16717   }
   16718   TPM_CC command_code = TPM_CC_CertifyCreation;
   16719   std::string command_code_bytes;
   16720   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16721   if (rc != TPM_RC_SUCCESS) {
   16722     return rc;
   16723   }
   16724   std::string authorization_section_bytes;
   16725   if (tag == TPM_ST_SESSIONS) {
   16726     UINT32 parameter_section_size = buffer.size();
   16727     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16728     if (rc != TPM_RC_SUCCESS) {
   16729       return rc;
   16730     }
   16731     if (parameter_section_size > buffer.size()) {
   16732       return TPM_RC_INSUFFICIENT;
   16733     }
   16734     authorization_section_bytes = buffer.substr(parameter_section_size);
   16735     // Keep the parameter section in |buffer|.
   16736     buffer.erase(parameter_section_size);
   16737   }
   16738   std::unique_ptr<crypto::SecureHash> hash(
   16739       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16740   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   16741   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16742   hash->Update(buffer.data(), buffer.size());
   16743   std::string response_hash(32, 0);
   16744   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   16745   if (tag == TPM_ST_SESSIONS) {
   16746     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16747     if (!authorization_delegate->CheckResponseAuthorization(
   16748             response_hash, authorization_section_bytes)) {
   16749       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16750     }
   16751   }
   16752   std::string certify_info_bytes;
   16753   rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes);
   16754   if (rc != TPM_RC_SUCCESS) {
   16755     return rc;
   16756   }
   16757   std::string signature_bytes;
   16758   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   16759   if (rc != TPM_RC_SUCCESS) {
   16760     return rc;
   16761   }
   16762   if (tag == TPM_ST_SESSIONS) {
   16763     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16764     // Decrypt just the parameter data, not the size.
   16765     std::string tmp = certify_info_bytes.substr(2);
   16766     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   16767       return TRUNKS_RC_ENCRYPTION_FAILED;
   16768     }
   16769     certify_info_bytes.replace(2, std::string::npos, tmp);
   16770     rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr);
   16771     if (rc != TPM_RC_SUCCESS) {
   16772       return rc;
   16773     }
   16774   }
   16775   return TPM_RC_SUCCESS;
   16776 }
   16777 
   16778 void CertifyCreationErrorCallback(const Tpm::CertifyCreationResponse& callback,
   16779                                   TPM_RC response_code) {
   16780   VLOG(1) << __func__;
   16781   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   16782 }
   16783 
   16784 void CertifyCreationResponseParser(
   16785     const Tpm::CertifyCreationResponse& callback,
   16786     AuthorizationDelegate* authorization_delegate,
   16787     const std::string& response) {
   16788   VLOG(1) << __func__;
   16789   base::Callback<void(TPM_RC)> error_reporter =
   16790       base::Bind(CertifyCreationErrorCallback, callback);
   16791   TPM2B_ATTEST certify_info;
   16792   TPMT_SIGNATURE signature;
   16793   TPM_RC rc = Tpm::ParseResponse_CertifyCreation(
   16794       response, &certify_info, &signature, authorization_delegate);
   16795   if (rc != TPM_RC_SUCCESS) {
   16796     error_reporter.Run(rc);
   16797     return;
   16798   }
   16799   callback.Run(rc, certify_info, signature);
   16800 }
   16801 
   16802 void Tpm::CertifyCreation(const TPMI_DH_OBJECT& sign_handle,
   16803                           const std::string& sign_handle_name,
   16804                           const TPMI_DH_OBJECT& object_handle,
   16805                           const std::string& object_handle_name,
   16806                           const TPM2B_DATA& qualifying_data,
   16807                           const TPM2B_DIGEST& creation_hash,
   16808                           const TPMT_SIG_SCHEME& in_scheme,
   16809                           const TPMT_TK_CREATION& creation_ticket,
   16810                           AuthorizationDelegate* authorization_delegate,
   16811                           const CertifyCreationResponse& callback) {
   16812   VLOG(1) << __func__;
   16813   base::Callback<void(TPM_RC)> error_reporter =
   16814       base::Bind(CertifyCreationErrorCallback, callback);
   16815   base::Callback<void(const std::string&)> parser = base::Bind(
   16816       CertifyCreationResponseParser, callback, authorization_delegate);
   16817   std::string command;
   16818   TPM_RC rc = SerializeCommand_CertifyCreation(
   16819       sign_handle, sign_handle_name, object_handle, object_handle_name,
   16820       qualifying_data, creation_hash, in_scheme, creation_ticket, &command,
   16821       authorization_delegate);
   16822   if (rc != TPM_RC_SUCCESS) {
   16823     error_reporter.Run(rc);
   16824     return;
   16825   }
   16826   transceiver_->SendCommand(command, parser);
   16827 }
   16828 
   16829 TPM_RC Tpm::CertifyCreationSync(const TPMI_DH_OBJECT& sign_handle,
   16830                                 const std::string& sign_handle_name,
   16831                                 const TPMI_DH_OBJECT& object_handle,
   16832                                 const std::string& object_handle_name,
   16833                                 const TPM2B_DATA& qualifying_data,
   16834                                 const TPM2B_DIGEST& creation_hash,
   16835                                 const TPMT_SIG_SCHEME& in_scheme,
   16836                                 const TPMT_TK_CREATION& creation_ticket,
   16837                                 TPM2B_ATTEST* certify_info,
   16838                                 TPMT_SIGNATURE* signature,
   16839                                 AuthorizationDelegate* authorization_delegate) {
   16840   VLOG(1) << __func__;
   16841   std::string command;
   16842   TPM_RC rc = SerializeCommand_CertifyCreation(
   16843       sign_handle, sign_handle_name, object_handle, object_handle_name,
   16844       qualifying_data, creation_hash, in_scheme, creation_ticket, &command,
   16845       authorization_delegate);
   16846   if (rc != TPM_RC_SUCCESS) {
   16847     return rc;
   16848   }
   16849   std::string response = transceiver_->SendCommandAndWait(command);
   16850   rc = ParseResponse_CertifyCreation(response, certify_info, signature,
   16851                                      authorization_delegate);
   16852   return rc;
   16853 }
   16854 
   16855 TPM_RC Tpm::SerializeCommand_Quote(
   16856     const TPMI_DH_OBJECT& sign_handle,
   16857     const std::string& sign_handle_name,
   16858     const TPM2B_DATA& qualifying_data,
   16859     const TPMT_SIG_SCHEME& in_scheme,
   16860     const TPML_PCR_SELECTION& pcrselect,
   16861     std::string* serialized_command,
   16862     AuthorizationDelegate* authorization_delegate) {
   16863   VLOG(3) << __func__;
   16864   TPM_RC rc = TPM_RC_SUCCESS;
   16865   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16866   UINT32 command_size = 10;  // Header size.
   16867   std::string handle_section_bytes;
   16868   std::string parameter_section_bytes;
   16869   TPM_CC command_code = TPM_CC_Quote;
   16870   bool is_command_parameter_encryption_possible = true;
   16871   bool is_response_parameter_encryption_possible = true;
   16872   std::string command_code_bytes;
   16873   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16874   if (rc != TPM_RC_SUCCESS) {
   16875     return rc;
   16876   }
   16877   std::string sign_handle_bytes;
   16878   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   16879   if (rc != TPM_RC_SUCCESS) {
   16880     return rc;
   16881   }
   16882   std::string qualifying_data_bytes;
   16883   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   16884   if (rc != TPM_RC_SUCCESS) {
   16885     return rc;
   16886   }
   16887   std::string in_scheme_bytes;
   16888   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   16889   if (rc != TPM_RC_SUCCESS) {
   16890     return rc;
   16891   }
   16892   std::string pcrselect_bytes;
   16893   rc = Serialize_TPML_PCR_SELECTION(pcrselect, &pcrselect_bytes);
   16894   if (rc != TPM_RC_SUCCESS) {
   16895     return rc;
   16896   }
   16897   if (authorization_delegate) {
   16898     // Encrypt just the parameter data, not the size.
   16899     std::string tmp = qualifying_data_bytes.substr(2);
   16900     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   16901       return TRUNKS_RC_ENCRYPTION_FAILED;
   16902     }
   16903     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   16904   }
   16905   std::unique_ptr<crypto::SecureHash> hash(
   16906       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   16907   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   16908   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   16909   handle_section_bytes += sign_handle_bytes;
   16910   command_size += sign_handle_bytes.size();
   16911   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   16912   parameter_section_bytes += qualifying_data_bytes;
   16913   command_size += qualifying_data_bytes.size();
   16914   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   16915   parameter_section_bytes += in_scheme_bytes;
   16916   command_size += in_scheme_bytes.size();
   16917   hash->Update(pcrselect_bytes.data(), pcrselect_bytes.size());
   16918   parameter_section_bytes += pcrselect_bytes;
   16919   command_size += pcrselect_bytes.size();
   16920   std::string command_hash(32, 0);
   16921   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   16922   std::string authorization_section_bytes;
   16923   std::string authorization_size_bytes;
   16924   if (authorization_delegate) {
   16925     if (!authorization_delegate->GetCommandAuthorization(
   16926             command_hash, is_command_parameter_encryption_possible,
   16927             is_response_parameter_encryption_possible,
   16928             &authorization_section_bytes)) {
   16929       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16930     }
   16931     if (!authorization_section_bytes.empty()) {
   16932       tag = TPM_ST_SESSIONS;
   16933       std::string tmp;
   16934       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16935                             &authorization_size_bytes);
   16936       if (rc != TPM_RC_SUCCESS) {
   16937         return rc;
   16938       }
   16939       command_size +=
   16940           authorization_size_bytes.size() + authorization_section_bytes.size();
   16941     }
   16942   }
   16943   std::string tag_bytes;
   16944   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   16945   if (rc != TPM_RC_SUCCESS) {
   16946     return rc;
   16947   }
   16948   std::string command_size_bytes;
   16949   rc = Serialize_UINT32(command_size, &command_size_bytes);
   16950   if (rc != TPM_RC_SUCCESS) {
   16951     return rc;
   16952   }
   16953   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   16954                         handle_section_bytes + authorization_size_bytes +
   16955                         authorization_section_bytes + parameter_section_bytes;
   16956   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16957   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16958                                             serialized_command->size());
   16959   return TPM_RC_SUCCESS;
   16960 }
   16961 
   16962 TPM_RC Tpm::ParseResponse_Quote(const std::string& response,
   16963                                 TPM2B_ATTEST* quoted,
   16964                                 TPMT_SIGNATURE* signature,
   16965                                 AuthorizationDelegate* authorization_delegate) {
   16966   VLOG(3) << __func__;
   16967   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16968   TPM_RC rc = TPM_RC_SUCCESS;
   16969   std::string buffer(response);
   16970   TPM_ST tag;
   16971   std::string tag_bytes;
   16972   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   16973   if (rc != TPM_RC_SUCCESS) {
   16974     return rc;
   16975   }
   16976   UINT32 response_size;
   16977   std::string response_size_bytes;
   16978   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   16979   if (rc != TPM_RC_SUCCESS) {
   16980     return rc;
   16981   }
   16982   TPM_RC response_code;
   16983   std::string response_code_bytes;
   16984   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   16985   if (rc != TPM_RC_SUCCESS) {
   16986     return rc;
   16987   }
   16988   if (response_size != response.size()) {
   16989     return TPM_RC_SIZE;
   16990   }
   16991   if (response_code != TPM_RC_SUCCESS) {
   16992     return response_code;
   16993   }
   16994   TPM_CC command_code = TPM_CC_Quote;
   16995   std::string command_code_bytes;
   16996   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   16997   if (rc != TPM_RC_SUCCESS) {
   16998     return rc;
   16999   }
   17000   std::string authorization_section_bytes;
   17001   if (tag == TPM_ST_SESSIONS) {
   17002     UINT32 parameter_section_size = buffer.size();
   17003     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17004     if (rc != TPM_RC_SUCCESS) {
   17005       return rc;
   17006     }
   17007     if (parameter_section_size > buffer.size()) {
   17008       return TPM_RC_INSUFFICIENT;
   17009     }
   17010     authorization_section_bytes = buffer.substr(parameter_section_size);
   17011     // Keep the parameter section in |buffer|.
   17012     buffer.erase(parameter_section_size);
   17013   }
   17014   std::unique_ptr<crypto::SecureHash> hash(
   17015       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17016   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   17017   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17018   hash->Update(buffer.data(), buffer.size());
   17019   std::string response_hash(32, 0);
   17020   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   17021   if (tag == TPM_ST_SESSIONS) {
   17022     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17023     if (!authorization_delegate->CheckResponseAuthorization(
   17024             response_hash, authorization_section_bytes)) {
   17025       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17026     }
   17027   }
   17028   std::string quoted_bytes;
   17029   rc = Parse_TPM2B_ATTEST(&buffer, quoted, &quoted_bytes);
   17030   if (rc != TPM_RC_SUCCESS) {
   17031     return rc;
   17032   }
   17033   std::string signature_bytes;
   17034   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   17035   if (rc != TPM_RC_SUCCESS) {
   17036     return rc;
   17037   }
   17038   if (tag == TPM_ST_SESSIONS) {
   17039     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17040     // Decrypt just the parameter data, not the size.
   17041     std::string tmp = quoted_bytes.substr(2);
   17042     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17043       return TRUNKS_RC_ENCRYPTION_FAILED;
   17044     }
   17045     quoted_bytes.replace(2, std::string::npos, tmp);
   17046     rc = Parse_TPM2B_ATTEST(&quoted_bytes, quoted, nullptr);
   17047     if (rc != TPM_RC_SUCCESS) {
   17048       return rc;
   17049     }
   17050   }
   17051   return TPM_RC_SUCCESS;
   17052 }
   17053 
   17054 void QuoteErrorCallback(const Tpm::QuoteResponse& callback,
   17055                         TPM_RC response_code) {
   17056   VLOG(1) << __func__;
   17057   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   17058 }
   17059 
   17060 void QuoteResponseParser(const Tpm::QuoteResponse& callback,
   17061                          AuthorizationDelegate* authorization_delegate,
   17062                          const std::string& response) {
   17063   VLOG(1) << __func__;
   17064   base::Callback<void(TPM_RC)> error_reporter =
   17065       base::Bind(QuoteErrorCallback, callback);
   17066   TPM2B_ATTEST quoted;
   17067   TPMT_SIGNATURE signature;
   17068   TPM_RC rc = Tpm::ParseResponse_Quote(response, &quoted, &signature,
   17069                                        authorization_delegate);
   17070   if (rc != TPM_RC_SUCCESS) {
   17071     error_reporter.Run(rc);
   17072     return;
   17073   }
   17074   callback.Run(rc, quoted, signature);
   17075 }
   17076 
   17077 void Tpm::Quote(const TPMI_DH_OBJECT& sign_handle,
   17078                 const std::string& sign_handle_name,
   17079                 const TPM2B_DATA& qualifying_data,
   17080                 const TPMT_SIG_SCHEME& in_scheme,
   17081                 const TPML_PCR_SELECTION& pcrselect,
   17082                 AuthorizationDelegate* authorization_delegate,
   17083                 const QuoteResponse& callback) {
   17084   VLOG(1) << __func__;
   17085   base::Callback<void(TPM_RC)> error_reporter =
   17086       base::Bind(QuoteErrorCallback, callback);
   17087   base::Callback<void(const std::string&)> parser =
   17088       base::Bind(QuoteResponseParser, callback, authorization_delegate);
   17089   std::string command;
   17090   TPM_RC rc = SerializeCommand_Quote(sign_handle, sign_handle_name,
   17091                                      qualifying_data, in_scheme, pcrselect,
   17092                                      &command, authorization_delegate);
   17093   if (rc != TPM_RC_SUCCESS) {
   17094     error_reporter.Run(rc);
   17095     return;
   17096   }
   17097   transceiver_->SendCommand(command, parser);
   17098 }
   17099 
   17100 TPM_RC Tpm::QuoteSync(const TPMI_DH_OBJECT& sign_handle,
   17101                       const std::string& sign_handle_name,
   17102                       const TPM2B_DATA& qualifying_data,
   17103                       const TPMT_SIG_SCHEME& in_scheme,
   17104                       const TPML_PCR_SELECTION& pcrselect,
   17105                       TPM2B_ATTEST* quoted,
   17106                       TPMT_SIGNATURE* signature,
   17107                       AuthorizationDelegate* authorization_delegate) {
   17108   VLOG(1) << __func__;
   17109   std::string command;
   17110   TPM_RC rc = SerializeCommand_Quote(sign_handle, sign_handle_name,
   17111                                      qualifying_data, in_scheme, pcrselect,
   17112                                      &command, authorization_delegate);
   17113   if (rc != TPM_RC_SUCCESS) {
   17114     return rc;
   17115   }
   17116   std::string response = transceiver_->SendCommandAndWait(command);
   17117   rc = ParseResponse_Quote(response, quoted, signature, authorization_delegate);
   17118   return rc;
   17119 }
   17120 
   17121 TPM_RC Tpm::SerializeCommand_GetSessionAuditDigest(
   17122     const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17123     const std::string& privacy_admin_handle_name,
   17124     const TPMI_DH_OBJECT& sign_handle,
   17125     const std::string& sign_handle_name,
   17126     const TPMI_SH_HMAC& session_handle,
   17127     const std::string& session_handle_name,
   17128     const TPM2B_DATA& qualifying_data,
   17129     const TPMT_SIG_SCHEME& in_scheme,
   17130     std::string* serialized_command,
   17131     AuthorizationDelegate* authorization_delegate) {
   17132   VLOG(3) << __func__;
   17133   TPM_RC rc = TPM_RC_SUCCESS;
   17134   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17135   UINT32 command_size = 10;  // Header size.
   17136   std::string handle_section_bytes;
   17137   std::string parameter_section_bytes;
   17138   TPM_CC command_code = TPM_CC_GetSessionAuditDigest;
   17139   bool is_command_parameter_encryption_possible = true;
   17140   bool is_response_parameter_encryption_possible = true;
   17141   std::string command_code_bytes;
   17142   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17143   if (rc != TPM_RC_SUCCESS) {
   17144     return rc;
   17145   }
   17146   std::string privacy_admin_handle_bytes;
   17147   rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_admin_handle,
   17148                                      &privacy_admin_handle_bytes);
   17149   if (rc != TPM_RC_SUCCESS) {
   17150     return rc;
   17151   }
   17152   std::string sign_handle_bytes;
   17153   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   17154   if (rc != TPM_RC_SUCCESS) {
   17155     return rc;
   17156   }
   17157   std::string session_handle_bytes;
   17158   rc = Serialize_TPMI_SH_HMAC(session_handle, &session_handle_bytes);
   17159   if (rc != TPM_RC_SUCCESS) {
   17160     return rc;
   17161   }
   17162   std::string qualifying_data_bytes;
   17163   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   17164   if (rc != TPM_RC_SUCCESS) {
   17165     return rc;
   17166   }
   17167   std::string in_scheme_bytes;
   17168   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   17169   if (rc != TPM_RC_SUCCESS) {
   17170     return rc;
   17171   }
   17172   if (authorization_delegate) {
   17173     // Encrypt just the parameter data, not the size.
   17174     std::string tmp = qualifying_data_bytes.substr(2);
   17175     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   17176       return TRUNKS_RC_ENCRYPTION_FAILED;
   17177     }
   17178     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   17179   }
   17180   std::unique_ptr<crypto::SecureHash> hash(
   17181       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17182   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17183   hash->Update(privacy_admin_handle_name.data(),
   17184                privacy_admin_handle_name.size());
   17185   handle_section_bytes += privacy_admin_handle_bytes;
   17186   command_size += privacy_admin_handle_bytes.size();
   17187   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   17188   handle_section_bytes += sign_handle_bytes;
   17189   command_size += sign_handle_bytes.size();
   17190   hash->Update(session_handle_name.data(), session_handle_name.size());
   17191   handle_section_bytes += session_handle_bytes;
   17192   command_size += session_handle_bytes.size();
   17193   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   17194   parameter_section_bytes += qualifying_data_bytes;
   17195   command_size += qualifying_data_bytes.size();
   17196   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   17197   parameter_section_bytes += in_scheme_bytes;
   17198   command_size += in_scheme_bytes.size();
   17199   std::string command_hash(32, 0);
   17200   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   17201   std::string authorization_section_bytes;
   17202   std::string authorization_size_bytes;
   17203   if (authorization_delegate) {
   17204     if (!authorization_delegate->GetCommandAuthorization(
   17205             command_hash, is_command_parameter_encryption_possible,
   17206             is_response_parameter_encryption_possible,
   17207             &authorization_section_bytes)) {
   17208       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17209     }
   17210     if (!authorization_section_bytes.empty()) {
   17211       tag = TPM_ST_SESSIONS;
   17212       std::string tmp;
   17213       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17214                             &authorization_size_bytes);
   17215       if (rc != TPM_RC_SUCCESS) {
   17216         return rc;
   17217       }
   17218       command_size +=
   17219           authorization_size_bytes.size() + authorization_section_bytes.size();
   17220     }
   17221   }
   17222   std::string tag_bytes;
   17223   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   17224   if (rc != TPM_RC_SUCCESS) {
   17225     return rc;
   17226   }
   17227   std::string command_size_bytes;
   17228   rc = Serialize_UINT32(command_size, &command_size_bytes);
   17229   if (rc != TPM_RC_SUCCESS) {
   17230     return rc;
   17231   }
   17232   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   17233                         handle_section_bytes + authorization_size_bytes +
   17234                         authorization_section_bytes + parameter_section_bytes;
   17235   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17236   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17237                                             serialized_command->size());
   17238   return TPM_RC_SUCCESS;
   17239 }
   17240 
   17241 TPM_RC Tpm::ParseResponse_GetSessionAuditDigest(
   17242     const std::string& response,
   17243     TPM2B_ATTEST* audit_info,
   17244     TPMT_SIGNATURE* signature,
   17245     AuthorizationDelegate* authorization_delegate) {
   17246   VLOG(3) << __func__;
   17247   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17248   TPM_RC rc = TPM_RC_SUCCESS;
   17249   std::string buffer(response);
   17250   TPM_ST tag;
   17251   std::string tag_bytes;
   17252   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   17253   if (rc != TPM_RC_SUCCESS) {
   17254     return rc;
   17255   }
   17256   UINT32 response_size;
   17257   std::string response_size_bytes;
   17258   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   17259   if (rc != TPM_RC_SUCCESS) {
   17260     return rc;
   17261   }
   17262   TPM_RC response_code;
   17263   std::string response_code_bytes;
   17264   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   17265   if (rc != TPM_RC_SUCCESS) {
   17266     return rc;
   17267   }
   17268   if (response_size != response.size()) {
   17269     return TPM_RC_SIZE;
   17270   }
   17271   if (response_code != TPM_RC_SUCCESS) {
   17272     return response_code;
   17273   }
   17274   TPM_CC command_code = TPM_CC_GetSessionAuditDigest;
   17275   std::string command_code_bytes;
   17276   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17277   if (rc != TPM_RC_SUCCESS) {
   17278     return rc;
   17279   }
   17280   std::string authorization_section_bytes;
   17281   if (tag == TPM_ST_SESSIONS) {
   17282     UINT32 parameter_section_size = buffer.size();
   17283     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17284     if (rc != TPM_RC_SUCCESS) {
   17285       return rc;
   17286     }
   17287     if (parameter_section_size > buffer.size()) {
   17288       return TPM_RC_INSUFFICIENT;
   17289     }
   17290     authorization_section_bytes = buffer.substr(parameter_section_size);
   17291     // Keep the parameter section in |buffer|.
   17292     buffer.erase(parameter_section_size);
   17293   }
   17294   std::unique_ptr<crypto::SecureHash> hash(
   17295       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17296   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   17297   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17298   hash->Update(buffer.data(), buffer.size());
   17299   std::string response_hash(32, 0);
   17300   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   17301   if (tag == TPM_ST_SESSIONS) {
   17302     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17303     if (!authorization_delegate->CheckResponseAuthorization(
   17304             response_hash, authorization_section_bytes)) {
   17305       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17306     }
   17307   }
   17308   std::string audit_info_bytes;
   17309   rc = Parse_TPM2B_ATTEST(&buffer, audit_info, &audit_info_bytes);
   17310   if (rc != TPM_RC_SUCCESS) {
   17311     return rc;
   17312   }
   17313   std::string signature_bytes;
   17314   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   17315   if (rc != TPM_RC_SUCCESS) {
   17316     return rc;
   17317   }
   17318   if (tag == TPM_ST_SESSIONS) {
   17319     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17320     // Decrypt just the parameter data, not the size.
   17321     std::string tmp = audit_info_bytes.substr(2);
   17322     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17323       return TRUNKS_RC_ENCRYPTION_FAILED;
   17324     }
   17325     audit_info_bytes.replace(2, std::string::npos, tmp);
   17326     rc = Parse_TPM2B_ATTEST(&audit_info_bytes, audit_info, nullptr);
   17327     if (rc != TPM_RC_SUCCESS) {
   17328       return rc;
   17329     }
   17330   }
   17331   return TPM_RC_SUCCESS;
   17332 }
   17333 
   17334 void GetSessionAuditDigestErrorCallback(
   17335     const Tpm::GetSessionAuditDigestResponse& callback,
   17336     TPM_RC response_code) {
   17337   VLOG(1) << __func__;
   17338   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   17339 }
   17340 
   17341 void GetSessionAuditDigestResponseParser(
   17342     const Tpm::GetSessionAuditDigestResponse& callback,
   17343     AuthorizationDelegate* authorization_delegate,
   17344     const std::string& response) {
   17345   VLOG(1) << __func__;
   17346   base::Callback<void(TPM_RC)> error_reporter =
   17347       base::Bind(GetSessionAuditDigestErrorCallback, callback);
   17348   TPM2B_ATTEST audit_info;
   17349   TPMT_SIGNATURE signature;
   17350   TPM_RC rc = Tpm::ParseResponse_GetSessionAuditDigest(
   17351       response, &audit_info, &signature, authorization_delegate);
   17352   if (rc != TPM_RC_SUCCESS) {
   17353     error_reporter.Run(rc);
   17354     return;
   17355   }
   17356   callback.Run(rc, audit_info, signature);
   17357 }
   17358 
   17359 void Tpm::GetSessionAuditDigest(const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17360                                 const std::string& privacy_admin_handle_name,
   17361                                 const TPMI_DH_OBJECT& sign_handle,
   17362                                 const std::string& sign_handle_name,
   17363                                 const TPMI_SH_HMAC& session_handle,
   17364                                 const std::string& session_handle_name,
   17365                                 const TPM2B_DATA& qualifying_data,
   17366                                 const TPMT_SIG_SCHEME& in_scheme,
   17367                                 AuthorizationDelegate* authorization_delegate,
   17368                                 const GetSessionAuditDigestResponse& callback) {
   17369   VLOG(1) << __func__;
   17370   base::Callback<void(TPM_RC)> error_reporter =
   17371       base::Bind(GetSessionAuditDigestErrorCallback, callback);
   17372   base::Callback<void(const std::string&)> parser = base::Bind(
   17373       GetSessionAuditDigestResponseParser, callback, authorization_delegate);
   17374   std::string command;
   17375   TPM_RC rc = SerializeCommand_GetSessionAuditDigest(
   17376       privacy_admin_handle, privacy_admin_handle_name, sign_handle,
   17377       sign_handle_name, session_handle, session_handle_name, qualifying_data,
   17378       in_scheme, &command, authorization_delegate);
   17379   if (rc != TPM_RC_SUCCESS) {
   17380     error_reporter.Run(rc);
   17381     return;
   17382   }
   17383   transceiver_->SendCommand(command, parser);
   17384 }
   17385 
   17386 TPM_RC Tpm::GetSessionAuditDigestSync(
   17387     const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17388     const std::string& privacy_admin_handle_name,
   17389     const TPMI_DH_OBJECT& sign_handle,
   17390     const std::string& sign_handle_name,
   17391     const TPMI_SH_HMAC& session_handle,
   17392     const std::string& session_handle_name,
   17393     const TPM2B_DATA& qualifying_data,
   17394     const TPMT_SIG_SCHEME& in_scheme,
   17395     TPM2B_ATTEST* audit_info,
   17396     TPMT_SIGNATURE* signature,
   17397     AuthorizationDelegate* authorization_delegate) {
   17398   VLOG(1) << __func__;
   17399   std::string command;
   17400   TPM_RC rc = SerializeCommand_GetSessionAuditDigest(
   17401       privacy_admin_handle, privacy_admin_handle_name, sign_handle,
   17402       sign_handle_name, session_handle, session_handle_name, qualifying_data,
   17403       in_scheme, &command, authorization_delegate);
   17404   if (rc != TPM_RC_SUCCESS) {
   17405     return rc;
   17406   }
   17407   std::string response = transceiver_->SendCommandAndWait(command);
   17408   rc = ParseResponse_GetSessionAuditDigest(response, audit_info, signature,
   17409                                            authorization_delegate);
   17410   return rc;
   17411 }
   17412 
   17413 TPM_RC Tpm::SerializeCommand_GetCommandAuditDigest(
   17414     const TPMI_RH_ENDORSEMENT& privacy_handle,
   17415     const std::string& privacy_handle_name,
   17416     const TPMI_DH_OBJECT& sign_handle,
   17417     const std::string& sign_handle_name,
   17418     const TPM2B_DATA& qualifying_data,
   17419     const TPMT_SIG_SCHEME& in_scheme,
   17420     std::string* serialized_command,
   17421     AuthorizationDelegate* authorization_delegate) {
   17422   VLOG(3) << __func__;
   17423   TPM_RC rc = TPM_RC_SUCCESS;
   17424   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17425   UINT32 command_size = 10;  // Header size.
   17426   std::string handle_section_bytes;
   17427   std::string parameter_section_bytes;
   17428   TPM_CC command_code = TPM_CC_GetCommandAuditDigest;
   17429   bool is_command_parameter_encryption_possible = true;
   17430   bool is_response_parameter_encryption_possible = true;
   17431   std::string command_code_bytes;
   17432   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17433   if (rc != TPM_RC_SUCCESS) {
   17434     return rc;
   17435   }
   17436   std::string privacy_handle_bytes;
   17437   rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_handle, &privacy_handle_bytes);
   17438   if (rc != TPM_RC_SUCCESS) {
   17439     return rc;
   17440   }
   17441   std::string sign_handle_bytes;
   17442   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   17443   if (rc != TPM_RC_SUCCESS) {
   17444     return rc;
   17445   }
   17446   std::string qualifying_data_bytes;
   17447   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   17448   if (rc != TPM_RC_SUCCESS) {
   17449     return rc;
   17450   }
   17451   std::string in_scheme_bytes;
   17452   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   17453   if (rc != TPM_RC_SUCCESS) {
   17454     return rc;
   17455   }
   17456   if (authorization_delegate) {
   17457     // Encrypt just the parameter data, not the size.
   17458     std::string tmp = qualifying_data_bytes.substr(2);
   17459     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   17460       return TRUNKS_RC_ENCRYPTION_FAILED;
   17461     }
   17462     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   17463   }
   17464   std::unique_ptr<crypto::SecureHash> hash(
   17465       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17466   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17467   hash->Update(privacy_handle_name.data(), privacy_handle_name.size());
   17468   handle_section_bytes += privacy_handle_bytes;
   17469   command_size += privacy_handle_bytes.size();
   17470   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   17471   handle_section_bytes += sign_handle_bytes;
   17472   command_size += sign_handle_bytes.size();
   17473   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   17474   parameter_section_bytes += qualifying_data_bytes;
   17475   command_size += qualifying_data_bytes.size();
   17476   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   17477   parameter_section_bytes += in_scheme_bytes;
   17478   command_size += in_scheme_bytes.size();
   17479   std::string command_hash(32, 0);
   17480   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   17481   std::string authorization_section_bytes;
   17482   std::string authorization_size_bytes;
   17483   if (authorization_delegate) {
   17484     if (!authorization_delegate->GetCommandAuthorization(
   17485             command_hash, is_command_parameter_encryption_possible,
   17486             is_response_parameter_encryption_possible,
   17487             &authorization_section_bytes)) {
   17488       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17489     }
   17490     if (!authorization_section_bytes.empty()) {
   17491       tag = TPM_ST_SESSIONS;
   17492       std::string tmp;
   17493       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17494                             &authorization_size_bytes);
   17495       if (rc != TPM_RC_SUCCESS) {
   17496         return rc;
   17497       }
   17498       command_size +=
   17499           authorization_size_bytes.size() + authorization_section_bytes.size();
   17500     }
   17501   }
   17502   std::string tag_bytes;
   17503   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   17504   if (rc != TPM_RC_SUCCESS) {
   17505     return rc;
   17506   }
   17507   std::string command_size_bytes;
   17508   rc = Serialize_UINT32(command_size, &command_size_bytes);
   17509   if (rc != TPM_RC_SUCCESS) {
   17510     return rc;
   17511   }
   17512   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   17513                         handle_section_bytes + authorization_size_bytes +
   17514                         authorization_section_bytes + parameter_section_bytes;
   17515   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17516   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17517                                             serialized_command->size());
   17518   return TPM_RC_SUCCESS;
   17519 }
   17520 
   17521 TPM_RC Tpm::ParseResponse_GetCommandAuditDigest(
   17522     const std::string& response,
   17523     TPM2B_ATTEST* audit_info,
   17524     TPMT_SIGNATURE* signature,
   17525     AuthorizationDelegate* authorization_delegate) {
   17526   VLOG(3) << __func__;
   17527   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17528   TPM_RC rc = TPM_RC_SUCCESS;
   17529   std::string buffer(response);
   17530   TPM_ST tag;
   17531   std::string tag_bytes;
   17532   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   17533   if (rc != TPM_RC_SUCCESS) {
   17534     return rc;
   17535   }
   17536   UINT32 response_size;
   17537   std::string response_size_bytes;
   17538   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   17539   if (rc != TPM_RC_SUCCESS) {
   17540     return rc;
   17541   }
   17542   TPM_RC response_code;
   17543   std::string response_code_bytes;
   17544   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   17545   if (rc != TPM_RC_SUCCESS) {
   17546     return rc;
   17547   }
   17548   if (response_size != response.size()) {
   17549     return TPM_RC_SIZE;
   17550   }
   17551   if (response_code != TPM_RC_SUCCESS) {
   17552     return response_code;
   17553   }
   17554   TPM_CC command_code = TPM_CC_GetCommandAuditDigest;
   17555   std::string command_code_bytes;
   17556   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17557   if (rc != TPM_RC_SUCCESS) {
   17558     return rc;
   17559   }
   17560   std::string authorization_section_bytes;
   17561   if (tag == TPM_ST_SESSIONS) {
   17562     UINT32 parameter_section_size = buffer.size();
   17563     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17564     if (rc != TPM_RC_SUCCESS) {
   17565       return rc;
   17566     }
   17567     if (parameter_section_size > buffer.size()) {
   17568       return TPM_RC_INSUFFICIENT;
   17569     }
   17570     authorization_section_bytes = buffer.substr(parameter_section_size);
   17571     // Keep the parameter section in |buffer|.
   17572     buffer.erase(parameter_section_size);
   17573   }
   17574   std::unique_ptr<crypto::SecureHash> hash(
   17575       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17576   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   17577   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17578   hash->Update(buffer.data(), buffer.size());
   17579   std::string response_hash(32, 0);
   17580   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   17581   if (tag == TPM_ST_SESSIONS) {
   17582     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17583     if (!authorization_delegate->CheckResponseAuthorization(
   17584             response_hash, authorization_section_bytes)) {
   17585       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17586     }
   17587   }
   17588   std::string audit_info_bytes;
   17589   rc = Parse_TPM2B_ATTEST(&buffer, audit_info, &audit_info_bytes);
   17590   if (rc != TPM_RC_SUCCESS) {
   17591     return rc;
   17592   }
   17593   std::string signature_bytes;
   17594   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   17595   if (rc != TPM_RC_SUCCESS) {
   17596     return rc;
   17597   }
   17598   if (tag == TPM_ST_SESSIONS) {
   17599     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17600     // Decrypt just the parameter data, not the size.
   17601     std::string tmp = audit_info_bytes.substr(2);
   17602     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17603       return TRUNKS_RC_ENCRYPTION_FAILED;
   17604     }
   17605     audit_info_bytes.replace(2, std::string::npos, tmp);
   17606     rc = Parse_TPM2B_ATTEST(&audit_info_bytes, audit_info, nullptr);
   17607     if (rc != TPM_RC_SUCCESS) {
   17608       return rc;
   17609     }
   17610   }
   17611   return TPM_RC_SUCCESS;
   17612 }
   17613 
   17614 void GetCommandAuditDigestErrorCallback(
   17615     const Tpm::GetCommandAuditDigestResponse& callback,
   17616     TPM_RC response_code) {
   17617   VLOG(1) << __func__;
   17618   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   17619 }
   17620 
   17621 void GetCommandAuditDigestResponseParser(
   17622     const Tpm::GetCommandAuditDigestResponse& callback,
   17623     AuthorizationDelegate* authorization_delegate,
   17624     const std::string& response) {
   17625   VLOG(1) << __func__;
   17626   base::Callback<void(TPM_RC)> error_reporter =
   17627       base::Bind(GetCommandAuditDigestErrorCallback, callback);
   17628   TPM2B_ATTEST audit_info;
   17629   TPMT_SIGNATURE signature;
   17630   TPM_RC rc = Tpm::ParseResponse_GetCommandAuditDigest(
   17631       response, &audit_info, &signature, authorization_delegate);
   17632   if (rc != TPM_RC_SUCCESS) {
   17633     error_reporter.Run(rc);
   17634     return;
   17635   }
   17636   callback.Run(rc, audit_info, signature);
   17637 }
   17638 
   17639 void Tpm::GetCommandAuditDigest(const TPMI_RH_ENDORSEMENT& privacy_handle,
   17640                                 const std::string& privacy_handle_name,
   17641                                 const TPMI_DH_OBJECT& sign_handle,
   17642                                 const std::string& sign_handle_name,
   17643                                 const TPM2B_DATA& qualifying_data,
   17644                                 const TPMT_SIG_SCHEME& in_scheme,
   17645                                 AuthorizationDelegate* authorization_delegate,
   17646                                 const GetCommandAuditDigestResponse& callback) {
   17647   VLOG(1) << __func__;
   17648   base::Callback<void(TPM_RC)> error_reporter =
   17649       base::Bind(GetCommandAuditDigestErrorCallback, callback);
   17650   base::Callback<void(const std::string&)> parser = base::Bind(
   17651       GetCommandAuditDigestResponseParser, callback, authorization_delegate);
   17652   std::string command;
   17653   TPM_RC rc = SerializeCommand_GetCommandAuditDigest(
   17654       privacy_handle, privacy_handle_name, sign_handle, sign_handle_name,
   17655       qualifying_data, in_scheme, &command, authorization_delegate);
   17656   if (rc != TPM_RC_SUCCESS) {
   17657     error_reporter.Run(rc);
   17658     return;
   17659   }
   17660   transceiver_->SendCommand(command, parser);
   17661 }
   17662 
   17663 TPM_RC Tpm::GetCommandAuditDigestSync(
   17664     const TPMI_RH_ENDORSEMENT& privacy_handle,
   17665     const std::string& privacy_handle_name,
   17666     const TPMI_DH_OBJECT& sign_handle,
   17667     const std::string& sign_handle_name,
   17668     const TPM2B_DATA& qualifying_data,
   17669     const TPMT_SIG_SCHEME& in_scheme,
   17670     TPM2B_ATTEST* audit_info,
   17671     TPMT_SIGNATURE* signature,
   17672     AuthorizationDelegate* authorization_delegate) {
   17673   VLOG(1) << __func__;
   17674   std::string command;
   17675   TPM_RC rc = SerializeCommand_GetCommandAuditDigest(
   17676       privacy_handle, privacy_handle_name, sign_handle, sign_handle_name,
   17677       qualifying_data, in_scheme, &command, authorization_delegate);
   17678   if (rc != TPM_RC_SUCCESS) {
   17679     return rc;
   17680   }
   17681   std::string response = transceiver_->SendCommandAndWait(command);
   17682   rc = ParseResponse_GetCommandAuditDigest(response, audit_info, signature,
   17683                                            authorization_delegate);
   17684   return rc;
   17685 }
   17686 
   17687 TPM_RC Tpm::SerializeCommand_GetTime(
   17688     const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17689     const std::string& privacy_admin_handle_name,
   17690     const TPMI_DH_OBJECT& sign_handle,
   17691     const std::string& sign_handle_name,
   17692     const TPM2B_DATA& qualifying_data,
   17693     const TPMT_SIG_SCHEME& in_scheme,
   17694     std::string* serialized_command,
   17695     AuthorizationDelegate* authorization_delegate) {
   17696   VLOG(3) << __func__;
   17697   TPM_RC rc = TPM_RC_SUCCESS;
   17698   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17699   UINT32 command_size = 10;  // Header size.
   17700   std::string handle_section_bytes;
   17701   std::string parameter_section_bytes;
   17702   TPM_CC command_code = TPM_CC_GetTime;
   17703   bool is_command_parameter_encryption_possible = true;
   17704   bool is_response_parameter_encryption_possible = true;
   17705   std::string command_code_bytes;
   17706   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17707   if (rc != TPM_RC_SUCCESS) {
   17708     return rc;
   17709   }
   17710   std::string privacy_admin_handle_bytes;
   17711   rc = Serialize_TPMI_RH_ENDORSEMENT(privacy_admin_handle,
   17712                                      &privacy_admin_handle_bytes);
   17713   if (rc != TPM_RC_SUCCESS) {
   17714     return rc;
   17715   }
   17716   std::string sign_handle_bytes;
   17717   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   17718   if (rc != TPM_RC_SUCCESS) {
   17719     return rc;
   17720   }
   17721   std::string qualifying_data_bytes;
   17722   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   17723   if (rc != TPM_RC_SUCCESS) {
   17724     return rc;
   17725   }
   17726   std::string in_scheme_bytes;
   17727   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   17728   if (rc != TPM_RC_SUCCESS) {
   17729     return rc;
   17730   }
   17731   if (authorization_delegate) {
   17732     // Encrypt just the parameter data, not the size.
   17733     std::string tmp = qualifying_data_bytes.substr(2);
   17734     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   17735       return TRUNKS_RC_ENCRYPTION_FAILED;
   17736     }
   17737     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   17738   }
   17739   std::unique_ptr<crypto::SecureHash> hash(
   17740       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17741   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17742   hash->Update(privacy_admin_handle_name.data(),
   17743                privacy_admin_handle_name.size());
   17744   handle_section_bytes += privacy_admin_handle_bytes;
   17745   command_size += privacy_admin_handle_bytes.size();
   17746   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   17747   handle_section_bytes += sign_handle_bytes;
   17748   command_size += sign_handle_bytes.size();
   17749   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   17750   parameter_section_bytes += qualifying_data_bytes;
   17751   command_size += qualifying_data_bytes.size();
   17752   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   17753   parameter_section_bytes += in_scheme_bytes;
   17754   command_size += in_scheme_bytes.size();
   17755   std::string command_hash(32, 0);
   17756   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   17757   std::string authorization_section_bytes;
   17758   std::string authorization_size_bytes;
   17759   if (authorization_delegate) {
   17760     if (!authorization_delegate->GetCommandAuthorization(
   17761             command_hash, is_command_parameter_encryption_possible,
   17762             is_response_parameter_encryption_possible,
   17763             &authorization_section_bytes)) {
   17764       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17765     }
   17766     if (!authorization_section_bytes.empty()) {
   17767       tag = TPM_ST_SESSIONS;
   17768       std::string tmp;
   17769       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17770                             &authorization_size_bytes);
   17771       if (rc != TPM_RC_SUCCESS) {
   17772         return rc;
   17773       }
   17774       command_size +=
   17775           authorization_size_bytes.size() + authorization_section_bytes.size();
   17776     }
   17777   }
   17778   std::string tag_bytes;
   17779   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   17780   if (rc != TPM_RC_SUCCESS) {
   17781     return rc;
   17782   }
   17783   std::string command_size_bytes;
   17784   rc = Serialize_UINT32(command_size, &command_size_bytes);
   17785   if (rc != TPM_RC_SUCCESS) {
   17786     return rc;
   17787   }
   17788   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   17789                         handle_section_bytes + authorization_size_bytes +
   17790                         authorization_section_bytes + parameter_section_bytes;
   17791   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17792   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17793                                             serialized_command->size());
   17794   return TPM_RC_SUCCESS;
   17795 }
   17796 
   17797 TPM_RC Tpm::ParseResponse_GetTime(
   17798     const std::string& response,
   17799     TPM2B_ATTEST* time_info,
   17800     TPMT_SIGNATURE* signature,
   17801     AuthorizationDelegate* authorization_delegate) {
   17802   VLOG(3) << __func__;
   17803   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17804   TPM_RC rc = TPM_RC_SUCCESS;
   17805   std::string buffer(response);
   17806   TPM_ST tag;
   17807   std::string tag_bytes;
   17808   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   17809   if (rc != TPM_RC_SUCCESS) {
   17810     return rc;
   17811   }
   17812   UINT32 response_size;
   17813   std::string response_size_bytes;
   17814   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   17815   if (rc != TPM_RC_SUCCESS) {
   17816     return rc;
   17817   }
   17818   TPM_RC response_code;
   17819   std::string response_code_bytes;
   17820   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   17821   if (rc != TPM_RC_SUCCESS) {
   17822     return rc;
   17823   }
   17824   if (response_size != response.size()) {
   17825     return TPM_RC_SIZE;
   17826   }
   17827   if (response_code != TPM_RC_SUCCESS) {
   17828     return response_code;
   17829   }
   17830   TPM_CC command_code = TPM_CC_GetTime;
   17831   std::string command_code_bytes;
   17832   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17833   if (rc != TPM_RC_SUCCESS) {
   17834     return rc;
   17835   }
   17836   std::string authorization_section_bytes;
   17837   if (tag == TPM_ST_SESSIONS) {
   17838     UINT32 parameter_section_size = buffer.size();
   17839     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17840     if (rc != TPM_RC_SUCCESS) {
   17841       return rc;
   17842     }
   17843     if (parameter_section_size > buffer.size()) {
   17844       return TPM_RC_INSUFFICIENT;
   17845     }
   17846     authorization_section_bytes = buffer.substr(parameter_section_size);
   17847     // Keep the parameter section in |buffer|.
   17848     buffer.erase(parameter_section_size);
   17849   }
   17850   std::unique_ptr<crypto::SecureHash> hash(
   17851       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   17852   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   17853   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   17854   hash->Update(buffer.data(), buffer.size());
   17855   std::string response_hash(32, 0);
   17856   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   17857   if (tag == TPM_ST_SESSIONS) {
   17858     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17859     if (!authorization_delegate->CheckResponseAuthorization(
   17860             response_hash, authorization_section_bytes)) {
   17861       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17862     }
   17863   }
   17864   std::string time_info_bytes;
   17865   rc = Parse_TPM2B_ATTEST(&buffer, time_info, &time_info_bytes);
   17866   if (rc != TPM_RC_SUCCESS) {
   17867     return rc;
   17868   }
   17869   std::string signature_bytes;
   17870   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   17871   if (rc != TPM_RC_SUCCESS) {
   17872     return rc;
   17873   }
   17874   if (tag == TPM_ST_SESSIONS) {
   17875     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17876     // Decrypt just the parameter data, not the size.
   17877     std::string tmp = time_info_bytes.substr(2);
   17878     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17879       return TRUNKS_RC_ENCRYPTION_FAILED;
   17880     }
   17881     time_info_bytes.replace(2, std::string::npos, tmp);
   17882     rc = Parse_TPM2B_ATTEST(&time_info_bytes, time_info, nullptr);
   17883     if (rc != TPM_RC_SUCCESS) {
   17884       return rc;
   17885     }
   17886   }
   17887   return TPM_RC_SUCCESS;
   17888 }
   17889 
   17890 void GetTimeErrorCallback(const Tpm::GetTimeResponse& callback,
   17891                           TPM_RC response_code) {
   17892   VLOG(1) << __func__;
   17893   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   17894 }
   17895 
   17896 void GetTimeResponseParser(const Tpm::GetTimeResponse& callback,
   17897                            AuthorizationDelegate* authorization_delegate,
   17898                            const std::string& response) {
   17899   VLOG(1) << __func__;
   17900   base::Callback<void(TPM_RC)> error_reporter =
   17901       base::Bind(GetTimeErrorCallback, callback);
   17902   TPM2B_ATTEST time_info;
   17903   TPMT_SIGNATURE signature;
   17904   TPM_RC rc = Tpm::ParseResponse_GetTime(response, &time_info, &signature,
   17905                                          authorization_delegate);
   17906   if (rc != TPM_RC_SUCCESS) {
   17907     error_reporter.Run(rc);
   17908     return;
   17909   }
   17910   callback.Run(rc, time_info, signature);
   17911 }
   17912 
   17913 void Tpm::GetTime(const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17914                   const std::string& privacy_admin_handle_name,
   17915                   const TPMI_DH_OBJECT& sign_handle,
   17916                   const std::string& sign_handle_name,
   17917                   const TPM2B_DATA& qualifying_data,
   17918                   const TPMT_SIG_SCHEME& in_scheme,
   17919                   AuthorizationDelegate* authorization_delegate,
   17920                   const GetTimeResponse& callback) {
   17921   VLOG(1) << __func__;
   17922   base::Callback<void(TPM_RC)> error_reporter =
   17923       base::Bind(GetTimeErrorCallback, callback);
   17924   base::Callback<void(const std::string&)> parser =
   17925       base::Bind(GetTimeResponseParser, callback, authorization_delegate);
   17926   std::string command;
   17927   TPM_RC rc =
   17928       SerializeCommand_GetTime(privacy_admin_handle, privacy_admin_handle_name,
   17929                                sign_handle, sign_handle_name, qualifying_data,
   17930                                in_scheme, &command, authorization_delegate);
   17931   if (rc != TPM_RC_SUCCESS) {
   17932     error_reporter.Run(rc);
   17933     return;
   17934   }
   17935   transceiver_->SendCommand(command, parser);
   17936 }
   17937 
   17938 TPM_RC Tpm::GetTimeSync(const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   17939                         const std::string& privacy_admin_handle_name,
   17940                         const TPMI_DH_OBJECT& sign_handle,
   17941                         const std::string& sign_handle_name,
   17942                         const TPM2B_DATA& qualifying_data,
   17943                         const TPMT_SIG_SCHEME& in_scheme,
   17944                         TPM2B_ATTEST* time_info,
   17945                         TPMT_SIGNATURE* signature,
   17946                         AuthorizationDelegate* authorization_delegate) {
   17947   VLOG(1) << __func__;
   17948   std::string command;
   17949   TPM_RC rc =
   17950       SerializeCommand_GetTime(privacy_admin_handle, privacy_admin_handle_name,
   17951                                sign_handle, sign_handle_name, qualifying_data,
   17952                                in_scheme, &command, authorization_delegate);
   17953   if (rc != TPM_RC_SUCCESS) {
   17954     return rc;
   17955   }
   17956   std::string response = transceiver_->SendCommandAndWait(command);
   17957   rc = ParseResponse_GetTime(response, time_info, signature,
   17958                              authorization_delegate);
   17959   return rc;
   17960 }
   17961 
   17962 TPM_RC Tpm::SerializeCommand_Commit(
   17963     const TPMI_DH_OBJECT& sign_handle,
   17964     const std::string& sign_handle_name,
   17965     const UINT32& param_size,
   17966     const TPM2B_ECC_POINT& p1,
   17967     const TPM2B_SENSITIVE_DATA& s2,
   17968     const TPM2B_ECC_PARAMETER& y2,
   17969     std::string* serialized_command,
   17970     AuthorizationDelegate* authorization_delegate) {
   17971   VLOG(3) << __func__;
   17972   TPM_RC rc = TPM_RC_SUCCESS;
   17973   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17974   UINT32 command_size = 10;  // Header size.
   17975   std::string handle_section_bytes;
   17976   std::string parameter_section_bytes;
   17977   TPM_CC command_code = TPM_CC_Commit;
   17978   bool is_command_parameter_encryption_possible = false;
   17979   bool is_response_parameter_encryption_possible = false;
   17980   std::string command_code_bytes;
   17981   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   17982   if (rc != TPM_RC_SUCCESS) {
   17983     return rc;
   17984   }
   17985   std::string param_size_bytes;
   17986   rc = Serialize_UINT32(param_size, &param_size_bytes);
   17987   if (rc != TPM_RC_SUCCESS) {
   17988     return rc;
   17989   }
   17990   std::string sign_handle_bytes;
   17991   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   17992   if (rc != TPM_RC_SUCCESS) {
   17993     return rc;
   17994   }
   17995   std::string p1_bytes;
   17996   rc = Serialize_TPM2B_ECC_POINT(p1, &p1_bytes);
   17997   if (rc != TPM_RC_SUCCESS) {
   17998     return rc;
   17999   }
   18000   std::string s2_bytes;
   18001   rc = Serialize_TPM2B_SENSITIVE_DATA(s2, &s2_bytes);
   18002   if (rc != TPM_RC_SUCCESS) {
   18003     return rc;
   18004   }
   18005   std::string y2_bytes;
   18006   rc = Serialize_TPM2B_ECC_PARAMETER(y2, &y2_bytes);
   18007   if (rc != TPM_RC_SUCCESS) {
   18008     return rc;
   18009   }
   18010   std::unique_ptr<crypto::SecureHash> hash(
   18011       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18012   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18013   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   18014   handle_section_bytes += sign_handle_bytes;
   18015   command_size += sign_handle_bytes.size();
   18016   hash->Update(param_size_bytes.data(), param_size_bytes.size());
   18017   parameter_section_bytes += param_size_bytes;
   18018   command_size += param_size_bytes.size();
   18019   hash->Update(p1_bytes.data(), p1_bytes.size());
   18020   parameter_section_bytes += p1_bytes;
   18021   command_size += p1_bytes.size();
   18022   hash->Update(s2_bytes.data(), s2_bytes.size());
   18023   parameter_section_bytes += s2_bytes;
   18024   command_size += s2_bytes.size();
   18025   hash->Update(y2_bytes.data(), y2_bytes.size());
   18026   parameter_section_bytes += y2_bytes;
   18027   command_size += y2_bytes.size();
   18028   std::string command_hash(32, 0);
   18029   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   18030   std::string authorization_section_bytes;
   18031   std::string authorization_size_bytes;
   18032   if (authorization_delegate) {
   18033     if (!authorization_delegate->GetCommandAuthorization(
   18034             command_hash, is_command_parameter_encryption_possible,
   18035             is_response_parameter_encryption_possible,
   18036             &authorization_section_bytes)) {
   18037       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18038     }
   18039     if (!authorization_section_bytes.empty()) {
   18040       tag = TPM_ST_SESSIONS;
   18041       std::string tmp;
   18042       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18043                             &authorization_size_bytes);
   18044       if (rc != TPM_RC_SUCCESS) {
   18045         return rc;
   18046       }
   18047       command_size +=
   18048           authorization_size_bytes.size() + authorization_section_bytes.size();
   18049     }
   18050   }
   18051   std::string tag_bytes;
   18052   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   18053   if (rc != TPM_RC_SUCCESS) {
   18054     return rc;
   18055   }
   18056   std::string command_size_bytes;
   18057   rc = Serialize_UINT32(command_size, &command_size_bytes);
   18058   if (rc != TPM_RC_SUCCESS) {
   18059     return rc;
   18060   }
   18061   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   18062                         handle_section_bytes + authorization_size_bytes +
   18063                         authorization_section_bytes + parameter_section_bytes;
   18064   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18065   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18066                                             serialized_command->size());
   18067   return TPM_RC_SUCCESS;
   18068 }
   18069 
   18070 TPM_RC Tpm::ParseResponse_Commit(
   18071     const std::string& response,
   18072     UINT32* param_size_out,
   18073     TPM2B_ECC_POINT* k,
   18074     TPM2B_ECC_POINT* l,
   18075     TPM2B_ECC_POINT* e,
   18076     UINT16* counter,
   18077     AuthorizationDelegate* authorization_delegate) {
   18078   VLOG(3) << __func__;
   18079   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18080   TPM_RC rc = TPM_RC_SUCCESS;
   18081   std::string buffer(response);
   18082   TPM_ST tag;
   18083   std::string tag_bytes;
   18084   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   18085   if (rc != TPM_RC_SUCCESS) {
   18086     return rc;
   18087   }
   18088   UINT32 response_size;
   18089   std::string response_size_bytes;
   18090   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   18091   if (rc != TPM_RC_SUCCESS) {
   18092     return rc;
   18093   }
   18094   TPM_RC response_code;
   18095   std::string response_code_bytes;
   18096   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   18097   if (rc != TPM_RC_SUCCESS) {
   18098     return rc;
   18099   }
   18100   if (response_size != response.size()) {
   18101     return TPM_RC_SIZE;
   18102   }
   18103   if (response_code != TPM_RC_SUCCESS) {
   18104     return response_code;
   18105   }
   18106   TPM_CC command_code = TPM_CC_Commit;
   18107   std::string command_code_bytes;
   18108   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18109   if (rc != TPM_RC_SUCCESS) {
   18110     return rc;
   18111   }
   18112   std::string authorization_section_bytes;
   18113   if (tag == TPM_ST_SESSIONS) {
   18114     UINT32 parameter_section_size = buffer.size();
   18115     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18116     if (rc != TPM_RC_SUCCESS) {
   18117       return rc;
   18118     }
   18119     if (parameter_section_size > buffer.size()) {
   18120       return TPM_RC_INSUFFICIENT;
   18121     }
   18122     authorization_section_bytes = buffer.substr(parameter_section_size);
   18123     // Keep the parameter section in |buffer|.
   18124     buffer.erase(parameter_section_size);
   18125   }
   18126   std::unique_ptr<crypto::SecureHash> hash(
   18127       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18128   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   18129   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18130   hash->Update(buffer.data(), buffer.size());
   18131   std::string response_hash(32, 0);
   18132   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   18133   if (tag == TPM_ST_SESSIONS) {
   18134     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18135     if (!authorization_delegate->CheckResponseAuthorization(
   18136             response_hash, authorization_section_bytes)) {
   18137       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18138     }
   18139   }
   18140   std::string param_size_out_bytes;
   18141   rc = Parse_UINT32(&buffer, param_size_out, &param_size_out_bytes);
   18142   if (rc != TPM_RC_SUCCESS) {
   18143     return rc;
   18144   }
   18145   std::string k_bytes;
   18146   rc = Parse_TPM2B_ECC_POINT(&buffer, k, &k_bytes);
   18147   if (rc != TPM_RC_SUCCESS) {
   18148     return rc;
   18149   }
   18150   std::string l_bytes;
   18151   rc = Parse_TPM2B_ECC_POINT(&buffer, l, &l_bytes);
   18152   if (rc != TPM_RC_SUCCESS) {
   18153     return rc;
   18154   }
   18155   std::string e_bytes;
   18156   rc = Parse_TPM2B_ECC_POINT(&buffer, e, &e_bytes);
   18157   if (rc != TPM_RC_SUCCESS) {
   18158     return rc;
   18159   }
   18160   std::string counter_bytes;
   18161   rc = Parse_UINT16(&buffer, counter, &counter_bytes);
   18162   if (rc != TPM_RC_SUCCESS) {
   18163     return rc;
   18164   }
   18165   return TPM_RC_SUCCESS;
   18166 }
   18167 
   18168 void CommitErrorCallback(const Tpm::CommitResponse& callback,
   18169                          TPM_RC response_code) {
   18170   VLOG(1) << __func__;
   18171   callback.Run(response_code, UINT32(), TPM2B_ECC_POINT(), TPM2B_ECC_POINT(),
   18172                TPM2B_ECC_POINT(), UINT16());
   18173 }
   18174 
   18175 void CommitResponseParser(const Tpm::CommitResponse& callback,
   18176                           AuthorizationDelegate* authorization_delegate,
   18177                           const std::string& response) {
   18178   VLOG(1) << __func__;
   18179   base::Callback<void(TPM_RC)> error_reporter =
   18180       base::Bind(CommitErrorCallback, callback);
   18181   UINT32 param_size_out;
   18182   TPM2B_ECC_POINT k;
   18183   TPM2B_ECC_POINT l;
   18184   TPM2B_ECC_POINT e;
   18185   UINT16 counter;
   18186   TPM_RC rc = Tpm::ParseResponse_Commit(response, &param_size_out, &k, &l, &e,
   18187                                         &counter, authorization_delegate);
   18188   if (rc != TPM_RC_SUCCESS) {
   18189     error_reporter.Run(rc);
   18190     return;
   18191   }
   18192   callback.Run(rc, param_size_out, k, l, e, counter);
   18193 }
   18194 
   18195 void Tpm::Commit(const TPMI_DH_OBJECT& sign_handle,
   18196                  const std::string& sign_handle_name,
   18197                  const UINT32& param_size,
   18198                  const TPM2B_ECC_POINT& p1,
   18199                  const TPM2B_SENSITIVE_DATA& s2,
   18200                  const TPM2B_ECC_PARAMETER& y2,
   18201                  AuthorizationDelegate* authorization_delegate,
   18202                  const CommitResponse& callback) {
   18203   VLOG(1) << __func__;
   18204   base::Callback<void(TPM_RC)> error_reporter =
   18205       base::Bind(CommitErrorCallback, callback);
   18206   base::Callback<void(const std::string&)> parser =
   18207       base::Bind(CommitResponseParser, callback, authorization_delegate);
   18208   std::string command;
   18209   TPM_RC rc =
   18210       SerializeCommand_Commit(sign_handle, sign_handle_name, param_size, p1, s2,
   18211                               y2, &command, authorization_delegate);
   18212   if (rc != TPM_RC_SUCCESS) {
   18213     error_reporter.Run(rc);
   18214     return;
   18215   }
   18216   transceiver_->SendCommand(command, parser);
   18217 }
   18218 
   18219 TPM_RC Tpm::CommitSync(const TPMI_DH_OBJECT& sign_handle,
   18220                        const std::string& sign_handle_name,
   18221                        const UINT32& param_size,
   18222                        const TPM2B_ECC_POINT& p1,
   18223                        const TPM2B_SENSITIVE_DATA& s2,
   18224                        const TPM2B_ECC_PARAMETER& y2,
   18225                        UINT32* param_size_out,
   18226                        TPM2B_ECC_POINT* k,
   18227                        TPM2B_ECC_POINT* l,
   18228                        TPM2B_ECC_POINT* e,
   18229                        UINT16* counter,
   18230                        AuthorizationDelegate* authorization_delegate) {
   18231   VLOG(1) << __func__;
   18232   std::string command;
   18233   TPM_RC rc =
   18234       SerializeCommand_Commit(sign_handle, sign_handle_name, param_size, p1, s2,
   18235                               y2, &command, authorization_delegate);
   18236   if (rc != TPM_RC_SUCCESS) {
   18237     return rc;
   18238   }
   18239   std::string response = transceiver_->SendCommandAndWait(command);
   18240   rc = ParseResponse_Commit(response, param_size_out, k, l, e, counter,
   18241                             authorization_delegate);
   18242   return rc;
   18243 }
   18244 
   18245 TPM_RC Tpm::SerializeCommand_EC_Ephemeral(
   18246     const UINT32& param_size,
   18247     const TPMI_ECC_CURVE& curve_id,
   18248     std::string* serialized_command,
   18249     AuthorizationDelegate* authorization_delegate) {
   18250   VLOG(3) << __func__;
   18251   TPM_RC rc = TPM_RC_SUCCESS;
   18252   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18253   UINT32 command_size = 10;  // Header size.
   18254   std::string handle_section_bytes;
   18255   std::string parameter_section_bytes;
   18256   TPM_CC command_code = TPM_CC_EC_Ephemeral;
   18257   bool is_command_parameter_encryption_possible = false;
   18258   bool is_response_parameter_encryption_possible = false;
   18259   std::string command_code_bytes;
   18260   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18261   if (rc != TPM_RC_SUCCESS) {
   18262     return rc;
   18263   }
   18264   std::string param_size_bytes;
   18265   rc = Serialize_UINT32(param_size, &param_size_bytes);
   18266   if (rc != TPM_RC_SUCCESS) {
   18267     return rc;
   18268   }
   18269   std::string curve_id_bytes;
   18270   rc = Serialize_TPMI_ECC_CURVE(curve_id, &curve_id_bytes);
   18271   if (rc != TPM_RC_SUCCESS) {
   18272     return rc;
   18273   }
   18274   std::unique_ptr<crypto::SecureHash> hash(
   18275       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18276   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18277   hash->Update(param_size_bytes.data(), param_size_bytes.size());
   18278   parameter_section_bytes += param_size_bytes;
   18279   command_size += param_size_bytes.size();
   18280   hash->Update(curve_id_bytes.data(), curve_id_bytes.size());
   18281   parameter_section_bytes += curve_id_bytes;
   18282   command_size += curve_id_bytes.size();
   18283   std::string command_hash(32, 0);
   18284   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   18285   std::string authorization_section_bytes;
   18286   std::string authorization_size_bytes;
   18287   if (authorization_delegate) {
   18288     if (!authorization_delegate->GetCommandAuthorization(
   18289             command_hash, is_command_parameter_encryption_possible,
   18290             is_response_parameter_encryption_possible,
   18291             &authorization_section_bytes)) {
   18292       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18293     }
   18294     if (!authorization_section_bytes.empty()) {
   18295       tag = TPM_ST_SESSIONS;
   18296       std::string tmp;
   18297       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18298                             &authorization_size_bytes);
   18299       if (rc != TPM_RC_SUCCESS) {
   18300         return rc;
   18301       }
   18302       command_size +=
   18303           authorization_size_bytes.size() + authorization_section_bytes.size();
   18304     }
   18305   }
   18306   std::string tag_bytes;
   18307   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   18308   if (rc != TPM_RC_SUCCESS) {
   18309     return rc;
   18310   }
   18311   std::string command_size_bytes;
   18312   rc = Serialize_UINT32(command_size, &command_size_bytes);
   18313   if (rc != TPM_RC_SUCCESS) {
   18314     return rc;
   18315   }
   18316   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   18317                         handle_section_bytes + authorization_size_bytes +
   18318                         authorization_section_bytes + parameter_section_bytes;
   18319   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18320   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18321                                             serialized_command->size());
   18322   return TPM_RC_SUCCESS;
   18323 }
   18324 
   18325 TPM_RC Tpm::ParseResponse_EC_Ephemeral(
   18326     const std::string& response,
   18327     UINT32* param_size_out,
   18328     TPM2B_ECC_POINT* q,
   18329     UINT16* counter,
   18330     AuthorizationDelegate* authorization_delegate) {
   18331   VLOG(3) << __func__;
   18332   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18333   TPM_RC rc = TPM_RC_SUCCESS;
   18334   std::string buffer(response);
   18335   TPM_ST tag;
   18336   std::string tag_bytes;
   18337   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   18338   if (rc != TPM_RC_SUCCESS) {
   18339     return rc;
   18340   }
   18341   UINT32 response_size;
   18342   std::string response_size_bytes;
   18343   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   18344   if (rc != TPM_RC_SUCCESS) {
   18345     return rc;
   18346   }
   18347   TPM_RC response_code;
   18348   std::string response_code_bytes;
   18349   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   18350   if (rc != TPM_RC_SUCCESS) {
   18351     return rc;
   18352   }
   18353   if (response_size != response.size()) {
   18354     return TPM_RC_SIZE;
   18355   }
   18356   if (response_code != TPM_RC_SUCCESS) {
   18357     return response_code;
   18358   }
   18359   TPM_CC command_code = TPM_CC_EC_Ephemeral;
   18360   std::string command_code_bytes;
   18361   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18362   if (rc != TPM_RC_SUCCESS) {
   18363     return rc;
   18364   }
   18365   std::string authorization_section_bytes;
   18366   if (tag == TPM_ST_SESSIONS) {
   18367     UINT32 parameter_section_size = buffer.size();
   18368     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18369     if (rc != TPM_RC_SUCCESS) {
   18370       return rc;
   18371     }
   18372     if (parameter_section_size > buffer.size()) {
   18373       return TPM_RC_INSUFFICIENT;
   18374     }
   18375     authorization_section_bytes = buffer.substr(parameter_section_size);
   18376     // Keep the parameter section in |buffer|.
   18377     buffer.erase(parameter_section_size);
   18378   }
   18379   std::unique_ptr<crypto::SecureHash> hash(
   18380       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18381   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   18382   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18383   hash->Update(buffer.data(), buffer.size());
   18384   std::string response_hash(32, 0);
   18385   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   18386   if (tag == TPM_ST_SESSIONS) {
   18387     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18388     if (!authorization_delegate->CheckResponseAuthorization(
   18389             response_hash, authorization_section_bytes)) {
   18390       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18391     }
   18392   }
   18393   std::string param_size_out_bytes;
   18394   rc = Parse_UINT32(&buffer, param_size_out, &param_size_out_bytes);
   18395   if (rc != TPM_RC_SUCCESS) {
   18396     return rc;
   18397   }
   18398   std::string q_bytes;
   18399   rc = Parse_TPM2B_ECC_POINT(&buffer, q, &q_bytes);
   18400   if (rc != TPM_RC_SUCCESS) {
   18401     return rc;
   18402   }
   18403   std::string counter_bytes;
   18404   rc = Parse_UINT16(&buffer, counter, &counter_bytes);
   18405   if (rc != TPM_RC_SUCCESS) {
   18406     return rc;
   18407   }
   18408   return TPM_RC_SUCCESS;
   18409 }
   18410 
   18411 void EC_EphemeralErrorCallback(const Tpm::EC_EphemeralResponse& callback,
   18412                                TPM_RC response_code) {
   18413   VLOG(1) << __func__;
   18414   callback.Run(response_code, UINT32(), TPM2B_ECC_POINT(), UINT16());
   18415 }
   18416 
   18417 void EC_EphemeralResponseParser(const Tpm::EC_EphemeralResponse& callback,
   18418                                 AuthorizationDelegate* authorization_delegate,
   18419                                 const std::string& response) {
   18420   VLOG(1) << __func__;
   18421   base::Callback<void(TPM_RC)> error_reporter =
   18422       base::Bind(EC_EphemeralErrorCallback, callback);
   18423   UINT32 param_size_out;
   18424   TPM2B_ECC_POINT q;
   18425   UINT16 counter;
   18426   TPM_RC rc = Tpm::ParseResponse_EC_Ephemeral(response, &param_size_out, &q,
   18427                                               &counter, authorization_delegate);
   18428   if (rc != TPM_RC_SUCCESS) {
   18429     error_reporter.Run(rc);
   18430     return;
   18431   }
   18432   callback.Run(rc, param_size_out, q, counter);
   18433 }
   18434 
   18435 void Tpm::EC_Ephemeral(const UINT32& param_size,
   18436                        const TPMI_ECC_CURVE& curve_id,
   18437                        AuthorizationDelegate* authorization_delegate,
   18438                        const EC_EphemeralResponse& callback) {
   18439   VLOG(1) << __func__;
   18440   base::Callback<void(TPM_RC)> error_reporter =
   18441       base::Bind(EC_EphemeralErrorCallback, callback);
   18442   base::Callback<void(const std::string&)> parser =
   18443       base::Bind(EC_EphemeralResponseParser, callback, authorization_delegate);
   18444   std::string command;
   18445   TPM_RC rc = SerializeCommand_EC_Ephemeral(param_size, curve_id, &command,
   18446                                             authorization_delegate);
   18447   if (rc != TPM_RC_SUCCESS) {
   18448     error_reporter.Run(rc);
   18449     return;
   18450   }
   18451   transceiver_->SendCommand(command, parser);
   18452 }
   18453 
   18454 TPM_RC Tpm::EC_EphemeralSync(const UINT32& param_size,
   18455                              const TPMI_ECC_CURVE& curve_id,
   18456                              UINT32* param_size_out,
   18457                              TPM2B_ECC_POINT* q,
   18458                              UINT16* counter,
   18459                              AuthorizationDelegate* authorization_delegate) {
   18460   VLOG(1) << __func__;
   18461   std::string command;
   18462   TPM_RC rc = SerializeCommand_EC_Ephemeral(param_size, curve_id, &command,
   18463                                             authorization_delegate);
   18464   if (rc != TPM_RC_SUCCESS) {
   18465     return rc;
   18466   }
   18467   std::string response = transceiver_->SendCommandAndWait(command);
   18468   rc = ParseResponse_EC_Ephemeral(response, param_size_out, q, counter,
   18469                                   authorization_delegate);
   18470   return rc;
   18471 }
   18472 
   18473 TPM_RC Tpm::SerializeCommand_VerifySignature(
   18474     const TPMI_DH_OBJECT& key_handle,
   18475     const std::string& key_handle_name,
   18476     const TPM2B_DIGEST& digest,
   18477     const TPMT_SIGNATURE& signature,
   18478     std::string* serialized_command,
   18479     AuthorizationDelegate* authorization_delegate) {
   18480   VLOG(3) << __func__;
   18481   TPM_RC rc = TPM_RC_SUCCESS;
   18482   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18483   UINT32 command_size = 10;  // Header size.
   18484   std::string handle_section_bytes;
   18485   std::string parameter_section_bytes;
   18486   TPM_CC command_code = TPM_CC_VerifySignature;
   18487   bool is_command_parameter_encryption_possible = true;
   18488   bool is_response_parameter_encryption_possible = false;
   18489   std::string command_code_bytes;
   18490   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18491   if (rc != TPM_RC_SUCCESS) {
   18492     return rc;
   18493   }
   18494   std::string key_handle_bytes;
   18495   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   18496   if (rc != TPM_RC_SUCCESS) {
   18497     return rc;
   18498   }
   18499   std::string digest_bytes;
   18500   rc = Serialize_TPM2B_DIGEST(digest, &digest_bytes);
   18501   if (rc != TPM_RC_SUCCESS) {
   18502     return rc;
   18503   }
   18504   std::string signature_bytes;
   18505   rc = Serialize_TPMT_SIGNATURE(signature, &signature_bytes);
   18506   if (rc != TPM_RC_SUCCESS) {
   18507     return rc;
   18508   }
   18509   if (authorization_delegate) {
   18510     // Encrypt just the parameter data, not the size.
   18511     std::string tmp = digest_bytes.substr(2);
   18512     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18513       return TRUNKS_RC_ENCRYPTION_FAILED;
   18514     }
   18515     digest_bytes.replace(2, std::string::npos, tmp);
   18516   }
   18517   std::unique_ptr<crypto::SecureHash> hash(
   18518       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18519   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18520   hash->Update(key_handle_name.data(), key_handle_name.size());
   18521   handle_section_bytes += key_handle_bytes;
   18522   command_size += key_handle_bytes.size();
   18523   hash->Update(digest_bytes.data(), digest_bytes.size());
   18524   parameter_section_bytes += digest_bytes;
   18525   command_size += digest_bytes.size();
   18526   hash->Update(signature_bytes.data(), signature_bytes.size());
   18527   parameter_section_bytes += signature_bytes;
   18528   command_size += signature_bytes.size();
   18529   std::string command_hash(32, 0);
   18530   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   18531   std::string authorization_section_bytes;
   18532   std::string authorization_size_bytes;
   18533   if (authorization_delegate) {
   18534     if (!authorization_delegate->GetCommandAuthorization(
   18535             command_hash, is_command_parameter_encryption_possible,
   18536             is_response_parameter_encryption_possible,
   18537             &authorization_section_bytes)) {
   18538       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18539     }
   18540     if (!authorization_section_bytes.empty()) {
   18541       tag = TPM_ST_SESSIONS;
   18542       std::string tmp;
   18543       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18544                             &authorization_size_bytes);
   18545       if (rc != TPM_RC_SUCCESS) {
   18546         return rc;
   18547       }
   18548       command_size +=
   18549           authorization_size_bytes.size() + authorization_section_bytes.size();
   18550     }
   18551   }
   18552   std::string tag_bytes;
   18553   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   18554   if (rc != TPM_RC_SUCCESS) {
   18555     return rc;
   18556   }
   18557   std::string command_size_bytes;
   18558   rc = Serialize_UINT32(command_size, &command_size_bytes);
   18559   if (rc != TPM_RC_SUCCESS) {
   18560     return rc;
   18561   }
   18562   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   18563                         handle_section_bytes + authorization_size_bytes +
   18564                         authorization_section_bytes + parameter_section_bytes;
   18565   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18566   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18567                                             serialized_command->size());
   18568   return TPM_RC_SUCCESS;
   18569 }
   18570 
   18571 TPM_RC Tpm::ParseResponse_VerifySignature(
   18572     const std::string& response,
   18573     TPMT_TK_VERIFIED* validation,
   18574     AuthorizationDelegate* authorization_delegate) {
   18575   VLOG(3) << __func__;
   18576   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18577   TPM_RC rc = TPM_RC_SUCCESS;
   18578   std::string buffer(response);
   18579   TPM_ST tag;
   18580   std::string tag_bytes;
   18581   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   18582   if (rc != TPM_RC_SUCCESS) {
   18583     return rc;
   18584   }
   18585   UINT32 response_size;
   18586   std::string response_size_bytes;
   18587   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   18588   if (rc != TPM_RC_SUCCESS) {
   18589     return rc;
   18590   }
   18591   TPM_RC response_code;
   18592   std::string response_code_bytes;
   18593   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   18594   if (rc != TPM_RC_SUCCESS) {
   18595     return rc;
   18596   }
   18597   if (response_size != response.size()) {
   18598     return TPM_RC_SIZE;
   18599   }
   18600   if (response_code != TPM_RC_SUCCESS) {
   18601     return response_code;
   18602   }
   18603   TPM_CC command_code = TPM_CC_VerifySignature;
   18604   std::string command_code_bytes;
   18605   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18606   if (rc != TPM_RC_SUCCESS) {
   18607     return rc;
   18608   }
   18609   std::string authorization_section_bytes;
   18610   if (tag == TPM_ST_SESSIONS) {
   18611     UINT32 parameter_section_size = buffer.size();
   18612     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18613     if (rc != TPM_RC_SUCCESS) {
   18614       return rc;
   18615     }
   18616     if (parameter_section_size > buffer.size()) {
   18617       return TPM_RC_INSUFFICIENT;
   18618     }
   18619     authorization_section_bytes = buffer.substr(parameter_section_size);
   18620     // Keep the parameter section in |buffer|.
   18621     buffer.erase(parameter_section_size);
   18622   }
   18623   std::unique_ptr<crypto::SecureHash> hash(
   18624       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18625   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   18626   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18627   hash->Update(buffer.data(), buffer.size());
   18628   std::string response_hash(32, 0);
   18629   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   18630   if (tag == TPM_ST_SESSIONS) {
   18631     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18632     if (!authorization_delegate->CheckResponseAuthorization(
   18633             response_hash, authorization_section_bytes)) {
   18634       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18635     }
   18636   }
   18637   std::string validation_bytes;
   18638   rc = Parse_TPMT_TK_VERIFIED(&buffer, validation, &validation_bytes);
   18639   if (rc != TPM_RC_SUCCESS) {
   18640     return rc;
   18641   }
   18642   return TPM_RC_SUCCESS;
   18643 }
   18644 
   18645 void VerifySignatureErrorCallback(const Tpm::VerifySignatureResponse& callback,
   18646                                   TPM_RC response_code) {
   18647   VLOG(1) << __func__;
   18648   callback.Run(response_code, TPMT_TK_VERIFIED());
   18649 }
   18650 
   18651 void VerifySignatureResponseParser(
   18652     const Tpm::VerifySignatureResponse& callback,
   18653     AuthorizationDelegate* authorization_delegate,
   18654     const std::string& response) {
   18655   VLOG(1) << __func__;
   18656   base::Callback<void(TPM_RC)> error_reporter =
   18657       base::Bind(VerifySignatureErrorCallback, callback);
   18658   TPMT_TK_VERIFIED validation;
   18659   TPM_RC rc = Tpm::ParseResponse_VerifySignature(response, &validation,
   18660                                                  authorization_delegate);
   18661   if (rc != TPM_RC_SUCCESS) {
   18662     error_reporter.Run(rc);
   18663     return;
   18664   }
   18665   callback.Run(rc, validation);
   18666 }
   18667 
   18668 void Tpm::VerifySignature(const TPMI_DH_OBJECT& key_handle,
   18669                           const std::string& key_handle_name,
   18670                           const TPM2B_DIGEST& digest,
   18671                           const TPMT_SIGNATURE& signature,
   18672                           AuthorizationDelegate* authorization_delegate,
   18673                           const VerifySignatureResponse& callback) {
   18674   VLOG(1) << __func__;
   18675   base::Callback<void(TPM_RC)> error_reporter =
   18676       base::Bind(VerifySignatureErrorCallback, callback);
   18677   base::Callback<void(const std::string&)> parser = base::Bind(
   18678       VerifySignatureResponseParser, callback, authorization_delegate);
   18679   std::string command;
   18680   TPM_RC rc = SerializeCommand_VerifySignature(key_handle, key_handle_name,
   18681                                                digest, signature, &command,
   18682                                                authorization_delegate);
   18683   if (rc != TPM_RC_SUCCESS) {
   18684     error_reporter.Run(rc);
   18685     return;
   18686   }
   18687   transceiver_->SendCommand(command, parser);
   18688 }
   18689 
   18690 TPM_RC Tpm::VerifySignatureSync(const TPMI_DH_OBJECT& key_handle,
   18691                                 const std::string& key_handle_name,
   18692                                 const TPM2B_DIGEST& digest,
   18693                                 const TPMT_SIGNATURE& signature,
   18694                                 TPMT_TK_VERIFIED* validation,
   18695                                 AuthorizationDelegate* authorization_delegate) {
   18696   VLOG(1) << __func__;
   18697   std::string command;
   18698   TPM_RC rc = SerializeCommand_VerifySignature(key_handle, key_handle_name,
   18699                                                digest, signature, &command,
   18700                                                authorization_delegate);
   18701   if (rc != TPM_RC_SUCCESS) {
   18702     return rc;
   18703   }
   18704   std::string response = transceiver_->SendCommandAndWait(command);
   18705   rc = ParseResponse_VerifySignature(response, validation,
   18706                                      authorization_delegate);
   18707   return rc;
   18708 }
   18709 
   18710 TPM_RC Tpm::SerializeCommand_Sign(
   18711     const TPMI_DH_OBJECT& key_handle,
   18712     const std::string& key_handle_name,
   18713     const TPM2B_DIGEST& digest,
   18714     const TPMT_SIG_SCHEME& in_scheme,
   18715     const TPMT_TK_HASHCHECK& validation,
   18716     std::string* serialized_command,
   18717     AuthorizationDelegate* authorization_delegate) {
   18718   VLOG(3) << __func__;
   18719   TPM_RC rc = TPM_RC_SUCCESS;
   18720   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18721   UINT32 command_size = 10;  // Header size.
   18722   std::string handle_section_bytes;
   18723   std::string parameter_section_bytes;
   18724   TPM_CC command_code = TPM_CC_Sign;
   18725   bool is_command_parameter_encryption_possible = true;
   18726   bool is_response_parameter_encryption_possible = false;
   18727   std::string command_code_bytes;
   18728   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18729   if (rc != TPM_RC_SUCCESS) {
   18730     return rc;
   18731   }
   18732   std::string key_handle_bytes;
   18733   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   18734   if (rc != TPM_RC_SUCCESS) {
   18735     return rc;
   18736   }
   18737   std::string digest_bytes;
   18738   rc = Serialize_TPM2B_DIGEST(digest, &digest_bytes);
   18739   if (rc != TPM_RC_SUCCESS) {
   18740     return rc;
   18741   }
   18742   std::string in_scheme_bytes;
   18743   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   18744   if (rc != TPM_RC_SUCCESS) {
   18745     return rc;
   18746   }
   18747   std::string validation_bytes;
   18748   rc = Serialize_TPMT_TK_HASHCHECK(validation, &validation_bytes);
   18749   if (rc != TPM_RC_SUCCESS) {
   18750     return rc;
   18751   }
   18752   if (authorization_delegate) {
   18753     // Encrypt just the parameter data, not the size.
   18754     std::string tmp = digest_bytes.substr(2);
   18755     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18756       return TRUNKS_RC_ENCRYPTION_FAILED;
   18757     }
   18758     digest_bytes.replace(2, std::string::npos, tmp);
   18759   }
   18760   std::unique_ptr<crypto::SecureHash> hash(
   18761       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18762   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18763   hash->Update(key_handle_name.data(), key_handle_name.size());
   18764   handle_section_bytes += key_handle_bytes;
   18765   command_size += key_handle_bytes.size();
   18766   hash->Update(digest_bytes.data(), digest_bytes.size());
   18767   parameter_section_bytes += digest_bytes;
   18768   command_size += digest_bytes.size();
   18769   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   18770   parameter_section_bytes += in_scheme_bytes;
   18771   command_size += in_scheme_bytes.size();
   18772   hash->Update(validation_bytes.data(), validation_bytes.size());
   18773   parameter_section_bytes += validation_bytes;
   18774   command_size += validation_bytes.size();
   18775   std::string command_hash(32, 0);
   18776   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   18777   std::string authorization_section_bytes;
   18778   std::string authorization_size_bytes;
   18779   if (authorization_delegate) {
   18780     if (!authorization_delegate->GetCommandAuthorization(
   18781             command_hash, is_command_parameter_encryption_possible,
   18782             is_response_parameter_encryption_possible,
   18783             &authorization_section_bytes)) {
   18784       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18785     }
   18786     if (!authorization_section_bytes.empty()) {
   18787       tag = TPM_ST_SESSIONS;
   18788       std::string tmp;
   18789       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18790                             &authorization_size_bytes);
   18791       if (rc != TPM_RC_SUCCESS) {
   18792         return rc;
   18793       }
   18794       command_size +=
   18795           authorization_size_bytes.size() + authorization_section_bytes.size();
   18796     }
   18797   }
   18798   std::string tag_bytes;
   18799   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   18800   if (rc != TPM_RC_SUCCESS) {
   18801     return rc;
   18802   }
   18803   std::string command_size_bytes;
   18804   rc = Serialize_UINT32(command_size, &command_size_bytes);
   18805   if (rc != TPM_RC_SUCCESS) {
   18806     return rc;
   18807   }
   18808   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   18809                         handle_section_bytes + authorization_size_bytes +
   18810                         authorization_section_bytes + parameter_section_bytes;
   18811   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18812   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18813                                             serialized_command->size());
   18814   return TPM_RC_SUCCESS;
   18815 }
   18816 
   18817 TPM_RC Tpm::ParseResponse_Sign(const std::string& response,
   18818                                TPMT_SIGNATURE* signature,
   18819                                AuthorizationDelegate* authorization_delegate) {
   18820   VLOG(3) << __func__;
   18821   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18822   TPM_RC rc = TPM_RC_SUCCESS;
   18823   std::string buffer(response);
   18824   TPM_ST tag;
   18825   std::string tag_bytes;
   18826   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   18827   if (rc != TPM_RC_SUCCESS) {
   18828     return rc;
   18829   }
   18830   UINT32 response_size;
   18831   std::string response_size_bytes;
   18832   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   18833   if (rc != TPM_RC_SUCCESS) {
   18834     return rc;
   18835   }
   18836   TPM_RC response_code;
   18837   std::string response_code_bytes;
   18838   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   18839   if (rc != TPM_RC_SUCCESS) {
   18840     return rc;
   18841   }
   18842   if (response_size != response.size()) {
   18843     return TPM_RC_SIZE;
   18844   }
   18845   if (response_code != TPM_RC_SUCCESS) {
   18846     return response_code;
   18847   }
   18848   TPM_CC command_code = TPM_CC_Sign;
   18849   std::string command_code_bytes;
   18850   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18851   if (rc != TPM_RC_SUCCESS) {
   18852     return rc;
   18853   }
   18854   std::string authorization_section_bytes;
   18855   if (tag == TPM_ST_SESSIONS) {
   18856     UINT32 parameter_section_size = buffer.size();
   18857     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18858     if (rc != TPM_RC_SUCCESS) {
   18859       return rc;
   18860     }
   18861     if (parameter_section_size > buffer.size()) {
   18862       return TPM_RC_INSUFFICIENT;
   18863     }
   18864     authorization_section_bytes = buffer.substr(parameter_section_size);
   18865     // Keep the parameter section in |buffer|.
   18866     buffer.erase(parameter_section_size);
   18867   }
   18868   std::unique_ptr<crypto::SecureHash> hash(
   18869       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18870   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   18871   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   18872   hash->Update(buffer.data(), buffer.size());
   18873   std::string response_hash(32, 0);
   18874   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   18875   if (tag == TPM_ST_SESSIONS) {
   18876     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18877     if (!authorization_delegate->CheckResponseAuthorization(
   18878             response_hash, authorization_section_bytes)) {
   18879       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18880     }
   18881   }
   18882   std::string signature_bytes;
   18883   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   18884   if (rc != TPM_RC_SUCCESS) {
   18885     return rc;
   18886   }
   18887   return TPM_RC_SUCCESS;
   18888 }
   18889 
   18890 void SignErrorCallback(const Tpm::SignResponse& callback,
   18891                        TPM_RC response_code) {
   18892   VLOG(1) << __func__;
   18893   callback.Run(response_code, TPMT_SIGNATURE());
   18894 }
   18895 
   18896 void SignResponseParser(const Tpm::SignResponse& callback,
   18897                         AuthorizationDelegate* authorization_delegate,
   18898                         const std::string& response) {
   18899   VLOG(1) << __func__;
   18900   base::Callback<void(TPM_RC)> error_reporter =
   18901       base::Bind(SignErrorCallback, callback);
   18902   TPMT_SIGNATURE signature;
   18903   TPM_RC rc =
   18904       Tpm::ParseResponse_Sign(response, &signature, authorization_delegate);
   18905   if (rc != TPM_RC_SUCCESS) {
   18906     error_reporter.Run(rc);
   18907     return;
   18908   }
   18909   callback.Run(rc, signature);
   18910 }
   18911 
   18912 void Tpm::Sign(const TPMI_DH_OBJECT& key_handle,
   18913                const std::string& key_handle_name,
   18914                const TPM2B_DIGEST& digest,
   18915                const TPMT_SIG_SCHEME& in_scheme,
   18916                const TPMT_TK_HASHCHECK& validation,
   18917                AuthorizationDelegate* authorization_delegate,
   18918                const SignResponse& callback) {
   18919   VLOG(1) << __func__;
   18920   base::Callback<void(TPM_RC)> error_reporter =
   18921       base::Bind(SignErrorCallback, callback);
   18922   base::Callback<void(const std::string&)> parser =
   18923       base::Bind(SignResponseParser, callback, authorization_delegate);
   18924   std::string command;
   18925   TPM_RC rc =
   18926       SerializeCommand_Sign(key_handle, key_handle_name, digest, in_scheme,
   18927                             validation, &command, authorization_delegate);
   18928   if (rc != TPM_RC_SUCCESS) {
   18929     error_reporter.Run(rc);
   18930     return;
   18931   }
   18932   transceiver_->SendCommand(command, parser);
   18933 }
   18934 
   18935 TPM_RC Tpm::SignSync(const TPMI_DH_OBJECT& key_handle,
   18936                      const std::string& key_handle_name,
   18937                      const TPM2B_DIGEST& digest,
   18938                      const TPMT_SIG_SCHEME& in_scheme,
   18939                      const TPMT_TK_HASHCHECK& validation,
   18940                      TPMT_SIGNATURE* signature,
   18941                      AuthorizationDelegate* authorization_delegate) {
   18942   VLOG(1) << __func__;
   18943   std::string command;
   18944   TPM_RC rc =
   18945       SerializeCommand_Sign(key_handle, key_handle_name, digest, in_scheme,
   18946                             validation, &command, authorization_delegate);
   18947   if (rc != TPM_RC_SUCCESS) {
   18948     return rc;
   18949   }
   18950   std::string response = transceiver_->SendCommandAndWait(command);
   18951   rc = ParseResponse_Sign(response, signature, authorization_delegate);
   18952   return rc;
   18953 }
   18954 
   18955 TPM_RC Tpm::SerializeCommand_SetCommandCodeAuditStatus(
   18956     const TPMI_RH_PROVISION& auth,
   18957     const std::string& auth_name,
   18958     const TPMI_ALG_HASH& audit_alg,
   18959     const TPML_CC& set_list,
   18960     const TPML_CC& clear_list,
   18961     std::string* serialized_command,
   18962     AuthorizationDelegate* authorization_delegate) {
   18963   VLOG(3) << __func__;
   18964   TPM_RC rc = TPM_RC_SUCCESS;
   18965   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18966   UINT32 command_size = 10;  // Header size.
   18967   std::string handle_section_bytes;
   18968   std::string parameter_section_bytes;
   18969   TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus;
   18970   bool is_command_parameter_encryption_possible = false;
   18971   bool is_response_parameter_encryption_possible = false;
   18972   std::string command_code_bytes;
   18973   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   18974   if (rc != TPM_RC_SUCCESS) {
   18975     return rc;
   18976   }
   18977   std::string auth_bytes;
   18978   rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes);
   18979   if (rc != TPM_RC_SUCCESS) {
   18980     return rc;
   18981   }
   18982   std::string audit_alg_bytes;
   18983   rc = Serialize_TPMI_ALG_HASH(audit_alg, &audit_alg_bytes);
   18984   if (rc != TPM_RC_SUCCESS) {
   18985     return rc;
   18986   }
   18987   std::string set_list_bytes;
   18988   rc = Serialize_TPML_CC(set_list, &set_list_bytes);
   18989   if (rc != TPM_RC_SUCCESS) {
   18990     return rc;
   18991   }
   18992   std::string clear_list_bytes;
   18993   rc = Serialize_TPML_CC(clear_list, &clear_list_bytes);
   18994   if (rc != TPM_RC_SUCCESS) {
   18995     return rc;
   18996   }
   18997   std::unique_ptr<crypto::SecureHash> hash(
   18998       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   18999   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19000   hash->Update(auth_name.data(), auth_name.size());
   19001   handle_section_bytes += auth_bytes;
   19002   command_size += auth_bytes.size();
   19003   hash->Update(audit_alg_bytes.data(), audit_alg_bytes.size());
   19004   parameter_section_bytes += audit_alg_bytes;
   19005   command_size += audit_alg_bytes.size();
   19006   hash->Update(set_list_bytes.data(), set_list_bytes.size());
   19007   parameter_section_bytes += set_list_bytes;
   19008   command_size += set_list_bytes.size();
   19009   hash->Update(clear_list_bytes.data(), clear_list_bytes.size());
   19010   parameter_section_bytes += clear_list_bytes;
   19011   command_size += clear_list_bytes.size();
   19012   std::string command_hash(32, 0);
   19013   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   19014   std::string authorization_section_bytes;
   19015   std::string authorization_size_bytes;
   19016   if (authorization_delegate) {
   19017     if (!authorization_delegate->GetCommandAuthorization(
   19018             command_hash, is_command_parameter_encryption_possible,
   19019             is_response_parameter_encryption_possible,
   19020             &authorization_section_bytes)) {
   19021       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19022     }
   19023     if (!authorization_section_bytes.empty()) {
   19024       tag = TPM_ST_SESSIONS;
   19025       std::string tmp;
   19026       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19027                             &authorization_size_bytes);
   19028       if (rc != TPM_RC_SUCCESS) {
   19029         return rc;
   19030       }
   19031       command_size +=
   19032           authorization_size_bytes.size() + authorization_section_bytes.size();
   19033     }
   19034   }
   19035   std::string tag_bytes;
   19036   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   19037   if (rc != TPM_RC_SUCCESS) {
   19038     return rc;
   19039   }
   19040   std::string command_size_bytes;
   19041   rc = Serialize_UINT32(command_size, &command_size_bytes);
   19042   if (rc != TPM_RC_SUCCESS) {
   19043     return rc;
   19044   }
   19045   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   19046                         handle_section_bytes + authorization_size_bytes +
   19047                         authorization_section_bytes + parameter_section_bytes;
   19048   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19049   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19050                                             serialized_command->size());
   19051   return TPM_RC_SUCCESS;
   19052 }
   19053 
   19054 TPM_RC Tpm::ParseResponse_SetCommandCodeAuditStatus(
   19055     const std::string& response,
   19056     AuthorizationDelegate* authorization_delegate) {
   19057   VLOG(3) << __func__;
   19058   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19059   TPM_RC rc = TPM_RC_SUCCESS;
   19060   std::string buffer(response);
   19061   TPM_ST tag;
   19062   std::string tag_bytes;
   19063   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   19064   if (rc != TPM_RC_SUCCESS) {
   19065     return rc;
   19066   }
   19067   UINT32 response_size;
   19068   std::string response_size_bytes;
   19069   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   19070   if (rc != TPM_RC_SUCCESS) {
   19071     return rc;
   19072   }
   19073   TPM_RC response_code;
   19074   std::string response_code_bytes;
   19075   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   19076   if (rc != TPM_RC_SUCCESS) {
   19077     return rc;
   19078   }
   19079   if (response_size != response.size()) {
   19080     return TPM_RC_SIZE;
   19081   }
   19082   if (response_code != TPM_RC_SUCCESS) {
   19083     return response_code;
   19084   }
   19085   TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus;
   19086   std::string command_code_bytes;
   19087   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19088   if (rc != TPM_RC_SUCCESS) {
   19089     return rc;
   19090   }
   19091   std::string authorization_section_bytes;
   19092   if (tag == TPM_ST_SESSIONS) {
   19093     UINT32 parameter_section_size = buffer.size();
   19094     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19095     if (rc != TPM_RC_SUCCESS) {
   19096       return rc;
   19097     }
   19098     if (parameter_section_size > buffer.size()) {
   19099       return TPM_RC_INSUFFICIENT;
   19100     }
   19101     authorization_section_bytes = buffer.substr(parameter_section_size);
   19102     // Keep the parameter section in |buffer|.
   19103     buffer.erase(parameter_section_size);
   19104   }
   19105   std::unique_ptr<crypto::SecureHash> hash(
   19106       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19107   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   19108   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19109   hash->Update(buffer.data(), buffer.size());
   19110   std::string response_hash(32, 0);
   19111   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   19112   if (tag == TPM_ST_SESSIONS) {
   19113     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19114     if (!authorization_delegate->CheckResponseAuthorization(
   19115             response_hash, authorization_section_bytes)) {
   19116       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19117     }
   19118   }
   19119   return TPM_RC_SUCCESS;
   19120 }
   19121 
   19122 void SetCommandCodeAuditStatusErrorCallback(
   19123     const Tpm::SetCommandCodeAuditStatusResponse& callback,
   19124     TPM_RC response_code) {
   19125   VLOG(1) << __func__;
   19126   callback.Run(response_code);
   19127 }
   19128 
   19129 void SetCommandCodeAuditStatusResponseParser(
   19130     const Tpm::SetCommandCodeAuditStatusResponse& callback,
   19131     AuthorizationDelegate* authorization_delegate,
   19132     const std::string& response) {
   19133   VLOG(1) << __func__;
   19134   base::Callback<void(TPM_RC)> error_reporter =
   19135       base::Bind(SetCommandCodeAuditStatusErrorCallback, callback);
   19136   TPM_RC rc = Tpm::ParseResponse_SetCommandCodeAuditStatus(
   19137       response, authorization_delegate);
   19138   if (rc != TPM_RC_SUCCESS) {
   19139     error_reporter.Run(rc);
   19140     return;
   19141   }
   19142   callback.Run(rc);
   19143 }
   19144 
   19145 void Tpm::SetCommandCodeAuditStatus(
   19146     const TPMI_RH_PROVISION& auth,
   19147     const std::string& auth_name,
   19148     const TPMI_ALG_HASH& audit_alg,
   19149     const TPML_CC& set_list,
   19150     const TPML_CC& clear_list,
   19151     AuthorizationDelegate* authorization_delegate,
   19152     const SetCommandCodeAuditStatusResponse& callback) {
   19153   VLOG(1) << __func__;
   19154   base::Callback<void(TPM_RC)> error_reporter =
   19155       base::Bind(SetCommandCodeAuditStatusErrorCallback, callback);
   19156   base::Callback<void(const std::string&)> parser =
   19157       base::Bind(SetCommandCodeAuditStatusResponseParser, callback,
   19158                  authorization_delegate);
   19159   std::string command;
   19160   TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus(
   19161       auth, auth_name, audit_alg, set_list, clear_list, &command,
   19162       authorization_delegate);
   19163   if (rc != TPM_RC_SUCCESS) {
   19164     error_reporter.Run(rc);
   19165     return;
   19166   }
   19167   transceiver_->SendCommand(command, parser);
   19168 }
   19169 
   19170 TPM_RC Tpm::SetCommandCodeAuditStatusSync(
   19171     const TPMI_RH_PROVISION& auth,
   19172     const std::string& auth_name,
   19173     const TPMI_ALG_HASH& audit_alg,
   19174     const TPML_CC& set_list,
   19175     const TPML_CC& clear_list,
   19176     AuthorizationDelegate* authorization_delegate) {
   19177   VLOG(1) << __func__;
   19178   std::string command;
   19179   TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus(
   19180       auth, auth_name, audit_alg, set_list, clear_list, &command,
   19181       authorization_delegate);
   19182   if (rc != TPM_RC_SUCCESS) {
   19183     return rc;
   19184   }
   19185   std::string response = transceiver_->SendCommandAndWait(command);
   19186   rc =
   19187       ParseResponse_SetCommandCodeAuditStatus(response, authorization_delegate);
   19188   return rc;
   19189 }
   19190 
   19191 TPM_RC Tpm::SerializeCommand_PCR_Extend(
   19192     const TPMI_DH_PCR& pcr_handle,
   19193     const std::string& pcr_handle_name,
   19194     const TPML_DIGEST_VALUES& digests,
   19195     std::string* serialized_command,
   19196     AuthorizationDelegate* authorization_delegate) {
   19197   VLOG(3) << __func__;
   19198   TPM_RC rc = TPM_RC_SUCCESS;
   19199   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19200   UINT32 command_size = 10;  // Header size.
   19201   std::string handle_section_bytes;
   19202   std::string parameter_section_bytes;
   19203   TPM_CC command_code = TPM_CC_PCR_Extend;
   19204   bool is_command_parameter_encryption_possible = false;
   19205   bool is_response_parameter_encryption_possible = false;
   19206   std::string command_code_bytes;
   19207   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19208   if (rc != TPM_RC_SUCCESS) {
   19209     return rc;
   19210   }
   19211   std::string pcr_handle_bytes;
   19212   rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes);
   19213   if (rc != TPM_RC_SUCCESS) {
   19214     return rc;
   19215   }
   19216   std::string digests_bytes;
   19217   rc = Serialize_TPML_DIGEST_VALUES(digests, &digests_bytes);
   19218   if (rc != TPM_RC_SUCCESS) {
   19219     return rc;
   19220   }
   19221   std::unique_ptr<crypto::SecureHash> hash(
   19222       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19223   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19224   hash->Update(pcr_handle_name.data(), pcr_handle_name.size());
   19225   handle_section_bytes += pcr_handle_bytes;
   19226   command_size += pcr_handle_bytes.size();
   19227   hash->Update(digests_bytes.data(), digests_bytes.size());
   19228   parameter_section_bytes += digests_bytes;
   19229   command_size += digests_bytes.size();
   19230   std::string command_hash(32, 0);
   19231   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   19232   std::string authorization_section_bytes;
   19233   std::string authorization_size_bytes;
   19234   if (authorization_delegate) {
   19235     if (!authorization_delegate->GetCommandAuthorization(
   19236             command_hash, is_command_parameter_encryption_possible,
   19237             is_response_parameter_encryption_possible,
   19238             &authorization_section_bytes)) {
   19239       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19240     }
   19241     if (!authorization_section_bytes.empty()) {
   19242       tag = TPM_ST_SESSIONS;
   19243       std::string tmp;
   19244       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19245                             &authorization_size_bytes);
   19246       if (rc != TPM_RC_SUCCESS) {
   19247         return rc;
   19248       }
   19249       command_size +=
   19250           authorization_size_bytes.size() + authorization_section_bytes.size();
   19251     }
   19252   }
   19253   std::string tag_bytes;
   19254   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   19255   if (rc != TPM_RC_SUCCESS) {
   19256     return rc;
   19257   }
   19258   std::string command_size_bytes;
   19259   rc = Serialize_UINT32(command_size, &command_size_bytes);
   19260   if (rc != TPM_RC_SUCCESS) {
   19261     return rc;
   19262   }
   19263   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   19264                         handle_section_bytes + authorization_size_bytes +
   19265                         authorization_section_bytes + parameter_section_bytes;
   19266   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19267   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19268                                             serialized_command->size());
   19269   return TPM_RC_SUCCESS;
   19270 }
   19271 
   19272 TPM_RC Tpm::ParseResponse_PCR_Extend(
   19273     const std::string& response,
   19274     AuthorizationDelegate* authorization_delegate) {
   19275   VLOG(3) << __func__;
   19276   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19277   TPM_RC rc = TPM_RC_SUCCESS;
   19278   std::string buffer(response);
   19279   TPM_ST tag;
   19280   std::string tag_bytes;
   19281   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   19282   if (rc != TPM_RC_SUCCESS) {
   19283     return rc;
   19284   }
   19285   UINT32 response_size;
   19286   std::string response_size_bytes;
   19287   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   19288   if (rc != TPM_RC_SUCCESS) {
   19289     return rc;
   19290   }
   19291   TPM_RC response_code;
   19292   std::string response_code_bytes;
   19293   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   19294   if (rc != TPM_RC_SUCCESS) {
   19295     return rc;
   19296   }
   19297   if (response_size != response.size()) {
   19298     return TPM_RC_SIZE;
   19299   }
   19300   if (response_code != TPM_RC_SUCCESS) {
   19301     return response_code;
   19302   }
   19303   TPM_CC command_code = TPM_CC_PCR_Extend;
   19304   std::string command_code_bytes;
   19305   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19306   if (rc != TPM_RC_SUCCESS) {
   19307     return rc;
   19308   }
   19309   std::string authorization_section_bytes;
   19310   if (tag == TPM_ST_SESSIONS) {
   19311     UINT32 parameter_section_size = buffer.size();
   19312     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19313     if (rc != TPM_RC_SUCCESS) {
   19314       return rc;
   19315     }
   19316     if (parameter_section_size > buffer.size()) {
   19317       return TPM_RC_INSUFFICIENT;
   19318     }
   19319     authorization_section_bytes = buffer.substr(parameter_section_size);
   19320     // Keep the parameter section in |buffer|.
   19321     buffer.erase(parameter_section_size);
   19322   }
   19323   std::unique_ptr<crypto::SecureHash> hash(
   19324       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19325   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   19326   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19327   hash->Update(buffer.data(), buffer.size());
   19328   std::string response_hash(32, 0);
   19329   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   19330   if (tag == TPM_ST_SESSIONS) {
   19331     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19332     if (!authorization_delegate->CheckResponseAuthorization(
   19333             response_hash, authorization_section_bytes)) {
   19334       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19335     }
   19336   }
   19337   return TPM_RC_SUCCESS;
   19338 }
   19339 
   19340 void PCR_ExtendErrorCallback(const Tpm::PCR_ExtendResponse& callback,
   19341                              TPM_RC response_code) {
   19342   VLOG(1) << __func__;
   19343   callback.Run(response_code);
   19344 }
   19345 
   19346 void PCR_ExtendResponseParser(const Tpm::PCR_ExtendResponse& callback,
   19347                               AuthorizationDelegate* authorization_delegate,
   19348                               const std::string& response) {
   19349   VLOG(1) << __func__;
   19350   base::Callback<void(TPM_RC)> error_reporter =
   19351       base::Bind(PCR_ExtendErrorCallback, callback);
   19352   TPM_RC rc = Tpm::ParseResponse_PCR_Extend(response, authorization_delegate);
   19353   if (rc != TPM_RC_SUCCESS) {
   19354     error_reporter.Run(rc);
   19355     return;
   19356   }
   19357   callback.Run(rc);
   19358 }
   19359 
   19360 void Tpm::PCR_Extend(const TPMI_DH_PCR& pcr_handle,
   19361                      const std::string& pcr_handle_name,
   19362                      const TPML_DIGEST_VALUES& digests,
   19363                      AuthorizationDelegate* authorization_delegate,
   19364                      const PCR_ExtendResponse& callback) {
   19365   VLOG(1) << __func__;
   19366   base::Callback<void(TPM_RC)> error_reporter =
   19367       base::Bind(PCR_ExtendErrorCallback, callback);
   19368   base::Callback<void(const std::string&)> parser =
   19369       base::Bind(PCR_ExtendResponseParser, callback, authorization_delegate);
   19370   std::string command;
   19371   TPM_RC rc = SerializeCommand_PCR_Extend(pcr_handle, pcr_handle_name, digests,
   19372                                           &command, authorization_delegate);
   19373   if (rc != TPM_RC_SUCCESS) {
   19374     error_reporter.Run(rc);
   19375     return;
   19376   }
   19377   transceiver_->SendCommand(command, parser);
   19378 }
   19379 
   19380 TPM_RC Tpm::PCR_ExtendSync(const TPMI_DH_PCR& pcr_handle,
   19381                            const std::string& pcr_handle_name,
   19382                            const TPML_DIGEST_VALUES& digests,
   19383                            AuthorizationDelegate* authorization_delegate) {
   19384   VLOG(1) << __func__;
   19385   std::string command;
   19386   TPM_RC rc = SerializeCommand_PCR_Extend(pcr_handle, pcr_handle_name, digests,
   19387                                           &command, authorization_delegate);
   19388   if (rc != TPM_RC_SUCCESS) {
   19389     return rc;
   19390   }
   19391   std::string response = transceiver_->SendCommandAndWait(command);
   19392   rc = ParseResponse_PCR_Extend(response, authorization_delegate);
   19393   return rc;
   19394 }
   19395 
   19396 TPM_RC Tpm::SerializeCommand_PCR_Event(
   19397     const TPMI_DH_PCR& pcr_handle,
   19398     const std::string& pcr_handle_name,
   19399     const TPM2B_EVENT& event_data,
   19400     std::string* serialized_command,
   19401     AuthorizationDelegate* authorization_delegate) {
   19402   VLOG(3) << __func__;
   19403   TPM_RC rc = TPM_RC_SUCCESS;
   19404   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19405   UINT32 command_size = 10;  // Header size.
   19406   std::string handle_section_bytes;
   19407   std::string parameter_section_bytes;
   19408   TPM_CC command_code = TPM_CC_PCR_Event;
   19409   bool is_command_parameter_encryption_possible = true;
   19410   bool is_response_parameter_encryption_possible = false;
   19411   std::string command_code_bytes;
   19412   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19413   if (rc != TPM_RC_SUCCESS) {
   19414     return rc;
   19415   }
   19416   std::string pcr_handle_bytes;
   19417   rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes);
   19418   if (rc != TPM_RC_SUCCESS) {
   19419     return rc;
   19420   }
   19421   std::string event_data_bytes;
   19422   rc = Serialize_TPM2B_EVENT(event_data, &event_data_bytes);
   19423   if (rc != TPM_RC_SUCCESS) {
   19424     return rc;
   19425   }
   19426   if (authorization_delegate) {
   19427     // Encrypt just the parameter data, not the size.
   19428     std::string tmp = event_data_bytes.substr(2);
   19429     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   19430       return TRUNKS_RC_ENCRYPTION_FAILED;
   19431     }
   19432     event_data_bytes.replace(2, std::string::npos, tmp);
   19433   }
   19434   std::unique_ptr<crypto::SecureHash> hash(
   19435       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19436   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19437   hash->Update(pcr_handle_name.data(), pcr_handle_name.size());
   19438   handle_section_bytes += pcr_handle_bytes;
   19439   command_size += pcr_handle_bytes.size();
   19440   hash->Update(event_data_bytes.data(), event_data_bytes.size());
   19441   parameter_section_bytes += event_data_bytes;
   19442   command_size += event_data_bytes.size();
   19443   std::string command_hash(32, 0);
   19444   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   19445   std::string authorization_section_bytes;
   19446   std::string authorization_size_bytes;
   19447   if (authorization_delegate) {
   19448     if (!authorization_delegate->GetCommandAuthorization(
   19449             command_hash, is_command_parameter_encryption_possible,
   19450             is_response_parameter_encryption_possible,
   19451             &authorization_section_bytes)) {
   19452       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19453     }
   19454     if (!authorization_section_bytes.empty()) {
   19455       tag = TPM_ST_SESSIONS;
   19456       std::string tmp;
   19457       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19458                             &authorization_size_bytes);
   19459       if (rc != TPM_RC_SUCCESS) {
   19460         return rc;
   19461       }
   19462       command_size +=
   19463           authorization_size_bytes.size() + authorization_section_bytes.size();
   19464     }
   19465   }
   19466   std::string tag_bytes;
   19467   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   19468   if (rc != TPM_RC_SUCCESS) {
   19469     return rc;
   19470   }
   19471   std::string command_size_bytes;
   19472   rc = Serialize_UINT32(command_size, &command_size_bytes);
   19473   if (rc != TPM_RC_SUCCESS) {
   19474     return rc;
   19475   }
   19476   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   19477                         handle_section_bytes + authorization_size_bytes +
   19478                         authorization_section_bytes + parameter_section_bytes;
   19479   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19480   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19481                                             serialized_command->size());
   19482   return TPM_RC_SUCCESS;
   19483 }
   19484 
   19485 TPM_RC Tpm::ParseResponse_PCR_Event(
   19486     const std::string& response,
   19487     TPML_DIGEST_VALUES* digests,
   19488     AuthorizationDelegate* authorization_delegate) {
   19489   VLOG(3) << __func__;
   19490   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19491   TPM_RC rc = TPM_RC_SUCCESS;
   19492   std::string buffer(response);
   19493   TPM_ST tag;
   19494   std::string tag_bytes;
   19495   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   19496   if (rc != TPM_RC_SUCCESS) {
   19497     return rc;
   19498   }
   19499   UINT32 response_size;
   19500   std::string response_size_bytes;
   19501   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   19502   if (rc != TPM_RC_SUCCESS) {
   19503     return rc;
   19504   }
   19505   TPM_RC response_code;
   19506   std::string response_code_bytes;
   19507   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   19508   if (rc != TPM_RC_SUCCESS) {
   19509     return rc;
   19510   }
   19511   if (response_size != response.size()) {
   19512     return TPM_RC_SIZE;
   19513   }
   19514   if (response_code != TPM_RC_SUCCESS) {
   19515     return response_code;
   19516   }
   19517   TPM_CC command_code = TPM_CC_PCR_Event;
   19518   std::string command_code_bytes;
   19519   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19520   if (rc != TPM_RC_SUCCESS) {
   19521     return rc;
   19522   }
   19523   std::string authorization_section_bytes;
   19524   if (tag == TPM_ST_SESSIONS) {
   19525     UINT32 parameter_section_size = buffer.size();
   19526     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19527     if (rc != TPM_RC_SUCCESS) {
   19528       return rc;
   19529     }
   19530     if (parameter_section_size > buffer.size()) {
   19531       return TPM_RC_INSUFFICIENT;
   19532     }
   19533     authorization_section_bytes = buffer.substr(parameter_section_size);
   19534     // Keep the parameter section in |buffer|.
   19535     buffer.erase(parameter_section_size);
   19536   }
   19537   std::unique_ptr<crypto::SecureHash> hash(
   19538       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19539   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   19540   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19541   hash->Update(buffer.data(), buffer.size());
   19542   std::string response_hash(32, 0);
   19543   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   19544   if (tag == TPM_ST_SESSIONS) {
   19545     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19546     if (!authorization_delegate->CheckResponseAuthorization(
   19547             response_hash, authorization_section_bytes)) {
   19548       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19549     }
   19550   }
   19551   std::string digests_bytes;
   19552   rc = Parse_TPML_DIGEST_VALUES(&buffer, digests, &digests_bytes);
   19553   if (rc != TPM_RC_SUCCESS) {
   19554     return rc;
   19555   }
   19556   return TPM_RC_SUCCESS;
   19557 }
   19558 
   19559 void PCR_EventErrorCallback(const Tpm::PCR_EventResponse& callback,
   19560                             TPM_RC response_code) {
   19561   VLOG(1) << __func__;
   19562   callback.Run(response_code, TPML_DIGEST_VALUES());
   19563 }
   19564 
   19565 void PCR_EventResponseParser(const Tpm::PCR_EventResponse& callback,
   19566                              AuthorizationDelegate* authorization_delegate,
   19567                              const std::string& response) {
   19568   VLOG(1) << __func__;
   19569   base::Callback<void(TPM_RC)> error_reporter =
   19570       base::Bind(PCR_EventErrorCallback, callback);
   19571   TPML_DIGEST_VALUES digests;
   19572   TPM_RC rc =
   19573       Tpm::ParseResponse_PCR_Event(response, &digests, authorization_delegate);
   19574   if (rc != TPM_RC_SUCCESS) {
   19575     error_reporter.Run(rc);
   19576     return;
   19577   }
   19578   callback.Run(rc, digests);
   19579 }
   19580 
   19581 void Tpm::PCR_Event(const TPMI_DH_PCR& pcr_handle,
   19582                     const std::string& pcr_handle_name,
   19583                     const TPM2B_EVENT& event_data,
   19584                     AuthorizationDelegate* authorization_delegate,
   19585                     const PCR_EventResponse& callback) {
   19586   VLOG(1) << __func__;
   19587   base::Callback<void(TPM_RC)> error_reporter =
   19588       base::Bind(PCR_EventErrorCallback, callback);
   19589   base::Callback<void(const std::string&)> parser =
   19590       base::Bind(PCR_EventResponseParser, callback, authorization_delegate);
   19591   std::string command;
   19592   TPM_RC rc =
   19593       SerializeCommand_PCR_Event(pcr_handle, pcr_handle_name, event_data,
   19594                                  &command, authorization_delegate);
   19595   if (rc != TPM_RC_SUCCESS) {
   19596     error_reporter.Run(rc);
   19597     return;
   19598   }
   19599   transceiver_->SendCommand(command, parser);
   19600 }
   19601 
   19602 TPM_RC Tpm::PCR_EventSync(const TPMI_DH_PCR& pcr_handle,
   19603                           const std::string& pcr_handle_name,
   19604                           const TPM2B_EVENT& event_data,
   19605                           TPML_DIGEST_VALUES* digests,
   19606                           AuthorizationDelegate* authorization_delegate) {
   19607   VLOG(1) << __func__;
   19608   std::string command;
   19609   TPM_RC rc =
   19610       SerializeCommand_PCR_Event(pcr_handle, pcr_handle_name, event_data,
   19611                                  &command, authorization_delegate);
   19612   if (rc != TPM_RC_SUCCESS) {
   19613     return rc;
   19614   }
   19615   std::string response = transceiver_->SendCommandAndWait(command);
   19616   rc = ParseResponse_PCR_Event(response, digests, authorization_delegate);
   19617   return rc;
   19618 }
   19619 
   19620 TPM_RC Tpm::SerializeCommand_PCR_Read(
   19621     const TPML_PCR_SELECTION& pcr_selection_in,
   19622     std::string* serialized_command,
   19623     AuthorizationDelegate* authorization_delegate) {
   19624   VLOG(3) << __func__;
   19625   TPM_RC rc = TPM_RC_SUCCESS;
   19626   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19627   UINT32 command_size = 10;  // Header size.
   19628   std::string handle_section_bytes;
   19629   std::string parameter_section_bytes;
   19630   TPM_CC command_code = TPM_CC_PCR_Read;
   19631   bool is_command_parameter_encryption_possible = false;
   19632   bool is_response_parameter_encryption_possible = false;
   19633   std::string command_code_bytes;
   19634   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19635   if (rc != TPM_RC_SUCCESS) {
   19636     return rc;
   19637   }
   19638   std::string pcr_selection_in_bytes;
   19639   rc = Serialize_TPML_PCR_SELECTION(pcr_selection_in, &pcr_selection_in_bytes);
   19640   if (rc != TPM_RC_SUCCESS) {
   19641     return rc;
   19642   }
   19643   std::unique_ptr<crypto::SecureHash> hash(
   19644       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19645   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19646   hash->Update(pcr_selection_in_bytes.data(), pcr_selection_in_bytes.size());
   19647   parameter_section_bytes += pcr_selection_in_bytes;
   19648   command_size += pcr_selection_in_bytes.size();
   19649   std::string command_hash(32, 0);
   19650   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   19651   std::string authorization_section_bytes;
   19652   std::string authorization_size_bytes;
   19653   if (authorization_delegate) {
   19654     if (!authorization_delegate->GetCommandAuthorization(
   19655             command_hash, is_command_parameter_encryption_possible,
   19656             is_response_parameter_encryption_possible,
   19657             &authorization_section_bytes)) {
   19658       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19659     }
   19660     if (!authorization_section_bytes.empty()) {
   19661       tag = TPM_ST_SESSIONS;
   19662       std::string tmp;
   19663       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19664                             &authorization_size_bytes);
   19665       if (rc != TPM_RC_SUCCESS) {
   19666         return rc;
   19667       }
   19668       command_size +=
   19669           authorization_size_bytes.size() + authorization_section_bytes.size();
   19670     }
   19671   }
   19672   std::string tag_bytes;
   19673   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   19674   if (rc != TPM_RC_SUCCESS) {
   19675     return rc;
   19676   }
   19677   std::string command_size_bytes;
   19678   rc = Serialize_UINT32(command_size, &command_size_bytes);
   19679   if (rc != TPM_RC_SUCCESS) {
   19680     return rc;
   19681   }
   19682   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   19683                         handle_section_bytes + authorization_size_bytes +
   19684                         authorization_section_bytes + parameter_section_bytes;
   19685   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19686   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19687                                             serialized_command->size());
   19688   return TPM_RC_SUCCESS;
   19689 }
   19690 
   19691 TPM_RC Tpm::ParseResponse_PCR_Read(
   19692     const std::string& response,
   19693     UINT32* pcr_update_counter,
   19694     TPML_PCR_SELECTION* pcr_selection_out,
   19695     TPML_DIGEST* pcr_values,
   19696     AuthorizationDelegate* authorization_delegate) {
   19697   VLOG(3) << __func__;
   19698   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19699   TPM_RC rc = TPM_RC_SUCCESS;
   19700   std::string buffer(response);
   19701   TPM_ST tag;
   19702   std::string tag_bytes;
   19703   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   19704   if (rc != TPM_RC_SUCCESS) {
   19705     return rc;
   19706   }
   19707   UINT32 response_size;
   19708   std::string response_size_bytes;
   19709   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   19710   if (rc != TPM_RC_SUCCESS) {
   19711     return rc;
   19712   }
   19713   TPM_RC response_code;
   19714   std::string response_code_bytes;
   19715   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   19716   if (rc != TPM_RC_SUCCESS) {
   19717     return rc;
   19718   }
   19719   if (response_size != response.size()) {
   19720     return TPM_RC_SIZE;
   19721   }
   19722   if (response_code != TPM_RC_SUCCESS) {
   19723     return response_code;
   19724   }
   19725   TPM_CC command_code = TPM_CC_PCR_Read;
   19726   std::string command_code_bytes;
   19727   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19728   if (rc != TPM_RC_SUCCESS) {
   19729     return rc;
   19730   }
   19731   std::string authorization_section_bytes;
   19732   if (tag == TPM_ST_SESSIONS) {
   19733     UINT32 parameter_section_size = buffer.size();
   19734     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19735     if (rc != TPM_RC_SUCCESS) {
   19736       return rc;
   19737     }
   19738     if (parameter_section_size > buffer.size()) {
   19739       return TPM_RC_INSUFFICIENT;
   19740     }
   19741     authorization_section_bytes = buffer.substr(parameter_section_size);
   19742     // Keep the parameter section in |buffer|.
   19743     buffer.erase(parameter_section_size);
   19744   }
   19745   std::unique_ptr<crypto::SecureHash> hash(
   19746       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19747   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   19748   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19749   hash->Update(buffer.data(), buffer.size());
   19750   std::string response_hash(32, 0);
   19751   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   19752   if (tag == TPM_ST_SESSIONS) {
   19753     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19754     if (!authorization_delegate->CheckResponseAuthorization(
   19755             response_hash, authorization_section_bytes)) {
   19756       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19757     }
   19758   }
   19759   std::string pcr_update_counter_bytes;
   19760   rc = Parse_UINT32(&buffer, pcr_update_counter, &pcr_update_counter_bytes);
   19761   if (rc != TPM_RC_SUCCESS) {
   19762     return rc;
   19763   }
   19764   std::string pcr_selection_out_bytes;
   19765   rc = Parse_TPML_PCR_SELECTION(&buffer, pcr_selection_out,
   19766                                 &pcr_selection_out_bytes);
   19767   if (rc != TPM_RC_SUCCESS) {
   19768     return rc;
   19769   }
   19770   std::string pcr_values_bytes;
   19771   rc = Parse_TPML_DIGEST(&buffer, pcr_values, &pcr_values_bytes);
   19772   if (rc != TPM_RC_SUCCESS) {
   19773     return rc;
   19774   }
   19775   return TPM_RC_SUCCESS;
   19776 }
   19777 
   19778 void PCR_ReadErrorCallback(const Tpm::PCR_ReadResponse& callback,
   19779                            TPM_RC response_code) {
   19780   VLOG(1) << __func__;
   19781   callback.Run(response_code, UINT32(), TPML_PCR_SELECTION(), TPML_DIGEST());
   19782 }
   19783 
   19784 void PCR_ReadResponseParser(const Tpm::PCR_ReadResponse& callback,
   19785                             AuthorizationDelegate* authorization_delegate,
   19786                             const std::string& response) {
   19787   VLOG(1) << __func__;
   19788   base::Callback<void(TPM_RC)> error_reporter =
   19789       base::Bind(PCR_ReadErrorCallback, callback);
   19790   UINT32 pcr_update_counter;
   19791   TPML_PCR_SELECTION pcr_selection_out;
   19792   TPML_DIGEST pcr_values;
   19793   TPM_RC rc = Tpm::ParseResponse_PCR_Read(response, &pcr_update_counter,
   19794                                           &pcr_selection_out, &pcr_values,
   19795                                           authorization_delegate);
   19796   if (rc != TPM_RC_SUCCESS) {
   19797     error_reporter.Run(rc);
   19798     return;
   19799   }
   19800   callback.Run(rc, pcr_update_counter, pcr_selection_out, pcr_values);
   19801 }
   19802 
   19803 void Tpm::PCR_Read(const TPML_PCR_SELECTION& pcr_selection_in,
   19804                    AuthorizationDelegate* authorization_delegate,
   19805                    const PCR_ReadResponse& callback) {
   19806   VLOG(1) << __func__;
   19807   base::Callback<void(TPM_RC)> error_reporter =
   19808       base::Bind(PCR_ReadErrorCallback, callback);
   19809   base::Callback<void(const std::string&)> parser =
   19810       base::Bind(PCR_ReadResponseParser, callback, authorization_delegate);
   19811   std::string command;
   19812   TPM_RC rc = SerializeCommand_PCR_Read(pcr_selection_in, &command,
   19813                                         authorization_delegate);
   19814   if (rc != TPM_RC_SUCCESS) {
   19815     error_reporter.Run(rc);
   19816     return;
   19817   }
   19818   transceiver_->SendCommand(command, parser);
   19819 }
   19820 
   19821 TPM_RC Tpm::PCR_ReadSync(const TPML_PCR_SELECTION& pcr_selection_in,
   19822                          UINT32* pcr_update_counter,
   19823                          TPML_PCR_SELECTION* pcr_selection_out,
   19824                          TPML_DIGEST* pcr_values,
   19825                          AuthorizationDelegate* authorization_delegate) {
   19826   VLOG(1) << __func__;
   19827   std::string command;
   19828   TPM_RC rc = SerializeCommand_PCR_Read(pcr_selection_in, &command,
   19829                                         authorization_delegate);
   19830   if (rc != TPM_RC_SUCCESS) {
   19831     return rc;
   19832   }
   19833   std::string response = transceiver_->SendCommandAndWait(command);
   19834   rc = ParseResponse_PCR_Read(response, pcr_update_counter, pcr_selection_out,
   19835                               pcr_values, authorization_delegate);
   19836   return rc;
   19837 }
   19838 
   19839 TPM_RC Tpm::SerializeCommand_PCR_Allocate(
   19840     const TPMI_RH_PLATFORM& auth_handle,
   19841     const std::string& auth_handle_name,
   19842     const TPML_PCR_SELECTION& pcr_allocation,
   19843     std::string* serialized_command,
   19844     AuthorizationDelegate* authorization_delegate) {
   19845   VLOG(3) << __func__;
   19846   TPM_RC rc = TPM_RC_SUCCESS;
   19847   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19848   UINT32 command_size = 10;  // Header size.
   19849   std::string handle_section_bytes;
   19850   std::string parameter_section_bytes;
   19851   TPM_CC command_code = TPM_CC_PCR_Allocate;
   19852   bool is_command_parameter_encryption_possible = false;
   19853   bool is_response_parameter_encryption_possible = false;
   19854   std::string command_code_bytes;
   19855   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19856   if (rc != TPM_RC_SUCCESS) {
   19857     return rc;
   19858   }
   19859   std::string auth_handle_bytes;
   19860   rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes);
   19861   if (rc != TPM_RC_SUCCESS) {
   19862     return rc;
   19863   }
   19864   std::string pcr_allocation_bytes;
   19865   rc = Serialize_TPML_PCR_SELECTION(pcr_allocation, &pcr_allocation_bytes);
   19866   if (rc != TPM_RC_SUCCESS) {
   19867     return rc;
   19868   }
   19869   std::unique_ptr<crypto::SecureHash> hash(
   19870       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19871   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19872   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   19873   handle_section_bytes += auth_handle_bytes;
   19874   command_size += auth_handle_bytes.size();
   19875   hash->Update(pcr_allocation_bytes.data(), pcr_allocation_bytes.size());
   19876   parameter_section_bytes += pcr_allocation_bytes;
   19877   command_size += pcr_allocation_bytes.size();
   19878   std::string command_hash(32, 0);
   19879   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   19880   std::string authorization_section_bytes;
   19881   std::string authorization_size_bytes;
   19882   if (authorization_delegate) {
   19883     if (!authorization_delegate->GetCommandAuthorization(
   19884             command_hash, is_command_parameter_encryption_possible,
   19885             is_response_parameter_encryption_possible,
   19886             &authorization_section_bytes)) {
   19887       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19888     }
   19889     if (!authorization_section_bytes.empty()) {
   19890       tag = TPM_ST_SESSIONS;
   19891       std::string tmp;
   19892       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19893                             &authorization_size_bytes);
   19894       if (rc != TPM_RC_SUCCESS) {
   19895         return rc;
   19896       }
   19897       command_size +=
   19898           authorization_size_bytes.size() + authorization_section_bytes.size();
   19899     }
   19900   }
   19901   std::string tag_bytes;
   19902   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   19903   if (rc != TPM_RC_SUCCESS) {
   19904     return rc;
   19905   }
   19906   std::string command_size_bytes;
   19907   rc = Serialize_UINT32(command_size, &command_size_bytes);
   19908   if (rc != TPM_RC_SUCCESS) {
   19909     return rc;
   19910   }
   19911   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   19912                         handle_section_bytes + authorization_size_bytes +
   19913                         authorization_section_bytes + parameter_section_bytes;
   19914   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19915   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19916                                             serialized_command->size());
   19917   return TPM_RC_SUCCESS;
   19918 }
   19919 
   19920 TPM_RC Tpm::ParseResponse_PCR_Allocate(
   19921     const std::string& response,
   19922     TPMI_YES_NO* allocation_success,
   19923     UINT32* max_pcr,
   19924     UINT32* size_needed,
   19925     UINT32* size_available,
   19926     AuthorizationDelegate* authorization_delegate) {
   19927   VLOG(3) << __func__;
   19928   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19929   TPM_RC rc = TPM_RC_SUCCESS;
   19930   std::string buffer(response);
   19931   TPM_ST tag;
   19932   std::string tag_bytes;
   19933   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   19934   if (rc != TPM_RC_SUCCESS) {
   19935     return rc;
   19936   }
   19937   UINT32 response_size;
   19938   std::string response_size_bytes;
   19939   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   19940   if (rc != TPM_RC_SUCCESS) {
   19941     return rc;
   19942   }
   19943   TPM_RC response_code;
   19944   std::string response_code_bytes;
   19945   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   19946   if (rc != TPM_RC_SUCCESS) {
   19947     return rc;
   19948   }
   19949   if (response_size != response.size()) {
   19950     return TPM_RC_SIZE;
   19951   }
   19952   if (response_code != TPM_RC_SUCCESS) {
   19953     return response_code;
   19954   }
   19955   TPM_CC command_code = TPM_CC_PCR_Allocate;
   19956   std::string command_code_bytes;
   19957   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   19958   if (rc != TPM_RC_SUCCESS) {
   19959     return rc;
   19960   }
   19961   std::string authorization_section_bytes;
   19962   if (tag == TPM_ST_SESSIONS) {
   19963     UINT32 parameter_section_size = buffer.size();
   19964     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19965     if (rc != TPM_RC_SUCCESS) {
   19966       return rc;
   19967     }
   19968     if (parameter_section_size > buffer.size()) {
   19969       return TPM_RC_INSUFFICIENT;
   19970     }
   19971     authorization_section_bytes = buffer.substr(parameter_section_size);
   19972     // Keep the parameter section in |buffer|.
   19973     buffer.erase(parameter_section_size);
   19974   }
   19975   std::unique_ptr<crypto::SecureHash> hash(
   19976       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   19977   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   19978   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   19979   hash->Update(buffer.data(), buffer.size());
   19980   std::string response_hash(32, 0);
   19981   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   19982   if (tag == TPM_ST_SESSIONS) {
   19983     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19984     if (!authorization_delegate->CheckResponseAuthorization(
   19985             response_hash, authorization_section_bytes)) {
   19986       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19987     }
   19988   }
   19989   std::string allocation_success_bytes;
   19990   rc =
   19991       Parse_TPMI_YES_NO(&buffer, allocation_success, &allocation_success_bytes);
   19992   if (rc != TPM_RC_SUCCESS) {
   19993     return rc;
   19994   }
   19995   std::string max_pcr_bytes;
   19996   rc = Parse_UINT32(&buffer, max_pcr, &max_pcr_bytes);
   19997   if (rc != TPM_RC_SUCCESS) {
   19998     return rc;
   19999   }
   20000   std::string size_needed_bytes;
   20001   rc = Parse_UINT32(&buffer, size_needed, &size_needed_bytes);
   20002   if (rc != TPM_RC_SUCCESS) {
   20003     return rc;
   20004   }
   20005   std::string size_available_bytes;
   20006   rc = Parse_UINT32(&buffer, size_available, &size_available_bytes);
   20007   if (rc != TPM_RC_SUCCESS) {
   20008     return rc;
   20009   }
   20010   return TPM_RC_SUCCESS;
   20011 }
   20012 
   20013 void PCR_AllocateErrorCallback(const Tpm::PCR_AllocateResponse& callback,
   20014                                TPM_RC response_code) {
   20015   VLOG(1) << __func__;
   20016   callback.Run(response_code, TPMI_YES_NO(), UINT32(), UINT32(), UINT32());
   20017 }
   20018 
   20019 void PCR_AllocateResponseParser(const Tpm::PCR_AllocateResponse& callback,
   20020                                 AuthorizationDelegate* authorization_delegate,
   20021                                 const std::string& response) {
   20022   VLOG(1) << __func__;
   20023   base::Callback<void(TPM_RC)> error_reporter =
   20024       base::Bind(PCR_AllocateErrorCallback, callback);
   20025   TPMI_YES_NO allocation_success;
   20026   UINT32 max_pcr;
   20027   UINT32 size_needed;
   20028   UINT32 size_available;
   20029   TPM_RC rc = Tpm::ParseResponse_PCR_Allocate(
   20030       response, &allocation_success, &max_pcr, &size_needed, &size_available,
   20031       authorization_delegate);
   20032   if (rc != TPM_RC_SUCCESS) {
   20033     error_reporter.Run(rc);
   20034     return;
   20035   }
   20036   callback.Run(rc, allocation_success, max_pcr, size_needed, size_available);
   20037 }
   20038 
   20039 void Tpm::PCR_Allocate(const TPMI_RH_PLATFORM& auth_handle,
   20040                        const std::string& auth_handle_name,
   20041                        const TPML_PCR_SELECTION& pcr_allocation,
   20042                        AuthorizationDelegate* authorization_delegate,
   20043                        const PCR_AllocateResponse& callback) {
   20044   VLOG(1) << __func__;
   20045   base::Callback<void(TPM_RC)> error_reporter =
   20046       base::Bind(PCR_AllocateErrorCallback, callback);
   20047   base::Callback<void(const std::string&)> parser =
   20048       base::Bind(PCR_AllocateResponseParser, callback, authorization_delegate);
   20049   std::string command;
   20050   TPM_RC rc = SerializeCommand_PCR_Allocate(auth_handle, auth_handle_name,
   20051                                             pcr_allocation, &command,
   20052                                             authorization_delegate);
   20053   if (rc != TPM_RC_SUCCESS) {
   20054     error_reporter.Run(rc);
   20055     return;
   20056   }
   20057   transceiver_->SendCommand(command, parser);
   20058 }
   20059 
   20060 TPM_RC Tpm::PCR_AllocateSync(const TPMI_RH_PLATFORM& auth_handle,
   20061                              const std::string& auth_handle_name,
   20062                              const TPML_PCR_SELECTION& pcr_allocation,
   20063                              TPMI_YES_NO* allocation_success,
   20064                              UINT32* max_pcr,
   20065                              UINT32* size_needed,
   20066                              UINT32* size_available,
   20067                              AuthorizationDelegate* authorization_delegate) {
   20068   VLOG(1) << __func__;
   20069   std::string command;
   20070   TPM_RC rc = SerializeCommand_PCR_Allocate(auth_handle, auth_handle_name,
   20071                                             pcr_allocation, &command,
   20072                                             authorization_delegate);
   20073   if (rc != TPM_RC_SUCCESS) {
   20074     return rc;
   20075   }
   20076   std::string response = transceiver_->SendCommandAndWait(command);
   20077   rc = ParseResponse_PCR_Allocate(response, allocation_success, max_pcr,
   20078                                   size_needed, size_available,
   20079                                   authorization_delegate);
   20080   return rc;
   20081 }
   20082 
   20083 TPM_RC Tpm::SerializeCommand_PCR_SetAuthPolicy(
   20084     const TPMI_RH_PLATFORM& auth_handle,
   20085     const std::string& auth_handle_name,
   20086     const TPMI_DH_PCR& pcr_num,
   20087     const std::string& pcr_num_name,
   20088     const TPM2B_DIGEST& auth_policy,
   20089     const TPMI_ALG_HASH& policy_digest,
   20090     std::string* serialized_command,
   20091     AuthorizationDelegate* authorization_delegate) {
   20092   VLOG(3) << __func__;
   20093   TPM_RC rc = TPM_RC_SUCCESS;
   20094   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20095   UINT32 command_size = 10;  // Header size.
   20096   std::string handle_section_bytes;
   20097   std::string parameter_section_bytes;
   20098   TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy;
   20099   bool is_command_parameter_encryption_possible = true;
   20100   bool is_response_parameter_encryption_possible = false;
   20101   std::string command_code_bytes;
   20102   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20103   if (rc != TPM_RC_SUCCESS) {
   20104     return rc;
   20105   }
   20106   std::string auth_handle_bytes;
   20107   rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes);
   20108   if (rc != TPM_RC_SUCCESS) {
   20109     return rc;
   20110   }
   20111   std::string auth_policy_bytes;
   20112   rc = Serialize_TPM2B_DIGEST(auth_policy, &auth_policy_bytes);
   20113   if (rc != TPM_RC_SUCCESS) {
   20114     return rc;
   20115   }
   20116   std::string policy_digest_bytes;
   20117   rc = Serialize_TPMI_ALG_HASH(policy_digest, &policy_digest_bytes);
   20118   if (rc != TPM_RC_SUCCESS) {
   20119     return rc;
   20120   }
   20121   std::string pcr_num_bytes;
   20122   rc = Serialize_TPMI_DH_PCR(pcr_num, &pcr_num_bytes);
   20123   if (rc != TPM_RC_SUCCESS) {
   20124     return rc;
   20125   }
   20126   if (authorization_delegate) {
   20127     // Encrypt just the parameter data, not the size.
   20128     std::string tmp = auth_policy_bytes.substr(2);
   20129     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20130       return TRUNKS_RC_ENCRYPTION_FAILED;
   20131     }
   20132     auth_policy_bytes.replace(2, std::string::npos, tmp);
   20133   }
   20134   std::unique_ptr<crypto::SecureHash> hash(
   20135       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20136   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20137   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   20138   handle_section_bytes += auth_handle_bytes;
   20139   command_size += auth_handle_bytes.size();
   20140   hash->Update(pcr_num_name.data(), pcr_num_name.size());
   20141   handle_section_bytes += pcr_num_bytes;
   20142   command_size += pcr_num_bytes.size();
   20143   hash->Update(auth_policy_bytes.data(), auth_policy_bytes.size());
   20144   parameter_section_bytes += auth_policy_bytes;
   20145   command_size += auth_policy_bytes.size();
   20146   hash->Update(policy_digest_bytes.data(), policy_digest_bytes.size());
   20147   parameter_section_bytes += policy_digest_bytes;
   20148   command_size += policy_digest_bytes.size();
   20149   std::string command_hash(32, 0);
   20150   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   20151   std::string authorization_section_bytes;
   20152   std::string authorization_size_bytes;
   20153   if (authorization_delegate) {
   20154     if (!authorization_delegate->GetCommandAuthorization(
   20155             command_hash, is_command_parameter_encryption_possible,
   20156             is_response_parameter_encryption_possible,
   20157             &authorization_section_bytes)) {
   20158       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20159     }
   20160     if (!authorization_section_bytes.empty()) {
   20161       tag = TPM_ST_SESSIONS;
   20162       std::string tmp;
   20163       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20164                             &authorization_size_bytes);
   20165       if (rc != TPM_RC_SUCCESS) {
   20166         return rc;
   20167       }
   20168       command_size +=
   20169           authorization_size_bytes.size() + authorization_section_bytes.size();
   20170     }
   20171   }
   20172   std::string tag_bytes;
   20173   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   20174   if (rc != TPM_RC_SUCCESS) {
   20175     return rc;
   20176   }
   20177   std::string command_size_bytes;
   20178   rc = Serialize_UINT32(command_size, &command_size_bytes);
   20179   if (rc != TPM_RC_SUCCESS) {
   20180     return rc;
   20181   }
   20182   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   20183                         handle_section_bytes + authorization_size_bytes +
   20184                         authorization_section_bytes + parameter_section_bytes;
   20185   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20186   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20187                                             serialized_command->size());
   20188   return TPM_RC_SUCCESS;
   20189 }
   20190 
   20191 TPM_RC Tpm::ParseResponse_PCR_SetAuthPolicy(
   20192     const std::string& response,
   20193     AuthorizationDelegate* authorization_delegate) {
   20194   VLOG(3) << __func__;
   20195   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20196   TPM_RC rc = TPM_RC_SUCCESS;
   20197   std::string buffer(response);
   20198   TPM_ST tag;
   20199   std::string tag_bytes;
   20200   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   20201   if (rc != TPM_RC_SUCCESS) {
   20202     return rc;
   20203   }
   20204   UINT32 response_size;
   20205   std::string response_size_bytes;
   20206   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   20207   if (rc != TPM_RC_SUCCESS) {
   20208     return rc;
   20209   }
   20210   TPM_RC response_code;
   20211   std::string response_code_bytes;
   20212   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   20213   if (rc != TPM_RC_SUCCESS) {
   20214     return rc;
   20215   }
   20216   if (response_size != response.size()) {
   20217     return TPM_RC_SIZE;
   20218   }
   20219   if (response_code != TPM_RC_SUCCESS) {
   20220     return response_code;
   20221   }
   20222   TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy;
   20223   std::string command_code_bytes;
   20224   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20225   if (rc != TPM_RC_SUCCESS) {
   20226     return rc;
   20227   }
   20228   std::string authorization_section_bytes;
   20229   if (tag == TPM_ST_SESSIONS) {
   20230     UINT32 parameter_section_size = buffer.size();
   20231     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20232     if (rc != TPM_RC_SUCCESS) {
   20233       return rc;
   20234     }
   20235     if (parameter_section_size > buffer.size()) {
   20236       return TPM_RC_INSUFFICIENT;
   20237     }
   20238     authorization_section_bytes = buffer.substr(parameter_section_size);
   20239     // Keep the parameter section in |buffer|.
   20240     buffer.erase(parameter_section_size);
   20241   }
   20242   std::unique_ptr<crypto::SecureHash> hash(
   20243       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20244   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   20245   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20246   hash->Update(buffer.data(), buffer.size());
   20247   std::string response_hash(32, 0);
   20248   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   20249   if (tag == TPM_ST_SESSIONS) {
   20250     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20251     if (!authorization_delegate->CheckResponseAuthorization(
   20252             response_hash, authorization_section_bytes)) {
   20253       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20254     }
   20255   }
   20256   return TPM_RC_SUCCESS;
   20257 }
   20258 
   20259 void PCR_SetAuthPolicyErrorCallback(
   20260     const Tpm::PCR_SetAuthPolicyResponse& callback,
   20261     TPM_RC response_code) {
   20262   VLOG(1) << __func__;
   20263   callback.Run(response_code);
   20264 }
   20265 
   20266 void PCR_SetAuthPolicyResponseParser(
   20267     const Tpm::PCR_SetAuthPolicyResponse& callback,
   20268     AuthorizationDelegate* authorization_delegate,
   20269     const std::string& response) {
   20270   VLOG(1) << __func__;
   20271   base::Callback<void(TPM_RC)> error_reporter =
   20272       base::Bind(PCR_SetAuthPolicyErrorCallback, callback);
   20273   TPM_RC rc =
   20274       Tpm::ParseResponse_PCR_SetAuthPolicy(response, authorization_delegate);
   20275   if (rc != TPM_RC_SUCCESS) {
   20276     error_reporter.Run(rc);
   20277     return;
   20278   }
   20279   callback.Run(rc);
   20280 }
   20281 
   20282 void Tpm::PCR_SetAuthPolicy(const TPMI_RH_PLATFORM& auth_handle,
   20283                             const std::string& auth_handle_name,
   20284                             const TPMI_DH_PCR& pcr_num,
   20285                             const std::string& pcr_num_name,
   20286                             const TPM2B_DIGEST& auth_policy,
   20287                             const TPMI_ALG_HASH& policy_digest,
   20288                             AuthorizationDelegate* authorization_delegate,
   20289                             const PCR_SetAuthPolicyResponse& callback) {
   20290   VLOG(1) << __func__;
   20291   base::Callback<void(TPM_RC)> error_reporter =
   20292       base::Bind(PCR_SetAuthPolicyErrorCallback, callback);
   20293   base::Callback<void(const std::string&)> parser = base::Bind(
   20294       PCR_SetAuthPolicyResponseParser, callback, authorization_delegate);
   20295   std::string command;
   20296   TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy(
   20297       auth_handle, auth_handle_name, pcr_num, pcr_num_name, auth_policy,
   20298       policy_digest, &command, authorization_delegate);
   20299   if (rc != TPM_RC_SUCCESS) {
   20300     error_reporter.Run(rc);
   20301     return;
   20302   }
   20303   transceiver_->SendCommand(command, parser);
   20304 }
   20305 
   20306 TPM_RC Tpm::PCR_SetAuthPolicySync(
   20307     const TPMI_RH_PLATFORM& auth_handle,
   20308     const std::string& auth_handle_name,
   20309     const TPMI_DH_PCR& pcr_num,
   20310     const std::string& pcr_num_name,
   20311     const TPM2B_DIGEST& auth_policy,
   20312     const TPMI_ALG_HASH& policy_digest,
   20313     AuthorizationDelegate* authorization_delegate) {
   20314   VLOG(1) << __func__;
   20315   std::string command;
   20316   TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy(
   20317       auth_handle, auth_handle_name, pcr_num, pcr_num_name, auth_policy,
   20318       policy_digest, &command, authorization_delegate);
   20319   if (rc != TPM_RC_SUCCESS) {
   20320     return rc;
   20321   }
   20322   std::string response = transceiver_->SendCommandAndWait(command);
   20323   rc = ParseResponse_PCR_SetAuthPolicy(response, authorization_delegate);
   20324   return rc;
   20325 }
   20326 
   20327 TPM_RC Tpm::SerializeCommand_PCR_SetAuthValue(
   20328     const TPMI_DH_PCR& pcr_handle,
   20329     const std::string& pcr_handle_name,
   20330     const TPM2B_DIGEST& auth,
   20331     std::string* serialized_command,
   20332     AuthorizationDelegate* authorization_delegate) {
   20333   VLOG(3) << __func__;
   20334   TPM_RC rc = TPM_RC_SUCCESS;
   20335   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20336   UINT32 command_size = 10;  // Header size.
   20337   std::string handle_section_bytes;
   20338   std::string parameter_section_bytes;
   20339   TPM_CC command_code = TPM_CC_PCR_SetAuthValue;
   20340   bool is_command_parameter_encryption_possible = true;
   20341   bool is_response_parameter_encryption_possible = false;
   20342   std::string command_code_bytes;
   20343   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20344   if (rc != TPM_RC_SUCCESS) {
   20345     return rc;
   20346   }
   20347   std::string pcr_handle_bytes;
   20348   rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes);
   20349   if (rc != TPM_RC_SUCCESS) {
   20350     return rc;
   20351   }
   20352   std::string auth_bytes;
   20353   rc = Serialize_TPM2B_DIGEST(auth, &auth_bytes);
   20354   if (rc != TPM_RC_SUCCESS) {
   20355     return rc;
   20356   }
   20357   if (authorization_delegate) {
   20358     // Encrypt just the parameter data, not the size.
   20359     std::string tmp = auth_bytes.substr(2);
   20360     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20361       return TRUNKS_RC_ENCRYPTION_FAILED;
   20362     }
   20363     auth_bytes.replace(2, std::string::npos, tmp);
   20364   }
   20365   std::unique_ptr<crypto::SecureHash> hash(
   20366       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20367   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20368   hash->Update(pcr_handle_name.data(), pcr_handle_name.size());
   20369   handle_section_bytes += pcr_handle_bytes;
   20370   command_size += pcr_handle_bytes.size();
   20371   hash->Update(auth_bytes.data(), auth_bytes.size());
   20372   parameter_section_bytes += auth_bytes;
   20373   command_size += auth_bytes.size();
   20374   std::string command_hash(32, 0);
   20375   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   20376   std::string authorization_section_bytes;
   20377   std::string authorization_size_bytes;
   20378   if (authorization_delegate) {
   20379     if (!authorization_delegate->GetCommandAuthorization(
   20380             command_hash, is_command_parameter_encryption_possible,
   20381             is_response_parameter_encryption_possible,
   20382             &authorization_section_bytes)) {
   20383       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20384     }
   20385     if (!authorization_section_bytes.empty()) {
   20386       tag = TPM_ST_SESSIONS;
   20387       std::string tmp;
   20388       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20389                             &authorization_size_bytes);
   20390       if (rc != TPM_RC_SUCCESS) {
   20391         return rc;
   20392       }
   20393       command_size +=
   20394           authorization_size_bytes.size() + authorization_section_bytes.size();
   20395     }
   20396   }
   20397   std::string tag_bytes;
   20398   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   20399   if (rc != TPM_RC_SUCCESS) {
   20400     return rc;
   20401   }
   20402   std::string command_size_bytes;
   20403   rc = Serialize_UINT32(command_size, &command_size_bytes);
   20404   if (rc != TPM_RC_SUCCESS) {
   20405     return rc;
   20406   }
   20407   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   20408                         handle_section_bytes + authorization_size_bytes +
   20409                         authorization_section_bytes + parameter_section_bytes;
   20410   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20411   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20412                                             serialized_command->size());
   20413   return TPM_RC_SUCCESS;
   20414 }
   20415 
   20416 TPM_RC Tpm::ParseResponse_PCR_SetAuthValue(
   20417     const std::string& response,
   20418     AuthorizationDelegate* authorization_delegate) {
   20419   VLOG(3) << __func__;
   20420   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20421   TPM_RC rc = TPM_RC_SUCCESS;
   20422   std::string buffer(response);
   20423   TPM_ST tag;
   20424   std::string tag_bytes;
   20425   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   20426   if (rc != TPM_RC_SUCCESS) {
   20427     return rc;
   20428   }
   20429   UINT32 response_size;
   20430   std::string response_size_bytes;
   20431   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   20432   if (rc != TPM_RC_SUCCESS) {
   20433     return rc;
   20434   }
   20435   TPM_RC response_code;
   20436   std::string response_code_bytes;
   20437   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   20438   if (rc != TPM_RC_SUCCESS) {
   20439     return rc;
   20440   }
   20441   if (response_size != response.size()) {
   20442     return TPM_RC_SIZE;
   20443   }
   20444   if (response_code != TPM_RC_SUCCESS) {
   20445     return response_code;
   20446   }
   20447   TPM_CC command_code = TPM_CC_PCR_SetAuthValue;
   20448   std::string command_code_bytes;
   20449   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20450   if (rc != TPM_RC_SUCCESS) {
   20451     return rc;
   20452   }
   20453   std::string authorization_section_bytes;
   20454   if (tag == TPM_ST_SESSIONS) {
   20455     UINT32 parameter_section_size = buffer.size();
   20456     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20457     if (rc != TPM_RC_SUCCESS) {
   20458       return rc;
   20459     }
   20460     if (parameter_section_size > buffer.size()) {
   20461       return TPM_RC_INSUFFICIENT;
   20462     }
   20463     authorization_section_bytes = buffer.substr(parameter_section_size);
   20464     // Keep the parameter section in |buffer|.
   20465     buffer.erase(parameter_section_size);
   20466   }
   20467   std::unique_ptr<crypto::SecureHash> hash(
   20468       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20469   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   20470   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20471   hash->Update(buffer.data(), buffer.size());
   20472   std::string response_hash(32, 0);
   20473   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   20474   if (tag == TPM_ST_SESSIONS) {
   20475     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20476     if (!authorization_delegate->CheckResponseAuthorization(
   20477             response_hash, authorization_section_bytes)) {
   20478       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20479     }
   20480   }
   20481   return TPM_RC_SUCCESS;
   20482 }
   20483 
   20484 void PCR_SetAuthValueErrorCallback(
   20485     const Tpm::PCR_SetAuthValueResponse& callback,
   20486     TPM_RC response_code) {
   20487   VLOG(1) << __func__;
   20488   callback.Run(response_code);
   20489 }
   20490 
   20491 void PCR_SetAuthValueResponseParser(
   20492     const Tpm::PCR_SetAuthValueResponse& callback,
   20493     AuthorizationDelegate* authorization_delegate,
   20494     const std::string& response) {
   20495   VLOG(1) << __func__;
   20496   base::Callback<void(TPM_RC)> error_reporter =
   20497       base::Bind(PCR_SetAuthValueErrorCallback, callback);
   20498   TPM_RC rc =
   20499       Tpm::ParseResponse_PCR_SetAuthValue(response, authorization_delegate);
   20500   if (rc != TPM_RC_SUCCESS) {
   20501     error_reporter.Run(rc);
   20502     return;
   20503   }
   20504   callback.Run(rc);
   20505 }
   20506 
   20507 void Tpm::PCR_SetAuthValue(const TPMI_DH_PCR& pcr_handle,
   20508                            const std::string& pcr_handle_name,
   20509                            const TPM2B_DIGEST& auth,
   20510                            AuthorizationDelegate* authorization_delegate,
   20511                            const PCR_SetAuthValueResponse& callback) {
   20512   VLOG(1) << __func__;
   20513   base::Callback<void(TPM_RC)> error_reporter =
   20514       base::Bind(PCR_SetAuthValueErrorCallback, callback);
   20515   base::Callback<void(const std::string&)> parser = base::Bind(
   20516       PCR_SetAuthValueResponseParser, callback, authorization_delegate);
   20517   std::string command;
   20518   TPM_RC rc = SerializeCommand_PCR_SetAuthValue(
   20519       pcr_handle, pcr_handle_name, auth, &command, authorization_delegate);
   20520   if (rc != TPM_RC_SUCCESS) {
   20521     error_reporter.Run(rc);
   20522     return;
   20523   }
   20524   transceiver_->SendCommand(command, parser);
   20525 }
   20526 
   20527 TPM_RC Tpm::PCR_SetAuthValueSync(
   20528     const TPMI_DH_PCR& pcr_handle,
   20529     const std::string& pcr_handle_name,
   20530     const TPM2B_DIGEST& auth,
   20531     AuthorizationDelegate* authorization_delegate) {
   20532   VLOG(1) << __func__;
   20533   std::string command;
   20534   TPM_RC rc = SerializeCommand_PCR_SetAuthValue(
   20535       pcr_handle, pcr_handle_name, auth, &command, authorization_delegate);
   20536   if (rc != TPM_RC_SUCCESS) {
   20537     return rc;
   20538   }
   20539   std::string response = transceiver_->SendCommandAndWait(command);
   20540   rc = ParseResponse_PCR_SetAuthValue(response, authorization_delegate);
   20541   return rc;
   20542 }
   20543 
   20544 TPM_RC Tpm::SerializeCommand_PCR_Reset(
   20545     const TPMI_DH_PCR& pcr_handle,
   20546     const std::string& pcr_handle_name,
   20547     std::string* serialized_command,
   20548     AuthorizationDelegate* authorization_delegate) {
   20549   VLOG(3) << __func__;
   20550   TPM_RC rc = TPM_RC_SUCCESS;
   20551   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20552   UINT32 command_size = 10;  // Header size.
   20553   std::string handle_section_bytes;
   20554   std::string parameter_section_bytes;
   20555   TPM_CC command_code = TPM_CC_PCR_Reset;
   20556   bool is_command_parameter_encryption_possible = false;
   20557   bool is_response_parameter_encryption_possible = false;
   20558   std::string command_code_bytes;
   20559   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20560   if (rc != TPM_RC_SUCCESS) {
   20561     return rc;
   20562   }
   20563   std::string pcr_handle_bytes;
   20564   rc = Serialize_TPMI_DH_PCR(pcr_handle, &pcr_handle_bytes);
   20565   if (rc != TPM_RC_SUCCESS) {
   20566     return rc;
   20567   }
   20568   std::unique_ptr<crypto::SecureHash> hash(
   20569       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20570   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20571   hash->Update(pcr_handle_name.data(), pcr_handle_name.size());
   20572   handle_section_bytes += pcr_handle_bytes;
   20573   command_size += pcr_handle_bytes.size();
   20574   std::string command_hash(32, 0);
   20575   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   20576   std::string authorization_section_bytes;
   20577   std::string authorization_size_bytes;
   20578   if (authorization_delegate) {
   20579     if (!authorization_delegate->GetCommandAuthorization(
   20580             command_hash, is_command_parameter_encryption_possible,
   20581             is_response_parameter_encryption_possible,
   20582             &authorization_section_bytes)) {
   20583       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20584     }
   20585     if (!authorization_section_bytes.empty()) {
   20586       tag = TPM_ST_SESSIONS;
   20587       std::string tmp;
   20588       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20589                             &authorization_size_bytes);
   20590       if (rc != TPM_RC_SUCCESS) {
   20591         return rc;
   20592       }
   20593       command_size +=
   20594           authorization_size_bytes.size() + authorization_section_bytes.size();
   20595     }
   20596   }
   20597   std::string tag_bytes;
   20598   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   20599   if (rc != TPM_RC_SUCCESS) {
   20600     return rc;
   20601   }
   20602   std::string command_size_bytes;
   20603   rc = Serialize_UINT32(command_size, &command_size_bytes);
   20604   if (rc != TPM_RC_SUCCESS) {
   20605     return rc;
   20606   }
   20607   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   20608                         handle_section_bytes + authorization_size_bytes +
   20609                         authorization_section_bytes + parameter_section_bytes;
   20610   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20611   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20612                                             serialized_command->size());
   20613   return TPM_RC_SUCCESS;
   20614 }
   20615 
   20616 TPM_RC Tpm::ParseResponse_PCR_Reset(
   20617     const std::string& response,
   20618     AuthorizationDelegate* authorization_delegate) {
   20619   VLOG(3) << __func__;
   20620   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20621   TPM_RC rc = TPM_RC_SUCCESS;
   20622   std::string buffer(response);
   20623   TPM_ST tag;
   20624   std::string tag_bytes;
   20625   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   20626   if (rc != TPM_RC_SUCCESS) {
   20627     return rc;
   20628   }
   20629   UINT32 response_size;
   20630   std::string response_size_bytes;
   20631   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   20632   if (rc != TPM_RC_SUCCESS) {
   20633     return rc;
   20634   }
   20635   TPM_RC response_code;
   20636   std::string response_code_bytes;
   20637   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   20638   if (rc != TPM_RC_SUCCESS) {
   20639     return rc;
   20640   }
   20641   if (response_size != response.size()) {
   20642     return TPM_RC_SIZE;
   20643   }
   20644   if (response_code != TPM_RC_SUCCESS) {
   20645     return response_code;
   20646   }
   20647   TPM_CC command_code = TPM_CC_PCR_Reset;
   20648   std::string command_code_bytes;
   20649   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20650   if (rc != TPM_RC_SUCCESS) {
   20651     return rc;
   20652   }
   20653   std::string authorization_section_bytes;
   20654   if (tag == TPM_ST_SESSIONS) {
   20655     UINT32 parameter_section_size = buffer.size();
   20656     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20657     if (rc != TPM_RC_SUCCESS) {
   20658       return rc;
   20659     }
   20660     if (parameter_section_size > buffer.size()) {
   20661       return TPM_RC_INSUFFICIENT;
   20662     }
   20663     authorization_section_bytes = buffer.substr(parameter_section_size);
   20664     // Keep the parameter section in |buffer|.
   20665     buffer.erase(parameter_section_size);
   20666   }
   20667   std::unique_ptr<crypto::SecureHash> hash(
   20668       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20669   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   20670   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20671   hash->Update(buffer.data(), buffer.size());
   20672   std::string response_hash(32, 0);
   20673   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   20674   if (tag == TPM_ST_SESSIONS) {
   20675     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20676     if (!authorization_delegate->CheckResponseAuthorization(
   20677             response_hash, authorization_section_bytes)) {
   20678       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20679     }
   20680   }
   20681   return TPM_RC_SUCCESS;
   20682 }
   20683 
   20684 void PCR_ResetErrorCallback(const Tpm::PCR_ResetResponse& callback,
   20685                             TPM_RC response_code) {
   20686   VLOG(1) << __func__;
   20687   callback.Run(response_code);
   20688 }
   20689 
   20690 void PCR_ResetResponseParser(const Tpm::PCR_ResetResponse& callback,
   20691                              AuthorizationDelegate* authorization_delegate,
   20692                              const std::string& response) {
   20693   VLOG(1) << __func__;
   20694   base::Callback<void(TPM_RC)> error_reporter =
   20695       base::Bind(PCR_ResetErrorCallback, callback);
   20696   TPM_RC rc = Tpm::ParseResponse_PCR_Reset(response, authorization_delegate);
   20697   if (rc != TPM_RC_SUCCESS) {
   20698     error_reporter.Run(rc);
   20699     return;
   20700   }
   20701   callback.Run(rc);
   20702 }
   20703 
   20704 void Tpm::PCR_Reset(const TPMI_DH_PCR& pcr_handle,
   20705                     const std::string& pcr_handle_name,
   20706                     AuthorizationDelegate* authorization_delegate,
   20707                     const PCR_ResetResponse& callback) {
   20708   VLOG(1) << __func__;
   20709   base::Callback<void(TPM_RC)> error_reporter =
   20710       base::Bind(PCR_ResetErrorCallback, callback);
   20711   base::Callback<void(const std::string&)> parser =
   20712       base::Bind(PCR_ResetResponseParser, callback, authorization_delegate);
   20713   std::string command;
   20714   TPM_RC rc = SerializeCommand_PCR_Reset(pcr_handle, pcr_handle_name, &command,
   20715                                          authorization_delegate);
   20716   if (rc != TPM_RC_SUCCESS) {
   20717     error_reporter.Run(rc);
   20718     return;
   20719   }
   20720   transceiver_->SendCommand(command, parser);
   20721 }
   20722 
   20723 TPM_RC Tpm::PCR_ResetSync(const TPMI_DH_PCR& pcr_handle,
   20724                           const std::string& pcr_handle_name,
   20725                           AuthorizationDelegate* authorization_delegate) {
   20726   VLOG(1) << __func__;
   20727   std::string command;
   20728   TPM_RC rc = SerializeCommand_PCR_Reset(pcr_handle, pcr_handle_name, &command,
   20729                                          authorization_delegate);
   20730   if (rc != TPM_RC_SUCCESS) {
   20731     return rc;
   20732   }
   20733   std::string response = transceiver_->SendCommandAndWait(command);
   20734   rc = ParseResponse_PCR_Reset(response, authorization_delegate);
   20735   return rc;
   20736 }
   20737 
   20738 TPM_RC Tpm::SerializeCommand_PolicySigned(
   20739     const TPMI_DH_OBJECT& auth_object,
   20740     const std::string& auth_object_name,
   20741     const TPMI_SH_POLICY& policy_session,
   20742     const std::string& policy_session_name,
   20743     const TPM2B_NONCE& nonce_tpm,
   20744     const TPM2B_DIGEST& cp_hash_a,
   20745     const TPM2B_NONCE& policy_ref,
   20746     const INT32& expiration,
   20747     const TPMT_SIGNATURE& auth,
   20748     std::string* serialized_command,
   20749     AuthorizationDelegate* authorization_delegate) {
   20750   VLOG(3) << __func__;
   20751   TPM_RC rc = TPM_RC_SUCCESS;
   20752   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20753   UINT32 command_size = 10;  // Header size.
   20754   std::string handle_section_bytes;
   20755   std::string parameter_section_bytes;
   20756   TPM_CC command_code = TPM_CC_PolicySigned;
   20757   bool is_command_parameter_encryption_possible = true;
   20758   bool is_response_parameter_encryption_possible = true;
   20759   std::string command_code_bytes;
   20760   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20761   if (rc != TPM_RC_SUCCESS) {
   20762     return rc;
   20763   }
   20764   std::string auth_object_bytes;
   20765   rc = Serialize_TPMI_DH_OBJECT(auth_object, &auth_object_bytes);
   20766   if (rc != TPM_RC_SUCCESS) {
   20767     return rc;
   20768   }
   20769   std::string policy_session_bytes;
   20770   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   20771   if (rc != TPM_RC_SUCCESS) {
   20772     return rc;
   20773   }
   20774   std::string nonce_tpm_bytes;
   20775   rc = Serialize_TPM2B_NONCE(nonce_tpm, &nonce_tpm_bytes);
   20776   if (rc != TPM_RC_SUCCESS) {
   20777     return rc;
   20778   }
   20779   std::string cp_hash_a_bytes;
   20780   rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes);
   20781   if (rc != TPM_RC_SUCCESS) {
   20782     return rc;
   20783   }
   20784   std::string policy_ref_bytes;
   20785   rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes);
   20786   if (rc != TPM_RC_SUCCESS) {
   20787     return rc;
   20788   }
   20789   std::string expiration_bytes;
   20790   rc = Serialize_INT32(expiration, &expiration_bytes);
   20791   if (rc != TPM_RC_SUCCESS) {
   20792     return rc;
   20793   }
   20794   std::string auth_bytes;
   20795   rc = Serialize_TPMT_SIGNATURE(auth, &auth_bytes);
   20796   if (rc != TPM_RC_SUCCESS) {
   20797     return rc;
   20798   }
   20799   if (authorization_delegate) {
   20800     // Encrypt just the parameter data, not the size.
   20801     std::string tmp = nonce_tpm_bytes.substr(2);
   20802     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20803       return TRUNKS_RC_ENCRYPTION_FAILED;
   20804     }
   20805     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   20806   }
   20807   std::unique_ptr<crypto::SecureHash> hash(
   20808       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20809   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20810   hash->Update(auth_object_name.data(), auth_object_name.size());
   20811   handle_section_bytes += auth_object_bytes;
   20812   command_size += auth_object_bytes.size();
   20813   hash->Update(policy_session_name.data(), policy_session_name.size());
   20814   handle_section_bytes += policy_session_bytes;
   20815   command_size += policy_session_bytes.size();
   20816   hash->Update(nonce_tpm_bytes.data(), nonce_tpm_bytes.size());
   20817   parameter_section_bytes += nonce_tpm_bytes;
   20818   command_size += nonce_tpm_bytes.size();
   20819   hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size());
   20820   parameter_section_bytes += cp_hash_a_bytes;
   20821   command_size += cp_hash_a_bytes.size();
   20822   hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size());
   20823   parameter_section_bytes += policy_ref_bytes;
   20824   command_size += policy_ref_bytes.size();
   20825   hash->Update(expiration_bytes.data(), expiration_bytes.size());
   20826   parameter_section_bytes += expiration_bytes;
   20827   command_size += expiration_bytes.size();
   20828   hash->Update(auth_bytes.data(), auth_bytes.size());
   20829   parameter_section_bytes += auth_bytes;
   20830   command_size += auth_bytes.size();
   20831   std::string command_hash(32, 0);
   20832   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   20833   std::string authorization_section_bytes;
   20834   std::string authorization_size_bytes;
   20835   if (authorization_delegate) {
   20836     if (!authorization_delegate->GetCommandAuthorization(
   20837             command_hash, is_command_parameter_encryption_possible,
   20838             is_response_parameter_encryption_possible,
   20839             &authorization_section_bytes)) {
   20840       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20841     }
   20842     if (!authorization_section_bytes.empty()) {
   20843       tag = TPM_ST_SESSIONS;
   20844       std::string tmp;
   20845       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20846                             &authorization_size_bytes);
   20847       if (rc != TPM_RC_SUCCESS) {
   20848         return rc;
   20849       }
   20850       command_size +=
   20851           authorization_size_bytes.size() + authorization_section_bytes.size();
   20852     }
   20853   }
   20854   std::string tag_bytes;
   20855   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   20856   if (rc != TPM_RC_SUCCESS) {
   20857     return rc;
   20858   }
   20859   std::string command_size_bytes;
   20860   rc = Serialize_UINT32(command_size, &command_size_bytes);
   20861   if (rc != TPM_RC_SUCCESS) {
   20862     return rc;
   20863   }
   20864   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   20865                         handle_section_bytes + authorization_size_bytes +
   20866                         authorization_section_bytes + parameter_section_bytes;
   20867   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20868   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20869                                             serialized_command->size());
   20870   return TPM_RC_SUCCESS;
   20871 }
   20872 
   20873 TPM_RC Tpm::ParseResponse_PolicySigned(
   20874     const std::string& response,
   20875     TPM2B_TIMEOUT* timeout,
   20876     TPMT_TK_AUTH* policy_ticket,
   20877     AuthorizationDelegate* authorization_delegate) {
   20878   VLOG(3) << __func__;
   20879   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20880   TPM_RC rc = TPM_RC_SUCCESS;
   20881   std::string buffer(response);
   20882   TPM_ST tag;
   20883   std::string tag_bytes;
   20884   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   20885   if (rc != TPM_RC_SUCCESS) {
   20886     return rc;
   20887   }
   20888   UINT32 response_size;
   20889   std::string response_size_bytes;
   20890   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   20891   if (rc != TPM_RC_SUCCESS) {
   20892     return rc;
   20893   }
   20894   TPM_RC response_code;
   20895   std::string response_code_bytes;
   20896   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   20897   if (rc != TPM_RC_SUCCESS) {
   20898     return rc;
   20899   }
   20900   if (response_size != response.size()) {
   20901     return TPM_RC_SIZE;
   20902   }
   20903   if (response_code != TPM_RC_SUCCESS) {
   20904     return response_code;
   20905   }
   20906   TPM_CC command_code = TPM_CC_PolicySigned;
   20907   std::string command_code_bytes;
   20908   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   20909   if (rc != TPM_RC_SUCCESS) {
   20910     return rc;
   20911   }
   20912   std::string authorization_section_bytes;
   20913   if (tag == TPM_ST_SESSIONS) {
   20914     UINT32 parameter_section_size = buffer.size();
   20915     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20916     if (rc != TPM_RC_SUCCESS) {
   20917       return rc;
   20918     }
   20919     if (parameter_section_size > buffer.size()) {
   20920       return TPM_RC_INSUFFICIENT;
   20921     }
   20922     authorization_section_bytes = buffer.substr(parameter_section_size);
   20923     // Keep the parameter section in |buffer|.
   20924     buffer.erase(parameter_section_size);
   20925   }
   20926   std::unique_ptr<crypto::SecureHash> hash(
   20927       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   20928   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   20929   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   20930   hash->Update(buffer.data(), buffer.size());
   20931   std::string response_hash(32, 0);
   20932   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   20933   if (tag == TPM_ST_SESSIONS) {
   20934     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20935     if (!authorization_delegate->CheckResponseAuthorization(
   20936             response_hash, authorization_section_bytes)) {
   20937       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20938     }
   20939   }
   20940   std::string timeout_bytes;
   20941   rc = Parse_TPM2B_TIMEOUT(&buffer, timeout, &timeout_bytes);
   20942   if (rc != TPM_RC_SUCCESS) {
   20943     return rc;
   20944   }
   20945   std::string policy_ticket_bytes;
   20946   rc = Parse_TPMT_TK_AUTH(&buffer, policy_ticket, &policy_ticket_bytes);
   20947   if (rc != TPM_RC_SUCCESS) {
   20948     return rc;
   20949   }
   20950   if (tag == TPM_ST_SESSIONS) {
   20951     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20952     // Decrypt just the parameter data, not the size.
   20953     std::string tmp = timeout_bytes.substr(2);
   20954     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   20955       return TRUNKS_RC_ENCRYPTION_FAILED;
   20956     }
   20957     timeout_bytes.replace(2, std::string::npos, tmp);
   20958     rc = Parse_TPM2B_TIMEOUT(&timeout_bytes, timeout, nullptr);
   20959     if (rc != TPM_RC_SUCCESS) {
   20960       return rc;
   20961     }
   20962   }
   20963   return TPM_RC_SUCCESS;
   20964 }
   20965 
   20966 void PolicySignedErrorCallback(const Tpm::PolicySignedResponse& callback,
   20967                                TPM_RC response_code) {
   20968   VLOG(1) << __func__;
   20969   callback.Run(response_code, TPM2B_TIMEOUT(), TPMT_TK_AUTH());
   20970 }
   20971 
   20972 void PolicySignedResponseParser(const Tpm::PolicySignedResponse& callback,
   20973                                 AuthorizationDelegate* authorization_delegate,
   20974                                 const std::string& response) {
   20975   VLOG(1) << __func__;
   20976   base::Callback<void(TPM_RC)> error_reporter =
   20977       base::Bind(PolicySignedErrorCallback, callback);
   20978   TPM2B_TIMEOUT timeout;
   20979   TPMT_TK_AUTH policy_ticket;
   20980   TPM_RC rc = Tpm::ParseResponse_PolicySigned(
   20981       response, &timeout, &policy_ticket, authorization_delegate);
   20982   if (rc != TPM_RC_SUCCESS) {
   20983     error_reporter.Run(rc);
   20984     return;
   20985   }
   20986   callback.Run(rc, timeout, policy_ticket);
   20987 }
   20988 
   20989 void Tpm::PolicySigned(const TPMI_DH_OBJECT& auth_object,
   20990                        const std::string& auth_object_name,
   20991                        const TPMI_SH_POLICY& policy_session,
   20992                        const std::string& policy_session_name,
   20993                        const TPM2B_NONCE& nonce_tpm,
   20994                        const TPM2B_DIGEST& cp_hash_a,
   20995                        const TPM2B_NONCE& policy_ref,
   20996                        const INT32& expiration,
   20997                        const TPMT_SIGNATURE& auth,
   20998                        AuthorizationDelegate* authorization_delegate,
   20999                        const PolicySignedResponse& callback) {
   21000   VLOG(1) << __func__;
   21001   base::Callback<void(TPM_RC)> error_reporter =
   21002       base::Bind(PolicySignedErrorCallback, callback);
   21003   base::Callback<void(const std::string&)> parser =
   21004       base::Bind(PolicySignedResponseParser, callback, authorization_delegate);
   21005   std::string command;
   21006   TPM_RC rc = SerializeCommand_PolicySigned(
   21007       auth_object, auth_object_name, policy_session, policy_session_name,
   21008       nonce_tpm, cp_hash_a, policy_ref, expiration, auth, &command,
   21009       authorization_delegate);
   21010   if (rc != TPM_RC_SUCCESS) {
   21011     error_reporter.Run(rc);
   21012     return;
   21013   }
   21014   transceiver_->SendCommand(command, parser);
   21015 }
   21016 
   21017 TPM_RC Tpm::PolicySignedSync(const TPMI_DH_OBJECT& auth_object,
   21018                              const std::string& auth_object_name,
   21019                              const TPMI_SH_POLICY& policy_session,
   21020                              const std::string& policy_session_name,
   21021                              const TPM2B_NONCE& nonce_tpm,
   21022                              const TPM2B_DIGEST& cp_hash_a,
   21023                              const TPM2B_NONCE& policy_ref,
   21024                              const INT32& expiration,
   21025                              const TPMT_SIGNATURE& auth,
   21026                              TPM2B_TIMEOUT* timeout,
   21027                              TPMT_TK_AUTH* policy_ticket,
   21028                              AuthorizationDelegate* authorization_delegate) {
   21029   VLOG(1) << __func__;
   21030   std::string command;
   21031   TPM_RC rc = SerializeCommand_PolicySigned(
   21032       auth_object, auth_object_name, policy_session, policy_session_name,
   21033       nonce_tpm, cp_hash_a, policy_ref, expiration, auth, &command,
   21034       authorization_delegate);
   21035   if (rc != TPM_RC_SUCCESS) {
   21036     return rc;
   21037   }
   21038   std::string response = transceiver_->SendCommandAndWait(command);
   21039   rc = ParseResponse_PolicySigned(response, timeout, policy_ticket,
   21040                                   authorization_delegate);
   21041   return rc;
   21042 }
   21043 
   21044 TPM_RC Tpm::SerializeCommand_PolicySecret(
   21045     const TPMI_DH_ENTITY& auth_handle,
   21046     const std::string& auth_handle_name,
   21047     const TPMI_SH_POLICY& policy_session,
   21048     const std::string& policy_session_name,
   21049     const TPM2B_NONCE& nonce_tpm,
   21050     const TPM2B_DIGEST& cp_hash_a,
   21051     const TPM2B_NONCE& policy_ref,
   21052     const INT32& expiration,
   21053     std::string* serialized_command,
   21054     AuthorizationDelegate* authorization_delegate) {
   21055   VLOG(3) << __func__;
   21056   TPM_RC rc = TPM_RC_SUCCESS;
   21057   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21058   UINT32 command_size = 10;  // Header size.
   21059   std::string handle_section_bytes;
   21060   std::string parameter_section_bytes;
   21061   TPM_CC command_code = TPM_CC_PolicySecret;
   21062   bool is_command_parameter_encryption_possible = true;
   21063   bool is_response_parameter_encryption_possible = true;
   21064   std::string command_code_bytes;
   21065   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21066   if (rc != TPM_RC_SUCCESS) {
   21067     return rc;
   21068   }
   21069   std::string auth_handle_bytes;
   21070   rc = Serialize_TPMI_DH_ENTITY(auth_handle, &auth_handle_bytes);
   21071   if (rc != TPM_RC_SUCCESS) {
   21072     return rc;
   21073   }
   21074   std::string policy_session_bytes;
   21075   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   21076   if (rc != TPM_RC_SUCCESS) {
   21077     return rc;
   21078   }
   21079   std::string nonce_tpm_bytes;
   21080   rc = Serialize_TPM2B_NONCE(nonce_tpm, &nonce_tpm_bytes);
   21081   if (rc != TPM_RC_SUCCESS) {
   21082     return rc;
   21083   }
   21084   std::string cp_hash_a_bytes;
   21085   rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes);
   21086   if (rc != TPM_RC_SUCCESS) {
   21087     return rc;
   21088   }
   21089   std::string policy_ref_bytes;
   21090   rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes);
   21091   if (rc != TPM_RC_SUCCESS) {
   21092     return rc;
   21093   }
   21094   std::string expiration_bytes;
   21095   rc = Serialize_INT32(expiration, &expiration_bytes);
   21096   if (rc != TPM_RC_SUCCESS) {
   21097     return rc;
   21098   }
   21099   if (authorization_delegate) {
   21100     // Encrypt just the parameter data, not the size.
   21101     std::string tmp = nonce_tpm_bytes.substr(2);
   21102     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   21103       return TRUNKS_RC_ENCRYPTION_FAILED;
   21104     }
   21105     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   21106   }
   21107   std::unique_ptr<crypto::SecureHash> hash(
   21108       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21109   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21110   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   21111   handle_section_bytes += auth_handle_bytes;
   21112   command_size += auth_handle_bytes.size();
   21113   hash->Update(policy_session_name.data(), policy_session_name.size());
   21114   handle_section_bytes += policy_session_bytes;
   21115   command_size += policy_session_bytes.size();
   21116   hash->Update(nonce_tpm_bytes.data(), nonce_tpm_bytes.size());
   21117   parameter_section_bytes += nonce_tpm_bytes;
   21118   command_size += nonce_tpm_bytes.size();
   21119   hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size());
   21120   parameter_section_bytes += cp_hash_a_bytes;
   21121   command_size += cp_hash_a_bytes.size();
   21122   hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size());
   21123   parameter_section_bytes += policy_ref_bytes;
   21124   command_size += policy_ref_bytes.size();
   21125   hash->Update(expiration_bytes.data(), expiration_bytes.size());
   21126   parameter_section_bytes += expiration_bytes;
   21127   command_size += expiration_bytes.size();
   21128   std::string command_hash(32, 0);
   21129   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   21130   std::string authorization_section_bytes;
   21131   std::string authorization_size_bytes;
   21132   if (authorization_delegate) {
   21133     if (!authorization_delegate->GetCommandAuthorization(
   21134             command_hash, is_command_parameter_encryption_possible,
   21135             is_response_parameter_encryption_possible,
   21136             &authorization_section_bytes)) {
   21137       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21138     }
   21139     if (!authorization_section_bytes.empty()) {
   21140       tag = TPM_ST_SESSIONS;
   21141       std::string tmp;
   21142       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21143                             &authorization_size_bytes);
   21144       if (rc != TPM_RC_SUCCESS) {
   21145         return rc;
   21146       }
   21147       command_size +=
   21148           authorization_size_bytes.size() + authorization_section_bytes.size();
   21149     }
   21150   }
   21151   std::string tag_bytes;
   21152   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   21153   if (rc != TPM_RC_SUCCESS) {
   21154     return rc;
   21155   }
   21156   std::string command_size_bytes;
   21157   rc = Serialize_UINT32(command_size, &command_size_bytes);
   21158   if (rc != TPM_RC_SUCCESS) {
   21159     return rc;
   21160   }
   21161   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   21162                         handle_section_bytes + authorization_size_bytes +
   21163                         authorization_section_bytes + parameter_section_bytes;
   21164   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21165   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21166                                             serialized_command->size());
   21167   return TPM_RC_SUCCESS;
   21168 }
   21169 
   21170 TPM_RC Tpm::ParseResponse_PolicySecret(
   21171     const std::string& response,
   21172     TPM2B_TIMEOUT* timeout,
   21173     TPMT_TK_AUTH* policy_ticket,
   21174     AuthorizationDelegate* authorization_delegate) {
   21175   VLOG(3) << __func__;
   21176   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21177   TPM_RC rc = TPM_RC_SUCCESS;
   21178   std::string buffer(response);
   21179   TPM_ST tag;
   21180   std::string tag_bytes;
   21181   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   21182   if (rc != TPM_RC_SUCCESS) {
   21183     return rc;
   21184   }
   21185   UINT32 response_size;
   21186   std::string response_size_bytes;
   21187   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   21188   if (rc != TPM_RC_SUCCESS) {
   21189     return rc;
   21190   }
   21191   TPM_RC response_code;
   21192   std::string response_code_bytes;
   21193   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   21194   if (rc != TPM_RC_SUCCESS) {
   21195     return rc;
   21196   }
   21197   if (response_size != response.size()) {
   21198     return TPM_RC_SIZE;
   21199   }
   21200   if (response_code != TPM_RC_SUCCESS) {
   21201     return response_code;
   21202   }
   21203   TPM_CC command_code = TPM_CC_PolicySecret;
   21204   std::string command_code_bytes;
   21205   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21206   if (rc != TPM_RC_SUCCESS) {
   21207     return rc;
   21208   }
   21209   std::string authorization_section_bytes;
   21210   if (tag == TPM_ST_SESSIONS) {
   21211     UINT32 parameter_section_size = buffer.size();
   21212     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21213     if (rc != TPM_RC_SUCCESS) {
   21214       return rc;
   21215     }
   21216     if (parameter_section_size > buffer.size()) {
   21217       return TPM_RC_INSUFFICIENT;
   21218     }
   21219     authorization_section_bytes = buffer.substr(parameter_section_size);
   21220     // Keep the parameter section in |buffer|.
   21221     buffer.erase(parameter_section_size);
   21222   }
   21223   std::unique_ptr<crypto::SecureHash> hash(
   21224       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21225   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   21226   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21227   hash->Update(buffer.data(), buffer.size());
   21228   std::string response_hash(32, 0);
   21229   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   21230   if (tag == TPM_ST_SESSIONS) {
   21231     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21232     if (!authorization_delegate->CheckResponseAuthorization(
   21233             response_hash, authorization_section_bytes)) {
   21234       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21235     }
   21236   }
   21237   std::string timeout_bytes;
   21238   rc = Parse_TPM2B_TIMEOUT(&buffer, timeout, &timeout_bytes);
   21239   if (rc != TPM_RC_SUCCESS) {
   21240     return rc;
   21241   }
   21242   std::string policy_ticket_bytes;
   21243   rc = Parse_TPMT_TK_AUTH(&buffer, policy_ticket, &policy_ticket_bytes);
   21244   if (rc != TPM_RC_SUCCESS) {
   21245     return rc;
   21246   }
   21247   if (tag == TPM_ST_SESSIONS) {
   21248     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21249     // Decrypt just the parameter data, not the size.
   21250     std::string tmp = timeout_bytes.substr(2);
   21251     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   21252       return TRUNKS_RC_ENCRYPTION_FAILED;
   21253     }
   21254     timeout_bytes.replace(2, std::string::npos, tmp);
   21255     rc = Parse_TPM2B_TIMEOUT(&timeout_bytes, timeout, nullptr);
   21256     if (rc != TPM_RC_SUCCESS) {
   21257       return rc;
   21258     }
   21259   }
   21260   return TPM_RC_SUCCESS;
   21261 }
   21262 
   21263 void PolicySecretErrorCallback(const Tpm::PolicySecretResponse& callback,
   21264                                TPM_RC response_code) {
   21265   VLOG(1) << __func__;
   21266   callback.Run(response_code, TPM2B_TIMEOUT(), TPMT_TK_AUTH());
   21267 }
   21268 
   21269 void PolicySecretResponseParser(const Tpm::PolicySecretResponse& callback,
   21270                                 AuthorizationDelegate* authorization_delegate,
   21271                                 const std::string& response) {
   21272   VLOG(1) << __func__;
   21273   base::Callback<void(TPM_RC)> error_reporter =
   21274       base::Bind(PolicySecretErrorCallback, callback);
   21275   TPM2B_TIMEOUT timeout;
   21276   TPMT_TK_AUTH policy_ticket;
   21277   TPM_RC rc = Tpm::ParseResponse_PolicySecret(
   21278       response, &timeout, &policy_ticket, authorization_delegate);
   21279   if (rc != TPM_RC_SUCCESS) {
   21280     error_reporter.Run(rc);
   21281     return;
   21282   }
   21283   callback.Run(rc, timeout, policy_ticket);
   21284 }
   21285 
   21286 void Tpm::PolicySecret(const TPMI_DH_ENTITY& auth_handle,
   21287                        const std::string& auth_handle_name,
   21288                        const TPMI_SH_POLICY& policy_session,
   21289                        const std::string& policy_session_name,
   21290                        const TPM2B_NONCE& nonce_tpm,
   21291                        const TPM2B_DIGEST& cp_hash_a,
   21292                        const TPM2B_NONCE& policy_ref,
   21293                        const INT32& expiration,
   21294                        AuthorizationDelegate* authorization_delegate,
   21295                        const PolicySecretResponse& callback) {
   21296   VLOG(1) << __func__;
   21297   base::Callback<void(TPM_RC)> error_reporter =
   21298       base::Bind(PolicySecretErrorCallback, callback);
   21299   base::Callback<void(const std::string&)> parser =
   21300       base::Bind(PolicySecretResponseParser, callback, authorization_delegate);
   21301   std::string command;
   21302   TPM_RC rc = SerializeCommand_PolicySecret(
   21303       auth_handle, auth_handle_name, policy_session, policy_session_name,
   21304       nonce_tpm, cp_hash_a, policy_ref, expiration, &command,
   21305       authorization_delegate);
   21306   if (rc != TPM_RC_SUCCESS) {
   21307     error_reporter.Run(rc);
   21308     return;
   21309   }
   21310   transceiver_->SendCommand(command, parser);
   21311 }
   21312 
   21313 TPM_RC Tpm::PolicySecretSync(const TPMI_DH_ENTITY& auth_handle,
   21314                              const std::string& auth_handle_name,
   21315                              const TPMI_SH_POLICY& policy_session,
   21316                              const std::string& policy_session_name,
   21317                              const TPM2B_NONCE& nonce_tpm,
   21318                              const TPM2B_DIGEST& cp_hash_a,
   21319                              const TPM2B_NONCE& policy_ref,
   21320                              const INT32& expiration,
   21321                              TPM2B_TIMEOUT* timeout,
   21322                              TPMT_TK_AUTH* policy_ticket,
   21323                              AuthorizationDelegate* authorization_delegate) {
   21324   VLOG(1) << __func__;
   21325   std::string command;
   21326   TPM_RC rc = SerializeCommand_PolicySecret(
   21327       auth_handle, auth_handle_name, policy_session, policy_session_name,
   21328       nonce_tpm, cp_hash_a, policy_ref, expiration, &command,
   21329       authorization_delegate);
   21330   if (rc != TPM_RC_SUCCESS) {
   21331     return rc;
   21332   }
   21333   std::string response = transceiver_->SendCommandAndWait(command);
   21334   rc = ParseResponse_PolicySecret(response, timeout, policy_ticket,
   21335                                   authorization_delegate);
   21336   return rc;
   21337 }
   21338 
   21339 TPM_RC Tpm::SerializeCommand_PolicyTicket(
   21340     const TPMI_SH_POLICY& policy_session,
   21341     const std::string& policy_session_name,
   21342     const TPM2B_TIMEOUT& timeout,
   21343     const TPM2B_DIGEST& cp_hash_a,
   21344     const TPM2B_NONCE& policy_ref,
   21345     const TPM2B_NAME& auth_name,
   21346     const TPMT_TK_AUTH& ticket,
   21347     std::string* serialized_command,
   21348     AuthorizationDelegate* authorization_delegate) {
   21349   VLOG(3) << __func__;
   21350   TPM_RC rc = TPM_RC_SUCCESS;
   21351   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21352   UINT32 command_size = 10;  // Header size.
   21353   std::string handle_section_bytes;
   21354   std::string parameter_section_bytes;
   21355   TPM_CC command_code = TPM_CC_PolicyTicket;
   21356   bool is_command_parameter_encryption_possible = true;
   21357   bool is_response_parameter_encryption_possible = false;
   21358   std::string command_code_bytes;
   21359   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21360   if (rc != TPM_RC_SUCCESS) {
   21361     return rc;
   21362   }
   21363   std::string policy_session_bytes;
   21364   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   21365   if (rc != TPM_RC_SUCCESS) {
   21366     return rc;
   21367   }
   21368   std::string timeout_bytes;
   21369   rc = Serialize_TPM2B_TIMEOUT(timeout, &timeout_bytes);
   21370   if (rc != TPM_RC_SUCCESS) {
   21371     return rc;
   21372   }
   21373   std::string cp_hash_a_bytes;
   21374   rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes);
   21375   if (rc != TPM_RC_SUCCESS) {
   21376     return rc;
   21377   }
   21378   std::string policy_ref_bytes;
   21379   rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes);
   21380   if (rc != TPM_RC_SUCCESS) {
   21381     return rc;
   21382   }
   21383   std::string auth_name_bytes;
   21384   rc = Serialize_TPM2B_NAME(auth_name, &auth_name_bytes);
   21385   if (rc != TPM_RC_SUCCESS) {
   21386     return rc;
   21387   }
   21388   std::string ticket_bytes;
   21389   rc = Serialize_TPMT_TK_AUTH(ticket, &ticket_bytes);
   21390   if (rc != TPM_RC_SUCCESS) {
   21391     return rc;
   21392   }
   21393   if (authorization_delegate) {
   21394     // Encrypt just the parameter data, not the size.
   21395     std::string tmp = timeout_bytes.substr(2);
   21396     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   21397       return TRUNKS_RC_ENCRYPTION_FAILED;
   21398     }
   21399     timeout_bytes.replace(2, std::string::npos, tmp);
   21400   }
   21401   std::unique_ptr<crypto::SecureHash> hash(
   21402       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21403   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21404   hash->Update(policy_session_name.data(), policy_session_name.size());
   21405   handle_section_bytes += policy_session_bytes;
   21406   command_size += policy_session_bytes.size();
   21407   hash->Update(timeout_bytes.data(), timeout_bytes.size());
   21408   parameter_section_bytes += timeout_bytes;
   21409   command_size += timeout_bytes.size();
   21410   hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size());
   21411   parameter_section_bytes += cp_hash_a_bytes;
   21412   command_size += cp_hash_a_bytes.size();
   21413   hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size());
   21414   parameter_section_bytes += policy_ref_bytes;
   21415   command_size += policy_ref_bytes.size();
   21416   hash->Update(auth_name_bytes.data(), auth_name_bytes.size());
   21417   parameter_section_bytes += auth_name_bytes;
   21418   command_size += auth_name_bytes.size();
   21419   hash->Update(ticket_bytes.data(), ticket_bytes.size());
   21420   parameter_section_bytes += ticket_bytes;
   21421   command_size += ticket_bytes.size();
   21422   std::string command_hash(32, 0);
   21423   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   21424   std::string authorization_section_bytes;
   21425   std::string authorization_size_bytes;
   21426   if (authorization_delegate) {
   21427     if (!authorization_delegate->GetCommandAuthorization(
   21428             command_hash, is_command_parameter_encryption_possible,
   21429             is_response_parameter_encryption_possible,
   21430             &authorization_section_bytes)) {
   21431       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21432     }
   21433     if (!authorization_section_bytes.empty()) {
   21434       tag = TPM_ST_SESSIONS;
   21435       std::string tmp;
   21436       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21437                             &authorization_size_bytes);
   21438       if (rc != TPM_RC_SUCCESS) {
   21439         return rc;
   21440       }
   21441       command_size +=
   21442           authorization_size_bytes.size() + authorization_section_bytes.size();
   21443     }
   21444   }
   21445   std::string tag_bytes;
   21446   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   21447   if (rc != TPM_RC_SUCCESS) {
   21448     return rc;
   21449   }
   21450   std::string command_size_bytes;
   21451   rc = Serialize_UINT32(command_size, &command_size_bytes);
   21452   if (rc != TPM_RC_SUCCESS) {
   21453     return rc;
   21454   }
   21455   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   21456                         handle_section_bytes + authorization_size_bytes +
   21457                         authorization_section_bytes + parameter_section_bytes;
   21458   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21459   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21460                                             serialized_command->size());
   21461   return TPM_RC_SUCCESS;
   21462 }
   21463 
   21464 TPM_RC Tpm::ParseResponse_PolicyTicket(
   21465     const std::string& response,
   21466     AuthorizationDelegate* authorization_delegate) {
   21467   VLOG(3) << __func__;
   21468   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21469   TPM_RC rc = TPM_RC_SUCCESS;
   21470   std::string buffer(response);
   21471   TPM_ST tag;
   21472   std::string tag_bytes;
   21473   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   21474   if (rc != TPM_RC_SUCCESS) {
   21475     return rc;
   21476   }
   21477   UINT32 response_size;
   21478   std::string response_size_bytes;
   21479   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   21480   if (rc != TPM_RC_SUCCESS) {
   21481     return rc;
   21482   }
   21483   TPM_RC response_code;
   21484   std::string response_code_bytes;
   21485   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   21486   if (rc != TPM_RC_SUCCESS) {
   21487     return rc;
   21488   }
   21489   if (response_size != response.size()) {
   21490     return TPM_RC_SIZE;
   21491   }
   21492   if (response_code != TPM_RC_SUCCESS) {
   21493     return response_code;
   21494   }
   21495   TPM_CC command_code = TPM_CC_PolicyTicket;
   21496   std::string command_code_bytes;
   21497   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21498   if (rc != TPM_RC_SUCCESS) {
   21499     return rc;
   21500   }
   21501   std::string authorization_section_bytes;
   21502   if (tag == TPM_ST_SESSIONS) {
   21503     UINT32 parameter_section_size = buffer.size();
   21504     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21505     if (rc != TPM_RC_SUCCESS) {
   21506       return rc;
   21507     }
   21508     if (parameter_section_size > buffer.size()) {
   21509       return TPM_RC_INSUFFICIENT;
   21510     }
   21511     authorization_section_bytes = buffer.substr(parameter_section_size);
   21512     // Keep the parameter section in |buffer|.
   21513     buffer.erase(parameter_section_size);
   21514   }
   21515   std::unique_ptr<crypto::SecureHash> hash(
   21516       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21517   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   21518   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21519   hash->Update(buffer.data(), buffer.size());
   21520   std::string response_hash(32, 0);
   21521   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   21522   if (tag == TPM_ST_SESSIONS) {
   21523     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21524     if (!authorization_delegate->CheckResponseAuthorization(
   21525             response_hash, authorization_section_bytes)) {
   21526       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21527     }
   21528   }
   21529   return TPM_RC_SUCCESS;
   21530 }
   21531 
   21532 void PolicyTicketErrorCallback(const Tpm::PolicyTicketResponse& callback,
   21533                                TPM_RC response_code) {
   21534   VLOG(1) << __func__;
   21535   callback.Run(response_code);
   21536 }
   21537 
   21538 void PolicyTicketResponseParser(const Tpm::PolicyTicketResponse& callback,
   21539                                 AuthorizationDelegate* authorization_delegate,
   21540                                 const std::string& response) {
   21541   VLOG(1) << __func__;
   21542   base::Callback<void(TPM_RC)> error_reporter =
   21543       base::Bind(PolicyTicketErrorCallback, callback);
   21544   TPM_RC rc = Tpm::ParseResponse_PolicyTicket(response, authorization_delegate);
   21545   if (rc != TPM_RC_SUCCESS) {
   21546     error_reporter.Run(rc);
   21547     return;
   21548   }
   21549   callback.Run(rc);
   21550 }
   21551 
   21552 void Tpm::PolicyTicket(const TPMI_SH_POLICY& policy_session,
   21553                        const std::string& policy_session_name,
   21554                        const TPM2B_TIMEOUT& timeout,
   21555                        const TPM2B_DIGEST& cp_hash_a,
   21556                        const TPM2B_NONCE& policy_ref,
   21557                        const TPM2B_NAME& auth_name,
   21558                        const TPMT_TK_AUTH& ticket,
   21559                        AuthorizationDelegate* authorization_delegate,
   21560                        const PolicyTicketResponse& callback) {
   21561   VLOG(1) << __func__;
   21562   base::Callback<void(TPM_RC)> error_reporter =
   21563       base::Bind(PolicyTicketErrorCallback, callback);
   21564   base::Callback<void(const std::string&)> parser =
   21565       base::Bind(PolicyTicketResponseParser, callback, authorization_delegate);
   21566   std::string command;
   21567   TPM_RC rc = SerializeCommand_PolicyTicket(
   21568       policy_session, policy_session_name, timeout, cp_hash_a, policy_ref,
   21569       auth_name, ticket, &command, authorization_delegate);
   21570   if (rc != TPM_RC_SUCCESS) {
   21571     error_reporter.Run(rc);
   21572     return;
   21573   }
   21574   transceiver_->SendCommand(command, parser);
   21575 }
   21576 
   21577 TPM_RC Tpm::PolicyTicketSync(const TPMI_SH_POLICY& policy_session,
   21578                              const std::string& policy_session_name,
   21579                              const TPM2B_TIMEOUT& timeout,
   21580                              const TPM2B_DIGEST& cp_hash_a,
   21581                              const TPM2B_NONCE& policy_ref,
   21582                              const TPM2B_NAME& auth_name,
   21583                              const TPMT_TK_AUTH& ticket,
   21584                              AuthorizationDelegate* authorization_delegate) {
   21585   VLOG(1) << __func__;
   21586   std::string command;
   21587   TPM_RC rc = SerializeCommand_PolicyTicket(
   21588       policy_session, policy_session_name, timeout, cp_hash_a, policy_ref,
   21589       auth_name, ticket, &command, authorization_delegate);
   21590   if (rc != TPM_RC_SUCCESS) {
   21591     return rc;
   21592   }
   21593   std::string response = transceiver_->SendCommandAndWait(command);
   21594   rc = ParseResponse_PolicyTicket(response, authorization_delegate);
   21595   return rc;
   21596 }
   21597 
   21598 TPM_RC Tpm::SerializeCommand_PolicyOR(
   21599     const TPMI_SH_POLICY& policy_session,
   21600     const std::string& policy_session_name,
   21601     const TPML_DIGEST& p_hash_list,
   21602     std::string* serialized_command,
   21603     AuthorizationDelegate* authorization_delegate) {
   21604   VLOG(3) << __func__;
   21605   TPM_RC rc = TPM_RC_SUCCESS;
   21606   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21607   UINT32 command_size = 10;  // Header size.
   21608   std::string handle_section_bytes;
   21609   std::string parameter_section_bytes;
   21610   TPM_CC command_code = TPM_CC_PolicyOR;
   21611   bool is_command_parameter_encryption_possible = false;
   21612   bool is_response_parameter_encryption_possible = false;
   21613   std::string command_code_bytes;
   21614   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21615   if (rc != TPM_RC_SUCCESS) {
   21616     return rc;
   21617   }
   21618   std::string policy_session_bytes;
   21619   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   21620   if (rc != TPM_RC_SUCCESS) {
   21621     return rc;
   21622   }
   21623   std::string p_hash_list_bytes;
   21624   rc = Serialize_TPML_DIGEST(p_hash_list, &p_hash_list_bytes);
   21625   if (rc != TPM_RC_SUCCESS) {
   21626     return rc;
   21627   }
   21628   std::unique_ptr<crypto::SecureHash> hash(
   21629       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21630   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21631   hash->Update(policy_session_name.data(), policy_session_name.size());
   21632   handle_section_bytes += policy_session_bytes;
   21633   command_size += policy_session_bytes.size();
   21634   hash->Update(p_hash_list_bytes.data(), p_hash_list_bytes.size());
   21635   parameter_section_bytes += p_hash_list_bytes;
   21636   command_size += p_hash_list_bytes.size();
   21637   std::string command_hash(32, 0);
   21638   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   21639   std::string authorization_section_bytes;
   21640   std::string authorization_size_bytes;
   21641   if (authorization_delegate) {
   21642     if (!authorization_delegate->GetCommandAuthorization(
   21643             command_hash, is_command_parameter_encryption_possible,
   21644             is_response_parameter_encryption_possible,
   21645             &authorization_section_bytes)) {
   21646       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21647     }
   21648     if (!authorization_section_bytes.empty()) {
   21649       tag = TPM_ST_SESSIONS;
   21650       std::string tmp;
   21651       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21652                             &authorization_size_bytes);
   21653       if (rc != TPM_RC_SUCCESS) {
   21654         return rc;
   21655       }
   21656       command_size +=
   21657           authorization_size_bytes.size() + authorization_section_bytes.size();
   21658     }
   21659   }
   21660   std::string tag_bytes;
   21661   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   21662   if (rc != TPM_RC_SUCCESS) {
   21663     return rc;
   21664   }
   21665   std::string command_size_bytes;
   21666   rc = Serialize_UINT32(command_size, &command_size_bytes);
   21667   if (rc != TPM_RC_SUCCESS) {
   21668     return rc;
   21669   }
   21670   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   21671                         handle_section_bytes + authorization_size_bytes +
   21672                         authorization_section_bytes + parameter_section_bytes;
   21673   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21674   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21675                                             serialized_command->size());
   21676   return TPM_RC_SUCCESS;
   21677 }
   21678 
   21679 TPM_RC Tpm::ParseResponse_PolicyOR(
   21680     const std::string& response,
   21681     AuthorizationDelegate* authorization_delegate) {
   21682   VLOG(3) << __func__;
   21683   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21684   TPM_RC rc = TPM_RC_SUCCESS;
   21685   std::string buffer(response);
   21686   TPM_ST tag;
   21687   std::string tag_bytes;
   21688   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   21689   if (rc != TPM_RC_SUCCESS) {
   21690     return rc;
   21691   }
   21692   UINT32 response_size;
   21693   std::string response_size_bytes;
   21694   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   21695   if (rc != TPM_RC_SUCCESS) {
   21696     return rc;
   21697   }
   21698   TPM_RC response_code;
   21699   std::string response_code_bytes;
   21700   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   21701   if (rc != TPM_RC_SUCCESS) {
   21702     return rc;
   21703   }
   21704   if (response_size != response.size()) {
   21705     return TPM_RC_SIZE;
   21706   }
   21707   if (response_code != TPM_RC_SUCCESS) {
   21708     return response_code;
   21709   }
   21710   TPM_CC command_code = TPM_CC_PolicyOR;
   21711   std::string command_code_bytes;
   21712   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21713   if (rc != TPM_RC_SUCCESS) {
   21714     return rc;
   21715   }
   21716   std::string authorization_section_bytes;
   21717   if (tag == TPM_ST_SESSIONS) {
   21718     UINT32 parameter_section_size = buffer.size();
   21719     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21720     if (rc != TPM_RC_SUCCESS) {
   21721       return rc;
   21722     }
   21723     if (parameter_section_size > buffer.size()) {
   21724       return TPM_RC_INSUFFICIENT;
   21725     }
   21726     authorization_section_bytes = buffer.substr(parameter_section_size);
   21727     // Keep the parameter section in |buffer|.
   21728     buffer.erase(parameter_section_size);
   21729   }
   21730   std::unique_ptr<crypto::SecureHash> hash(
   21731       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21732   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   21733   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21734   hash->Update(buffer.data(), buffer.size());
   21735   std::string response_hash(32, 0);
   21736   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   21737   if (tag == TPM_ST_SESSIONS) {
   21738     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21739     if (!authorization_delegate->CheckResponseAuthorization(
   21740             response_hash, authorization_section_bytes)) {
   21741       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21742     }
   21743   }
   21744   return TPM_RC_SUCCESS;
   21745 }
   21746 
   21747 void PolicyORErrorCallback(const Tpm::PolicyORResponse& callback,
   21748                            TPM_RC response_code) {
   21749   VLOG(1) << __func__;
   21750   callback.Run(response_code);
   21751 }
   21752 
   21753 void PolicyORResponseParser(const Tpm::PolicyORResponse& callback,
   21754                             AuthorizationDelegate* authorization_delegate,
   21755                             const std::string& response) {
   21756   VLOG(1) << __func__;
   21757   base::Callback<void(TPM_RC)> error_reporter =
   21758       base::Bind(PolicyORErrorCallback, callback);
   21759   TPM_RC rc = Tpm::ParseResponse_PolicyOR(response, authorization_delegate);
   21760   if (rc != TPM_RC_SUCCESS) {
   21761     error_reporter.Run(rc);
   21762     return;
   21763   }
   21764   callback.Run(rc);
   21765 }
   21766 
   21767 void Tpm::PolicyOR(const TPMI_SH_POLICY& policy_session,
   21768                    const std::string& policy_session_name,
   21769                    const TPML_DIGEST& p_hash_list,
   21770                    AuthorizationDelegate* authorization_delegate,
   21771                    const PolicyORResponse& callback) {
   21772   VLOG(1) << __func__;
   21773   base::Callback<void(TPM_RC)> error_reporter =
   21774       base::Bind(PolicyORErrorCallback, callback);
   21775   base::Callback<void(const std::string&)> parser =
   21776       base::Bind(PolicyORResponseParser, callback, authorization_delegate);
   21777   std::string command;
   21778   TPM_RC rc =
   21779       SerializeCommand_PolicyOR(policy_session, policy_session_name,
   21780                                 p_hash_list, &command, authorization_delegate);
   21781   if (rc != TPM_RC_SUCCESS) {
   21782     error_reporter.Run(rc);
   21783     return;
   21784   }
   21785   transceiver_->SendCommand(command, parser);
   21786 }
   21787 
   21788 TPM_RC Tpm::PolicyORSync(const TPMI_SH_POLICY& policy_session,
   21789                          const std::string& policy_session_name,
   21790                          const TPML_DIGEST& p_hash_list,
   21791                          AuthorizationDelegate* authorization_delegate) {
   21792   VLOG(1) << __func__;
   21793   std::string command;
   21794   TPM_RC rc =
   21795       SerializeCommand_PolicyOR(policy_session, policy_session_name,
   21796                                 p_hash_list, &command, authorization_delegate);
   21797   if (rc != TPM_RC_SUCCESS) {
   21798     return rc;
   21799   }
   21800   std::string response = transceiver_->SendCommandAndWait(command);
   21801   rc = ParseResponse_PolicyOR(response, authorization_delegate);
   21802   return rc;
   21803 }
   21804 
   21805 TPM_RC Tpm::SerializeCommand_PolicyPCR(
   21806     const TPMI_SH_POLICY& policy_session,
   21807     const std::string& policy_session_name,
   21808     const TPM2B_DIGEST& pcr_digest,
   21809     const TPML_PCR_SELECTION& pcrs,
   21810     std::string* serialized_command,
   21811     AuthorizationDelegate* authorization_delegate) {
   21812   VLOG(3) << __func__;
   21813   TPM_RC rc = TPM_RC_SUCCESS;
   21814   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21815   UINT32 command_size = 10;  // Header size.
   21816   std::string handle_section_bytes;
   21817   std::string parameter_section_bytes;
   21818   TPM_CC command_code = TPM_CC_PolicyPCR;
   21819   bool is_command_parameter_encryption_possible = true;
   21820   bool is_response_parameter_encryption_possible = false;
   21821   std::string command_code_bytes;
   21822   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21823   if (rc != TPM_RC_SUCCESS) {
   21824     return rc;
   21825   }
   21826   std::string policy_session_bytes;
   21827   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   21828   if (rc != TPM_RC_SUCCESS) {
   21829     return rc;
   21830   }
   21831   std::string pcr_digest_bytes;
   21832   rc = Serialize_TPM2B_DIGEST(pcr_digest, &pcr_digest_bytes);
   21833   if (rc != TPM_RC_SUCCESS) {
   21834     return rc;
   21835   }
   21836   std::string pcrs_bytes;
   21837   rc = Serialize_TPML_PCR_SELECTION(pcrs, &pcrs_bytes);
   21838   if (rc != TPM_RC_SUCCESS) {
   21839     return rc;
   21840   }
   21841   if (authorization_delegate) {
   21842     // Encrypt just the parameter data, not the size.
   21843     std::string tmp = pcr_digest_bytes.substr(2);
   21844     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   21845       return TRUNKS_RC_ENCRYPTION_FAILED;
   21846     }
   21847     pcr_digest_bytes.replace(2, std::string::npos, tmp);
   21848   }
   21849   std::unique_ptr<crypto::SecureHash> hash(
   21850       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21851   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21852   hash->Update(policy_session_name.data(), policy_session_name.size());
   21853   handle_section_bytes += policy_session_bytes;
   21854   command_size += policy_session_bytes.size();
   21855   hash->Update(pcr_digest_bytes.data(), pcr_digest_bytes.size());
   21856   parameter_section_bytes += pcr_digest_bytes;
   21857   command_size += pcr_digest_bytes.size();
   21858   hash->Update(pcrs_bytes.data(), pcrs_bytes.size());
   21859   parameter_section_bytes += pcrs_bytes;
   21860   command_size += pcrs_bytes.size();
   21861   std::string command_hash(32, 0);
   21862   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   21863   std::string authorization_section_bytes;
   21864   std::string authorization_size_bytes;
   21865   if (authorization_delegate) {
   21866     if (!authorization_delegate->GetCommandAuthorization(
   21867             command_hash, is_command_parameter_encryption_possible,
   21868             is_response_parameter_encryption_possible,
   21869             &authorization_section_bytes)) {
   21870       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21871     }
   21872     if (!authorization_section_bytes.empty()) {
   21873       tag = TPM_ST_SESSIONS;
   21874       std::string tmp;
   21875       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21876                             &authorization_size_bytes);
   21877       if (rc != TPM_RC_SUCCESS) {
   21878         return rc;
   21879       }
   21880       command_size +=
   21881           authorization_size_bytes.size() + authorization_section_bytes.size();
   21882     }
   21883   }
   21884   std::string tag_bytes;
   21885   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   21886   if (rc != TPM_RC_SUCCESS) {
   21887     return rc;
   21888   }
   21889   std::string command_size_bytes;
   21890   rc = Serialize_UINT32(command_size, &command_size_bytes);
   21891   if (rc != TPM_RC_SUCCESS) {
   21892     return rc;
   21893   }
   21894   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   21895                         handle_section_bytes + authorization_size_bytes +
   21896                         authorization_section_bytes + parameter_section_bytes;
   21897   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21898   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21899                                             serialized_command->size());
   21900   return TPM_RC_SUCCESS;
   21901 }
   21902 
   21903 TPM_RC Tpm::ParseResponse_PolicyPCR(
   21904     const std::string& response,
   21905     AuthorizationDelegate* authorization_delegate) {
   21906   VLOG(3) << __func__;
   21907   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21908   TPM_RC rc = TPM_RC_SUCCESS;
   21909   std::string buffer(response);
   21910   TPM_ST tag;
   21911   std::string tag_bytes;
   21912   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   21913   if (rc != TPM_RC_SUCCESS) {
   21914     return rc;
   21915   }
   21916   UINT32 response_size;
   21917   std::string response_size_bytes;
   21918   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   21919   if (rc != TPM_RC_SUCCESS) {
   21920     return rc;
   21921   }
   21922   TPM_RC response_code;
   21923   std::string response_code_bytes;
   21924   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   21925   if (rc != TPM_RC_SUCCESS) {
   21926     return rc;
   21927   }
   21928   if (response_size != response.size()) {
   21929     return TPM_RC_SIZE;
   21930   }
   21931   if (response_code != TPM_RC_SUCCESS) {
   21932     return response_code;
   21933   }
   21934   TPM_CC command_code = TPM_CC_PolicyPCR;
   21935   std::string command_code_bytes;
   21936   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   21937   if (rc != TPM_RC_SUCCESS) {
   21938     return rc;
   21939   }
   21940   std::string authorization_section_bytes;
   21941   if (tag == TPM_ST_SESSIONS) {
   21942     UINT32 parameter_section_size = buffer.size();
   21943     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21944     if (rc != TPM_RC_SUCCESS) {
   21945       return rc;
   21946     }
   21947     if (parameter_section_size > buffer.size()) {
   21948       return TPM_RC_INSUFFICIENT;
   21949     }
   21950     authorization_section_bytes = buffer.substr(parameter_section_size);
   21951     // Keep the parameter section in |buffer|.
   21952     buffer.erase(parameter_section_size);
   21953   }
   21954   std::unique_ptr<crypto::SecureHash> hash(
   21955       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   21956   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   21957   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   21958   hash->Update(buffer.data(), buffer.size());
   21959   std::string response_hash(32, 0);
   21960   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   21961   if (tag == TPM_ST_SESSIONS) {
   21962     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21963     if (!authorization_delegate->CheckResponseAuthorization(
   21964             response_hash, authorization_section_bytes)) {
   21965       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21966     }
   21967   }
   21968   return TPM_RC_SUCCESS;
   21969 }
   21970 
   21971 void PolicyPCRErrorCallback(const Tpm::PolicyPCRResponse& callback,
   21972                             TPM_RC response_code) {
   21973   VLOG(1) << __func__;
   21974   callback.Run(response_code);
   21975 }
   21976 
   21977 void PolicyPCRResponseParser(const Tpm::PolicyPCRResponse& callback,
   21978                              AuthorizationDelegate* authorization_delegate,
   21979                              const std::string& response) {
   21980   VLOG(1) << __func__;
   21981   base::Callback<void(TPM_RC)> error_reporter =
   21982       base::Bind(PolicyPCRErrorCallback, callback);
   21983   TPM_RC rc = Tpm::ParseResponse_PolicyPCR(response, authorization_delegate);
   21984   if (rc != TPM_RC_SUCCESS) {
   21985     error_reporter.Run(rc);
   21986     return;
   21987   }
   21988   callback.Run(rc);
   21989 }
   21990 
   21991 void Tpm::PolicyPCR(const TPMI_SH_POLICY& policy_session,
   21992                     const std::string& policy_session_name,
   21993                     const TPM2B_DIGEST& pcr_digest,
   21994                     const TPML_PCR_SELECTION& pcrs,
   21995                     AuthorizationDelegate* authorization_delegate,
   21996                     const PolicyPCRResponse& callback) {
   21997   VLOG(1) << __func__;
   21998   base::Callback<void(TPM_RC)> error_reporter =
   21999       base::Bind(PolicyPCRErrorCallback, callback);
   22000   base::Callback<void(const std::string&)> parser =
   22001       base::Bind(PolicyPCRResponseParser, callback, authorization_delegate);
   22002   std::string command;
   22003   TPM_RC rc = SerializeCommand_PolicyPCR(policy_session, policy_session_name,
   22004                                          pcr_digest, pcrs, &command,
   22005                                          authorization_delegate);
   22006   if (rc != TPM_RC_SUCCESS) {
   22007     error_reporter.Run(rc);
   22008     return;
   22009   }
   22010   transceiver_->SendCommand(command, parser);
   22011 }
   22012 
   22013 TPM_RC Tpm::PolicyPCRSync(const TPMI_SH_POLICY& policy_session,
   22014                           const std::string& policy_session_name,
   22015                           const TPM2B_DIGEST& pcr_digest,
   22016                           const TPML_PCR_SELECTION& pcrs,
   22017                           AuthorizationDelegate* authorization_delegate) {
   22018   VLOG(1) << __func__;
   22019   std::string command;
   22020   TPM_RC rc = SerializeCommand_PolicyPCR(policy_session, policy_session_name,
   22021                                          pcr_digest, pcrs, &command,
   22022                                          authorization_delegate);
   22023   if (rc != TPM_RC_SUCCESS) {
   22024     return rc;
   22025   }
   22026   std::string response = transceiver_->SendCommandAndWait(command);
   22027   rc = ParseResponse_PolicyPCR(response, authorization_delegate);
   22028   return rc;
   22029 }
   22030 
   22031 TPM_RC Tpm::SerializeCommand_PolicyLocality(
   22032     const TPMI_SH_POLICY& policy_session,
   22033     const std::string& policy_session_name,
   22034     const TPMA_LOCALITY& locality,
   22035     std::string* serialized_command,
   22036     AuthorizationDelegate* authorization_delegate) {
   22037   VLOG(3) << __func__;
   22038   TPM_RC rc = TPM_RC_SUCCESS;
   22039   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22040   UINT32 command_size = 10;  // Header size.
   22041   std::string handle_section_bytes;
   22042   std::string parameter_section_bytes;
   22043   TPM_CC command_code = TPM_CC_PolicyLocality;
   22044   bool is_command_parameter_encryption_possible = false;
   22045   bool is_response_parameter_encryption_possible = false;
   22046   std::string command_code_bytes;
   22047   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22048   if (rc != TPM_RC_SUCCESS) {
   22049     return rc;
   22050   }
   22051   std::string policy_session_bytes;
   22052   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   22053   if (rc != TPM_RC_SUCCESS) {
   22054     return rc;
   22055   }
   22056   std::string locality_bytes;
   22057   rc = Serialize_TPMA_LOCALITY(locality, &locality_bytes);
   22058   if (rc != TPM_RC_SUCCESS) {
   22059     return rc;
   22060   }
   22061   std::unique_ptr<crypto::SecureHash> hash(
   22062       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22063   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22064   hash->Update(policy_session_name.data(), policy_session_name.size());
   22065   handle_section_bytes += policy_session_bytes;
   22066   command_size += policy_session_bytes.size();
   22067   hash->Update(locality_bytes.data(), locality_bytes.size());
   22068   parameter_section_bytes += locality_bytes;
   22069   command_size += locality_bytes.size();
   22070   std::string command_hash(32, 0);
   22071   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   22072   std::string authorization_section_bytes;
   22073   std::string authorization_size_bytes;
   22074   if (authorization_delegate) {
   22075     if (!authorization_delegate->GetCommandAuthorization(
   22076             command_hash, is_command_parameter_encryption_possible,
   22077             is_response_parameter_encryption_possible,
   22078             &authorization_section_bytes)) {
   22079       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22080     }
   22081     if (!authorization_section_bytes.empty()) {
   22082       tag = TPM_ST_SESSIONS;
   22083       std::string tmp;
   22084       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22085                             &authorization_size_bytes);
   22086       if (rc != TPM_RC_SUCCESS) {
   22087         return rc;
   22088       }
   22089       command_size +=
   22090           authorization_size_bytes.size() + authorization_section_bytes.size();
   22091     }
   22092   }
   22093   std::string tag_bytes;
   22094   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   22095   if (rc != TPM_RC_SUCCESS) {
   22096     return rc;
   22097   }
   22098   std::string command_size_bytes;
   22099   rc = Serialize_UINT32(command_size, &command_size_bytes);
   22100   if (rc != TPM_RC_SUCCESS) {
   22101     return rc;
   22102   }
   22103   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   22104                         handle_section_bytes + authorization_size_bytes +
   22105                         authorization_section_bytes + parameter_section_bytes;
   22106   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22107   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22108                                             serialized_command->size());
   22109   return TPM_RC_SUCCESS;
   22110 }
   22111 
   22112 TPM_RC Tpm::ParseResponse_PolicyLocality(
   22113     const std::string& response,
   22114     AuthorizationDelegate* authorization_delegate) {
   22115   VLOG(3) << __func__;
   22116   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22117   TPM_RC rc = TPM_RC_SUCCESS;
   22118   std::string buffer(response);
   22119   TPM_ST tag;
   22120   std::string tag_bytes;
   22121   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   22122   if (rc != TPM_RC_SUCCESS) {
   22123     return rc;
   22124   }
   22125   UINT32 response_size;
   22126   std::string response_size_bytes;
   22127   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   22128   if (rc != TPM_RC_SUCCESS) {
   22129     return rc;
   22130   }
   22131   TPM_RC response_code;
   22132   std::string response_code_bytes;
   22133   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   22134   if (rc != TPM_RC_SUCCESS) {
   22135     return rc;
   22136   }
   22137   if (response_size != response.size()) {
   22138     return TPM_RC_SIZE;
   22139   }
   22140   if (response_code != TPM_RC_SUCCESS) {
   22141     return response_code;
   22142   }
   22143   TPM_CC command_code = TPM_CC_PolicyLocality;
   22144   std::string command_code_bytes;
   22145   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22146   if (rc != TPM_RC_SUCCESS) {
   22147     return rc;
   22148   }
   22149   std::string authorization_section_bytes;
   22150   if (tag == TPM_ST_SESSIONS) {
   22151     UINT32 parameter_section_size = buffer.size();
   22152     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22153     if (rc != TPM_RC_SUCCESS) {
   22154       return rc;
   22155     }
   22156     if (parameter_section_size > buffer.size()) {
   22157       return TPM_RC_INSUFFICIENT;
   22158     }
   22159     authorization_section_bytes = buffer.substr(parameter_section_size);
   22160     // Keep the parameter section in |buffer|.
   22161     buffer.erase(parameter_section_size);
   22162   }
   22163   std::unique_ptr<crypto::SecureHash> hash(
   22164       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22165   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   22166   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22167   hash->Update(buffer.data(), buffer.size());
   22168   std::string response_hash(32, 0);
   22169   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   22170   if (tag == TPM_ST_SESSIONS) {
   22171     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22172     if (!authorization_delegate->CheckResponseAuthorization(
   22173             response_hash, authorization_section_bytes)) {
   22174       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22175     }
   22176   }
   22177   return TPM_RC_SUCCESS;
   22178 }
   22179 
   22180 void PolicyLocalityErrorCallback(const Tpm::PolicyLocalityResponse& callback,
   22181                                  TPM_RC response_code) {
   22182   VLOG(1) << __func__;
   22183   callback.Run(response_code);
   22184 }
   22185 
   22186 void PolicyLocalityResponseParser(const Tpm::PolicyLocalityResponse& callback,
   22187                                   AuthorizationDelegate* authorization_delegate,
   22188                                   const std::string& response) {
   22189   VLOG(1) << __func__;
   22190   base::Callback<void(TPM_RC)> error_reporter =
   22191       base::Bind(PolicyLocalityErrorCallback, callback);
   22192   TPM_RC rc =
   22193       Tpm::ParseResponse_PolicyLocality(response, authorization_delegate);
   22194   if (rc != TPM_RC_SUCCESS) {
   22195     error_reporter.Run(rc);
   22196     return;
   22197   }
   22198   callback.Run(rc);
   22199 }
   22200 
   22201 void Tpm::PolicyLocality(const TPMI_SH_POLICY& policy_session,
   22202                          const std::string& policy_session_name,
   22203                          const TPMA_LOCALITY& locality,
   22204                          AuthorizationDelegate* authorization_delegate,
   22205                          const PolicyLocalityResponse& callback) {
   22206   VLOG(1) << __func__;
   22207   base::Callback<void(TPM_RC)> error_reporter =
   22208       base::Bind(PolicyLocalityErrorCallback, callback);
   22209   base::Callback<void(const std::string&)> parser = base::Bind(
   22210       PolicyLocalityResponseParser, callback, authorization_delegate);
   22211   std::string command;
   22212   TPM_RC rc = SerializeCommand_PolicyLocality(policy_session,
   22213                                               policy_session_name, locality,
   22214                                               &command, authorization_delegate);
   22215   if (rc != TPM_RC_SUCCESS) {
   22216     error_reporter.Run(rc);
   22217     return;
   22218   }
   22219   transceiver_->SendCommand(command, parser);
   22220 }
   22221 
   22222 TPM_RC Tpm::PolicyLocalitySync(const TPMI_SH_POLICY& policy_session,
   22223                                const std::string& policy_session_name,
   22224                                const TPMA_LOCALITY& locality,
   22225                                AuthorizationDelegate* authorization_delegate) {
   22226   VLOG(1) << __func__;
   22227   std::string command;
   22228   TPM_RC rc = SerializeCommand_PolicyLocality(policy_session,
   22229                                               policy_session_name, locality,
   22230                                               &command, authorization_delegate);
   22231   if (rc != TPM_RC_SUCCESS) {
   22232     return rc;
   22233   }
   22234   std::string response = transceiver_->SendCommandAndWait(command);
   22235   rc = ParseResponse_PolicyLocality(response, authorization_delegate);
   22236   return rc;
   22237 }
   22238 
   22239 TPM_RC Tpm::SerializeCommand_PolicyNV(
   22240     const TPMI_RH_NV_AUTH& auth_handle,
   22241     const std::string& auth_handle_name,
   22242     const TPMI_RH_NV_INDEX& nv_index,
   22243     const std::string& nv_index_name,
   22244     const TPMI_SH_POLICY& policy_session,
   22245     const std::string& policy_session_name,
   22246     const TPM2B_OPERAND& operand_b,
   22247     const UINT16& offset,
   22248     const TPM_EO& operation,
   22249     std::string* serialized_command,
   22250     AuthorizationDelegate* authorization_delegate) {
   22251   VLOG(3) << __func__;
   22252   TPM_RC rc = TPM_RC_SUCCESS;
   22253   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22254   UINT32 command_size = 10;  // Header size.
   22255   std::string handle_section_bytes;
   22256   std::string parameter_section_bytes;
   22257   TPM_CC command_code = TPM_CC_PolicyNV;
   22258   bool is_command_parameter_encryption_possible = true;
   22259   bool is_response_parameter_encryption_possible = false;
   22260   std::string command_code_bytes;
   22261   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22262   if (rc != TPM_RC_SUCCESS) {
   22263     return rc;
   22264   }
   22265   std::string auth_handle_bytes;
   22266   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   22267   if (rc != TPM_RC_SUCCESS) {
   22268     return rc;
   22269   }
   22270   std::string nv_index_bytes;
   22271   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   22272   if (rc != TPM_RC_SUCCESS) {
   22273     return rc;
   22274   }
   22275   std::string policy_session_bytes;
   22276   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   22277   if (rc != TPM_RC_SUCCESS) {
   22278     return rc;
   22279   }
   22280   std::string operand_b_bytes;
   22281   rc = Serialize_TPM2B_OPERAND(operand_b, &operand_b_bytes);
   22282   if (rc != TPM_RC_SUCCESS) {
   22283     return rc;
   22284   }
   22285   std::string offset_bytes;
   22286   rc = Serialize_UINT16(offset, &offset_bytes);
   22287   if (rc != TPM_RC_SUCCESS) {
   22288     return rc;
   22289   }
   22290   std::string operation_bytes;
   22291   rc = Serialize_TPM_EO(operation, &operation_bytes);
   22292   if (rc != TPM_RC_SUCCESS) {
   22293     return rc;
   22294   }
   22295   if (authorization_delegate) {
   22296     // Encrypt just the parameter data, not the size.
   22297     std::string tmp = operand_b_bytes.substr(2);
   22298     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   22299       return TRUNKS_RC_ENCRYPTION_FAILED;
   22300     }
   22301     operand_b_bytes.replace(2, std::string::npos, tmp);
   22302   }
   22303   std::unique_ptr<crypto::SecureHash> hash(
   22304       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22305   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22306   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   22307   handle_section_bytes += auth_handle_bytes;
   22308   command_size += auth_handle_bytes.size();
   22309   hash->Update(nv_index_name.data(), nv_index_name.size());
   22310   handle_section_bytes += nv_index_bytes;
   22311   command_size += nv_index_bytes.size();
   22312   hash->Update(policy_session_name.data(), policy_session_name.size());
   22313   handle_section_bytes += policy_session_bytes;
   22314   command_size += policy_session_bytes.size();
   22315   hash->Update(operand_b_bytes.data(), operand_b_bytes.size());
   22316   parameter_section_bytes += operand_b_bytes;
   22317   command_size += operand_b_bytes.size();
   22318   hash->Update(offset_bytes.data(), offset_bytes.size());
   22319   parameter_section_bytes += offset_bytes;
   22320   command_size += offset_bytes.size();
   22321   hash->Update(operation_bytes.data(), operation_bytes.size());
   22322   parameter_section_bytes += operation_bytes;
   22323   command_size += operation_bytes.size();
   22324   std::string command_hash(32, 0);
   22325   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   22326   std::string authorization_section_bytes;
   22327   std::string authorization_size_bytes;
   22328   if (authorization_delegate) {
   22329     if (!authorization_delegate->GetCommandAuthorization(
   22330             command_hash, is_command_parameter_encryption_possible,
   22331             is_response_parameter_encryption_possible,
   22332             &authorization_section_bytes)) {
   22333       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22334     }
   22335     if (!authorization_section_bytes.empty()) {
   22336       tag = TPM_ST_SESSIONS;
   22337       std::string tmp;
   22338       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22339                             &authorization_size_bytes);
   22340       if (rc != TPM_RC_SUCCESS) {
   22341         return rc;
   22342       }
   22343       command_size +=
   22344           authorization_size_bytes.size() + authorization_section_bytes.size();
   22345     }
   22346   }
   22347   std::string tag_bytes;
   22348   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   22349   if (rc != TPM_RC_SUCCESS) {
   22350     return rc;
   22351   }
   22352   std::string command_size_bytes;
   22353   rc = Serialize_UINT32(command_size, &command_size_bytes);
   22354   if (rc != TPM_RC_SUCCESS) {
   22355     return rc;
   22356   }
   22357   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   22358                         handle_section_bytes + authorization_size_bytes +
   22359                         authorization_section_bytes + parameter_section_bytes;
   22360   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22361   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22362                                             serialized_command->size());
   22363   return TPM_RC_SUCCESS;
   22364 }
   22365 
   22366 TPM_RC Tpm::ParseResponse_PolicyNV(
   22367     const std::string& response,
   22368     AuthorizationDelegate* authorization_delegate) {
   22369   VLOG(3) << __func__;
   22370   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22371   TPM_RC rc = TPM_RC_SUCCESS;
   22372   std::string buffer(response);
   22373   TPM_ST tag;
   22374   std::string tag_bytes;
   22375   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   22376   if (rc != TPM_RC_SUCCESS) {
   22377     return rc;
   22378   }
   22379   UINT32 response_size;
   22380   std::string response_size_bytes;
   22381   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   22382   if (rc != TPM_RC_SUCCESS) {
   22383     return rc;
   22384   }
   22385   TPM_RC response_code;
   22386   std::string response_code_bytes;
   22387   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   22388   if (rc != TPM_RC_SUCCESS) {
   22389     return rc;
   22390   }
   22391   if (response_size != response.size()) {
   22392     return TPM_RC_SIZE;
   22393   }
   22394   if (response_code != TPM_RC_SUCCESS) {
   22395     return response_code;
   22396   }
   22397   TPM_CC command_code = TPM_CC_PolicyNV;
   22398   std::string command_code_bytes;
   22399   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22400   if (rc != TPM_RC_SUCCESS) {
   22401     return rc;
   22402   }
   22403   std::string authorization_section_bytes;
   22404   if (tag == TPM_ST_SESSIONS) {
   22405     UINT32 parameter_section_size = buffer.size();
   22406     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22407     if (rc != TPM_RC_SUCCESS) {
   22408       return rc;
   22409     }
   22410     if (parameter_section_size > buffer.size()) {
   22411       return TPM_RC_INSUFFICIENT;
   22412     }
   22413     authorization_section_bytes = buffer.substr(parameter_section_size);
   22414     // Keep the parameter section in |buffer|.
   22415     buffer.erase(parameter_section_size);
   22416   }
   22417   std::unique_ptr<crypto::SecureHash> hash(
   22418       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22419   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   22420   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22421   hash->Update(buffer.data(), buffer.size());
   22422   std::string response_hash(32, 0);
   22423   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   22424   if (tag == TPM_ST_SESSIONS) {
   22425     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22426     if (!authorization_delegate->CheckResponseAuthorization(
   22427             response_hash, authorization_section_bytes)) {
   22428       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22429     }
   22430   }
   22431   return TPM_RC_SUCCESS;
   22432 }
   22433 
   22434 void PolicyNVErrorCallback(const Tpm::PolicyNVResponse& callback,
   22435                            TPM_RC response_code) {
   22436   VLOG(1) << __func__;
   22437   callback.Run(response_code);
   22438 }
   22439 
   22440 void PolicyNVResponseParser(const Tpm::PolicyNVResponse& callback,
   22441                             AuthorizationDelegate* authorization_delegate,
   22442                             const std::string& response) {
   22443   VLOG(1) << __func__;
   22444   base::Callback<void(TPM_RC)> error_reporter =
   22445       base::Bind(PolicyNVErrorCallback, callback);
   22446   TPM_RC rc = Tpm::ParseResponse_PolicyNV(response, authorization_delegate);
   22447   if (rc != TPM_RC_SUCCESS) {
   22448     error_reporter.Run(rc);
   22449     return;
   22450   }
   22451   callback.Run(rc);
   22452 }
   22453 
   22454 void Tpm::PolicyNV(const TPMI_RH_NV_AUTH& auth_handle,
   22455                    const std::string& auth_handle_name,
   22456                    const TPMI_RH_NV_INDEX& nv_index,
   22457                    const std::string& nv_index_name,
   22458                    const TPMI_SH_POLICY& policy_session,
   22459                    const std::string& policy_session_name,
   22460                    const TPM2B_OPERAND& operand_b,
   22461                    const UINT16& offset,
   22462                    const TPM_EO& operation,
   22463                    AuthorizationDelegate* authorization_delegate,
   22464                    const PolicyNVResponse& callback) {
   22465   VLOG(1) << __func__;
   22466   base::Callback<void(TPM_RC)> error_reporter =
   22467       base::Bind(PolicyNVErrorCallback, callback);
   22468   base::Callback<void(const std::string&)> parser =
   22469       base::Bind(PolicyNVResponseParser, callback, authorization_delegate);
   22470   std::string command;
   22471   TPM_RC rc = SerializeCommand_PolicyNV(
   22472       auth_handle, auth_handle_name, nv_index, nv_index_name, policy_session,
   22473       policy_session_name, operand_b, offset, operation, &command,
   22474       authorization_delegate);
   22475   if (rc != TPM_RC_SUCCESS) {
   22476     error_reporter.Run(rc);
   22477     return;
   22478   }
   22479   transceiver_->SendCommand(command, parser);
   22480 }
   22481 
   22482 TPM_RC Tpm::PolicyNVSync(const TPMI_RH_NV_AUTH& auth_handle,
   22483                          const std::string& auth_handle_name,
   22484                          const TPMI_RH_NV_INDEX& nv_index,
   22485                          const std::string& nv_index_name,
   22486                          const TPMI_SH_POLICY& policy_session,
   22487                          const std::string& policy_session_name,
   22488                          const TPM2B_OPERAND& operand_b,
   22489                          const UINT16& offset,
   22490                          const TPM_EO& operation,
   22491                          AuthorizationDelegate* authorization_delegate) {
   22492   VLOG(1) << __func__;
   22493   std::string command;
   22494   TPM_RC rc = SerializeCommand_PolicyNV(
   22495       auth_handle, auth_handle_name, nv_index, nv_index_name, policy_session,
   22496       policy_session_name, operand_b, offset, operation, &command,
   22497       authorization_delegate);
   22498   if (rc != TPM_RC_SUCCESS) {
   22499     return rc;
   22500   }
   22501   std::string response = transceiver_->SendCommandAndWait(command);
   22502   rc = ParseResponse_PolicyNV(response, authorization_delegate);
   22503   return rc;
   22504 }
   22505 
   22506 TPM_RC Tpm::SerializeCommand_PolicyCounterTimer(
   22507     const TPMI_SH_POLICY& policy_session,
   22508     const std::string& policy_session_name,
   22509     const TPM2B_OPERAND& operand_b,
   22510     const UINT16& offset,
   22511     const TPM_EO& operation,
   22512     std::string* serialized_command,
   22513     AuthorizationDelegate* authorization_delegate) {
   22514   VLOG(3) << __func__;
   22515   TPM_RC rc = TPM_RC_SUCCESS;
   22516   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22517   UINT32 command_size = 10;  // Header size.
   22518   std::string handle_section_bytes;
   22519   std::string parameter_section_bytes;
   22520   TPM_CC command_code = TPM_CC_PolicyCounterTimer;
   22521   bool is_command_parameter_encryption_possible = true;
   22522   bool is_response_parameter_encryption_possible = false;
   22523   std::string command_code_bytes;
   22524   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22525   if (rc != TPM_RC_SUCCESS) {
   22526     return rc;
   22527   }
   22528   std::string policy_session_bytes;
   22529   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   22530   if (rc != TPM_RC_SUCCESS) {
   22531     return rc;
   22532   }
   22533   std::string operand_b_bytes;
   22534   rc = Serialize_TPM2B_OPERAND(operand_b, &operand_b_bytes);
   22535   if (rc != TPM_RC_SUCCESS) {
   22536     return rc;
   22537   }
   22538   std::string offset_bytes;
   22539   rc = Serialize_UINT16(offset, &offset_bytes);
   22540   if (rc != TPM_RC_SUCCESS) {
   22541     return rc;
   22542   }
   22543   std::string operation_bytes;
   22544   rc = Serialize_TPM_EO(operation, &operation_bytes);
   22545   if (rc != TPM_RC_SUCCESS) {
   22546     return rc;
   22547   }
   22548   if (authorization_delegate) {
   22549     // Encrypt just the parameter data, not the size.
   22550     std::string tmp = operand_b_bytes.substr(2);
   22551     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   22552       return TRUNKS_RC_ENCRYPTION_FAILED;
   22553     }
   22554     operand_b_bytes.replace(2, std::string::npos, tmp);
   22555   }
   22556   std::unique_ptr<crypto::SecureHash> hash(
   22557       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22558   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22559   hash->Update(policy_session_name.data(), policy_session_name.size());
   22560   handle_section_bytes += policy_session_bytes;
   22561   command_size += policy_session_bytes.size();
   22562   hash->Update(operand_b_bytes.data(), operand_b_bytes.size());
   22563   parameter_section_bytes += operand_b_bytes;
   22564   command_size += operand_b_bytes.size();
   22565   hash->Update(offset_bytes.data(), offset_bytes.size());
   22566   parameter_section_bytes += offset_bytes;
   22567   command_size += offset_bytes.size();
   22568   hash->Update(operation_bytes.data(), operation_bytes.size());
   22569   parameter_section_bytes += operation_bytes;
   22570   command_size += operation_bytes.size();
   22571   std::string command_hash(32, 0);
   22572   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   22573   std::string authorization_section_bytes;
   22574   std::string authorization_size_bytes;
   22575   if (authorization_delegate) {
   22576     if (!authorization_delegate->GetCommandAuthorization(
   22577             command_hash, is_command_parameter_encryption_possible,
   22578             is_response_parameter_encryption_possible,
   22579             &authorization_section_bytes)) {
   22580       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22581     }
   22582     if (!authorization_section_bytes.empty()) {
   22583       tag = TPM_ST_SESSIONS;
   22584       std::string tmp;
   22585       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22586                             &authorization_size_bytes);
   22587       if (rc != TPM_RC_SUCCESS) {
   22588         return rc;
   22589       }
   22590       command_size +=
   22591           authorization_size_bytes.size() + authorization_section_bytes.size();
   22592     }
   22593   }
   22594   std::string tag_bytes;
   22595   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   22596   if (rc != TPM_RC_SUCCESS) {
   22597     return rc;
   22598   }
   22599   std::string command_size_bytes;
   22600   rc = Serialize_UINT32(command_size, &command_size_bytes);
   22601   if (rc != TPM_RC_SUCCESS) {
   22602     return rc;
   22603   }
   22604   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   22605                         handle_section_bytes + authorization_size_bytes +
   22606                         authorization_section_bytes + parameter_section_bytes;
   22607   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22608   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22609                                             serialized_command->size());
   22610   return TPM_RC_SUCCESS;
   22611 }
   22612 
   22613 TPM_RC Tpm::ParseResponse_PolicyCounterTimer(
   22614     const std::string& response,
   22615     AuthorizationDelegate* authorization_delegate) {
   22616   VLOG(3) << __func__;
   22617   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22618   TPM_RC rc = TPM_RC_SUCCESS;
   22619   std::string buffer(response);
   22620   TPM_ST tag;
   22621   std::string tag_bytes;
   22622   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   22623   if (rc != TPM_RC_SUCCESS) {
   22624     return rc;
   22625   }
   22626   UINT32 response_size;
   22627   std::string response_size_bytes;
   22628   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   22629   if (rc != TPM_RC_SUCCESS) {
   22630     return rc;
   22631   }
   22632   TPM_RC response_code;
   22633   std::string response_code_bytes;
   22634   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   22635   if (rc != TPM_RC_SUCCESS) {
   22636     return rc;
   22637   }
   22638   if (response_size != response.size()) {
   22639     return TPM_RC_SIZE;
   22640   }
   22641   if (response_code != TPM_RC_SUCCESS) {
   22642     return response_code;
   22643   }
   22644   TPM_CC command_code = TPM_CC_PolicyCounterTimer;
   22645   std::string command_code_bytes;
   22646   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22647   if (rc != TPM_RC_SUCCESS) {
   22648     return rc;
   22649   }
   22650   std::string authorization_section_bytes;
   22651   if (tag == TPM_ST_SESSIONS) {
   22652     UINT32 parameter_section_size = buffer.size();
   22653     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22654     if (rc != TPM_RC_SUCCESS) {
   22655       return rc;
   22656     }
   22657     if (parameter_section_size > buffer.size()) {
   22658       return TPM_RC_INSUFFICIENT;
   22659     }
   22660     authorization_section_bytes = buffer.substr(parameter_section_size);
   22661     // Keep the parameter section in |buffer|.
   22662     buffer.erase(parameter_section_size);
   22663   }
   22664   std::unique_ptr<crypto::SecureHash> hash(
   22665       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22666   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   22667   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22668   hash->Update(buffer.data(), buffer.size());
   22669   std::string response_hash(32, 0);
   22670   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   22671   if (tag == TPM_ST_SESSIONS) {
   22672     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22673     if (!authorization_delegate->CheckResponseAuthorization(
   22674             response_hash, authorization_section_bytes)) {
   22675       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22676     }
   22677   }
   22678   return TPM_RC_SUCCESS;
   22679 }
   22680 
   22681 void PolicyCounterTimerErrorCallback(
   22682     const Tpm::PolicyCounterTimerResponse& callback,
   22683     TPM_RC response_code) {
   22684   VLOG(1) << __func__;
   22685   callback.Run(response_code);
   22686 }
   22687 
   22688 void PolicyCounterTimerResponseParser(
   22689     const Tpm::PolicyCounterTimerResponse& callback,
   22690     AuthorizationDelegate* authorization_delegate,
   22691     const std::string& response) {
   22692   VLOG(1) << __func__;
   22693   base::Callback<void(TPM_RC)> error_reporter =
   22694       base::Bind(PolicyCounterTimerErrorCallback, callback);
   22695   TPM_RC rc =
   22696       Tpm::ParseResponse_PolicyCounterTimer(response, authorization_delegate);
   22697   if (rc != TPM_RC_SUCCESS) {
   22698     error_reporter.Run(rc);
   22699     return;
   22700   }
   22701   callback.Run(rc);
   22702 }
   22703 
   22704 void Tpm::PolicyCounterTimer(const TPMI_SH_POLICY& policy_session,
   22705                              const std::string& policy_session_name,
   22706                              const TPM2B_OPERAND& operand_b,
   22707                              const UINT16& offset,
   22708                              const TPM_EO& operation,
   22709                              AuthorizationDelegate* authorization_delegate,
   22710                              const PolicyCounterTimerResponse& callback) {
   22711   VLOG(1) << __func__;
   22712   base::Callback<void(TPM_RC)> error_reporter =
   22713       base::Bind(PolicyCounterTimerErrorCallback, callback);
   22714   base::Callback<void(const std::string&)> parser = base::Bind(
   22715       PolicyCounterTimerResponseParser, callback, authorization_delegate);
   22716   std::string command;
   22717   TPM_RC rc = SerializeCommand_PolicyCounterTimer(
   22718       policy_session, policy_session_name, operand_b, offset, operation,
   22719       &command, authorization_delegate);
   22720   if (rc != TPM_RC_SUCCESS) {
   22721     error_reporter.Run(rc);
   22722     return;
   22723   }
   22724   transceiver_->SendCommand(command, parser);
   22725 }
   22726 
   22727 TPM_RC Tpm::PolicyCounterTimerSync(
   22728     const TPMI_SH_POLICY& policy_session,
   22729     const std::string& policy_session_name,
   22730     const TPM2B_OPERAND& operand_b,
   22731     const UINT16& offset,
   22732     const TPM_EO& operation,
   22733     AuthorizationDelegate* authorization_delegate) {
   22734   VLOG(1) << __func__;
   22735   std::string command;
   22736   TPM_RC rc = SerializeCommand_PolicyCounterTimer(
   22737       policy_session, policy_session_name, operand_b, offset, operation,
   22738       &command, authorization_delegate);
   22739   if (rc != TPM_RC_SUCCESS) {
   22740     return rc;
   22741   }
   22742   std::string response = transceiver_->SendCommandAndWait(command);
   22743   rc = ParseResponse_PolicyCounterTimer(response, authorization_delegate);
   22744   return rc;
   22745 }
   22746 
   22747 TPM_RC Tpm::SerializeCommand_PolicyCommandCode(
   22748     const TPMI_SH_POLICY& policy_session,
   22749     const std::string& policy_session_name,
   22750     const TPM_CC& code,
   22751     std::string* serialized_command,
   22752     AuthorizationDelegate* authorization_delegate) {
   22753   VLOG(3) << __func__;
   22754   TPM_RC rc = TPM_RC_SUCCESS;
   22755   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22756   UINT32 command_size = 10;  // Header size.
   22757   std::string handle_section_bytes;
   22758   std::string parameter_section_bytes;
   22759   TPM_CC command_code = TPM_CC_PolicyCommandCode;
   22760   bool is_command_parameter_encryption_possible = false;
   22761   bool is_response_parameter_encryption_possible = false;
   22762   std::string command_code_bytes;
   22763   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22764   if (rc != TPM_RC_SUCCESS) {
   22765     return rc;
   22766   }
   22767   std::string policy_session_bytes;
   22768   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   22769   if (rc != TPM_RC_SUCCESS) {
   22770     return rc;
   22771   }
   22772   std::string code_bytes;
   22773   rc = Serialize_TPM_CC(code, &code_bytes);
   22774   if (rc != TPM_RC_SUCCESS) {
   22775     return rc;
   22776   }
   22777   std::unique_ptr<crypto::SecureHash> hash(
   22778       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22779   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22780   hash->Update(policy_session_name.data(), policy_session_name.size());
   22781   handle_section_bytes += policy_session_bytes;
   22782   command_size += policy_session_bytes.size();
   22783   hash->Update(code_bytes.data(), code_bytes.size());
   22784   parameter_section_bytes += code_bytes;
   22785   command_size += code_bytes.size();
   22786   std::string command_hash(32, 0);
   22787   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   22788   std::string authorization_section_bytes;
   22789   std::string authorization_size_bytes;
   22790   if (authorization_delegate) {
   22791     if (!authorization_delegate->GetCommandAuthorization(
   22792             command_hash, is_command_parameter_encryption_possible,
   22793             is_response_parameter_encryption_possible,
   22794             &authorization_section_bytes)) {
   22795       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22796     }
   22797     if (!authorization_section_bytes.empty()) {
   22798       tag = TPM_ST_SESSIONS;
   22799       std::string tmp;
   22800       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22801                             &authorization_size_bytes);
   22802       if (rc != TPM_RC_SUCCESS) {
   22803         return rc;
   22804       }
   22805       command_size +=
   22806           authorization_size_bytes.size() + authorization_section_bytes.size();
   22807     }
   22808   }
   22809   std::string tag_bytes;
   22810   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   22811   if (rc != TPM_RC_SUCCESS) {
   22812     return rc;
   22813   }
   22814   std::string command_size_bytes;
   22815   rc = Serialize_UINT32(command_size, &command_size_bytes);
   22816   if (rc != TPM_RC_SUCCESS) {
   22817     return rc;
   22818   }
   22819   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   22820                         handle_section_bytes + authorization_size_bytes +
   22821                         authorization_section_bytes + parameter_section_bytes;
   22822   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22823   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22824                                             serialized_command->size());
   22825   return TPM_RC_SUCCESS;
   22826 }
   22827 
   22828 TPM_RC Tpm::ParseResponse_PolicyCommandCode(
   22829     const std::string& response,
   22830     AuthorizationDelegate* authorization_delegate) {
   22831   VLOG(3) << __func__;
   22832   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22833   TPM_RC rc = TPM_RC_SUCCESS;
   22834   std::string buffer(response);
   22835   TPM_ST tag;
   22836   std::string tag_bytes;
   22837   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   22838   if (rc != TPM_RC_SUCCESS) {
   22839     return rc;
   22840   }
   22841   UINT32 response_size;
   22842   std::string response_size_bytes;
   22843   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   22844   if (rc != TPM_RC_SUCCESS) {
   22845     return rc;
   22846   }
   22847   TPM_RC response_code;
   22848   std::string response_code_bytes;
   22849   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   22850   if (rc != TPM_RC_SUCCESS) {
   22851     return rc;
   22852   }
   22853   if (response_size != response.size()) {
   22854     return TPM_RC_SIZE;
   22855   }
   22856   if (response_code != TPM_RC_SUCCESS) {
   22857     return response_code;
   22858   }
   22859   TPM_CC command_code = TPM_CC_PolicyCommandCode;
   22860   std::string command_code_bytes;
   22861   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22862   if (rc != TPM_RC_SUCCESS) {
   22863     return rc;
   22864   }
   22865   std::string authorization_section_bytes;
   22866   if (tag == TPM_ST_SESSIONS) {
   22867     UINT32 parameter_section_size = buffer.size();
   22868     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22869     if (rc != TPM_RC_SUCCESS) {
   22870       return rc;
   22871     }
   22872     if (parameter_section_size > buffer.size()) {
   22873       return TPM_RC_INSUFFICIENT;
   22874     }
   22875     authorization_section_bytes = buffer.substr(parameter_section_size);
   22876     // Keep the parameter section in |buffer|.
   22877     buffer.erase(parameter_section_size);
   22878   }
   22879   std::unique_ptr<crypto::SecureHash> hash(
   22880       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22881   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   22882   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22883   hash->Update(buffer.data(), buffer.size());
   22884   std::string response_hash(32, 0);
   22885   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   22886   if (tag == TPM_ST_SESSIONS) {
   22887     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22888     if (!authorization_delegate->CheckResponseAuthorization(
   22889             response_hash, authorization_section_bytes)) {
   22890       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22891     }
   22892   }
   22893   return TPM_RC_SUCCESS;
   22894 }
   22895 
   22896 void PolicyCommandCodeErrorCallback(
   22897     const Tpm::PolicyCommandCodeResponse& callback,
   22898     TPM_RC response_code) {
   22899   VLOG(1) << __func__;
   22900   callback.Run(response_code);
   22901 }
   22902 
   22903 void PolicyCommandCodeResponseParser(
   22904     const Tpm::PolicyCommandCodeResponse& callback,
   22905     AuthorizationDelegate* authorization_delegate,
   22906     const std::string& response) {
   22907   VLOG(1) << __func__;
   22908   base::Callback<void(TPM_RC)> error_reporter =
   22909       base::Bind(PolicyCommandCodeErrorCallback, callback);
   22910   TPM_RC rc =
   22911       Tpm::ParseResponse_PolicyCommandCode(response, authorization_delegate);
   22912   if (rc != TPM_RC_SUCCESS) {
   22913     error_reporter.Run(rc);
   22914     return;
   22915   }
   22916   callback.Run(rc);
   22917 }
   22918 
   22919 void Tpm::PolicyCommandCode(const TPMI_SH_POLICY& policy_session,
   22920                             const std::string& policy_session_name,
   22921                             const TPM_CC& code,
   22922                             AuthorizationDelegate* authorization_delegate,
   22923                             const PolicyCommandCodeResponse& callback) {
   22924   VLOG(1) << __func__;
   22925   base::Callback<void(TPM_RC)> error_reporter =
   22926       base::Bind(PolicyCommandCodeErrorCallback, callback);
   22927   base::Callback<void(const std::string&)> parser = base::Bind(
   22928       PolicyCommandCodeResponseParser, callback, authorization_delegate);
   22929   std::string command;
   22930   TPM_RC rc = SerializeCommand_PolicyCommandCode(
   22931       policy_session, policy_session_name, code, &command,
   22932       authorization_delegate);
   22933   if (rc != TPM_RC_SUCCESS) {
   22934     error_reporter.Run(rc);
   22935     return;
   22936   }
   22937   transceiver_->SendCommand(command, parser);
   22938 }
   22939 
   22940 TPM_RC Tpm::PolicyCommandCodeSync(
   22941     const TPMI_SH_POLICY& policy_session,
   22942     const std::string& policy_session_name,
   22943     const TPM_CC& code,
   22944     AuthorizationDelegate* authorization_delegate) {
   22945   VLOG(1) << __func__;
   22946   std::string command;
   22947   TPM_RC rc = SerializeCommand_PolicyCommandCode(
   22948       policy_session, policy_session_name, code, &command,
   22949       authorization_delegate);
   22950   if (rc != TPM_RC_SUCCESS) {
   22951     return rc;
   22952   }
   22953   std::string response = transceiver_->SendCommandAndWait(command);
   22954   rc = ParseResponse_PolicyCommandCode(response, authorization_delegate);
   22955   return rc;
   22956 }
   22957 
   22958 TPM_RC Tpm::SerializeCommand_PolicyPhysicalPresence(
   22959     const TPMI_SH_POLICY& policy_session,
   22960     const std::string& policy_session_name,
   22961     std::string* serialized_command,
   22962     AuthorizationDelegate* authorization_delegate) {
   22963   VLOG(3) << __func__;
   22964   TPM_RC rc = TPM_RC_SUCCESS;
   22965   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22966   UINT32 command_size = 10;  // Header size.
   22967   std::string handle_section_bytes;
   22968   std::string parameter_section_bytes;
   22969   TPM_CC command_code = TPM_CC_PolicyPhysicalPresence;
   22970   bool is_command_parameter_encryption_possible = false;
   22971   bool is_response_parameter_encryption_possible = false;
   22972   std::string command_code_bytes;
   22973   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   22974   if (rc != TPM_RC_SUCCESS) {
   22975     return rc;
   22976   }
   22977   std::string policy_session_bytes;
   22978   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   22979   if (rc != TPM_RC_SUCCESS) {
   22980     return rc;
   22981   }
   22982   std::unique_ptr<crypto::SecureHash> hash(
   22983       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   22984   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   22985   hash->Update(policy_session_name.data(), policy_session_name.size());
   22986   handle_section_bytes += policy_session_bytes;
   22987   command_size += policy_session_bytes.size();
   22988   std::string command_hash(32, 0);
   22989   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   22990   std::string authorization_section_bytes;
   22991   std::string authorization_size_bytes;
   22992   if (authorization_delegate) {
   22993     if (!authorization_delegate->GetCommandAuthorization(
   22994             command_hash, is_command_parameter_encryption_possible,
   22995             is_response_parameter_encryption_possible,
   22996             &authorization_section_bytes)) {
   22997       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22998     }
   22999     if (!authorization_section_bytes.empty()) {
   23000       tag = TPM_ST_SESSIONS;
   23001       std::string tmp;
   23002       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23003                             &authorization_size_bytes);
   23004       if (rc != TPM_RC_SUCCESS) {
   23005         return rc;
   23006       }
   23007       command_size +=
   23008           authorization_size_bytes.size() + authorization_section_bytes.size();
   23009     }
   23010   }
   23011   std::string tag_bytes;
   23012   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   23013   if (rc != TPM_RC_SUCCESS) {
   23014     return rc;
   23015   }
   23016   std::string command_size_bytes;
   23017   rc = Serialize_UINT32(command_size, &command_size_bytes);
   23018   if (rc != TPM_RC_SUCCESS) {
   23019     return rc;
   23020   }
   23021   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   23022                         handle_section_bytes + authorization_size_bytes +
   23023                         authorization_section_bytes + parameter_section_bytes;
   23024   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23025   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23026                                             serialized_command->size());
   23027   return TPM_RC_SUCCESS;
   23028 }
   23029 
   23030 TPM_RC Tpm::ParseResponse_PolicyPhysicalPresence(
   23031     const std::string& response,
   23032     AuthorizationDelegate* authorization_delegate) {
   23033   VLOG(3) << __func__;
   23034   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23035   TPM_RC rc = TPM_RC_SUCCESS;
   23036   std::string buffer(response);
   23037   TPM_ST tag;
   23038   std::string tag_bytes;
   23039   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   23040   if (rc != TPM_RC_SUCCESS) {
   23041     return rc;
   23042   }
   23043   UINT32 response_size;
   23044   std::string response_size_bytes;
   23045   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   23046   if (rc != TPM_RC_SUCCESS) {
   23047     return rc;
   23048   }
   23049   TPM_RC response_code;
   23050   std::string response_code_bytes;
   23051   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   23052   if (rc != TPM_RC_SUCCESS) {
   23053     return rc;
   23054   }
   23055   if (response_size != response.size()) {
   23056     return TPM_RC_SIZE;
   23057   }
   23058   if (response_code != TPM_RC_SUCCESS) {
   23059     return response_code;
   23060   }
   23061   TPM_CC command_code = TPM_CC_PolicyPhysicalPresence;
   23062   std::string command_code_bytes;
   23063   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23064   if (rc != TPM_RC_SUCCESS) {
   23065     return rc;
   23066   }
   23067   std::string authorization_section_bytes;
   23068   if (tag == TPM_ST_SESSIONS) {
   23069     UINT32 parameter_section_size = buffer.size();
   23070     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23071     if (rc != TPM_RC_SUCCESS) {
   23072       return rc;
   23073     }
   23074     if (parameter_section_size > buffer.size()) {
   23075       return TPM_RC_INSUFFICIENT;
   23076     }
   23077     authorization_section_bytes = buffer.substr(parameter_section_size);
   23078     // Keep the parameter section in |buffer|.
   23079     buffer.erase(parameter_section_size);
   23080   }
   23081   std::unique_ptr<crypto::SecureHash> hash(
   23082       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23083   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   23084   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23085   hash->Update(buffer.data(), buffer.size());
   23086   std::string response_hash(32, 0);
   23087   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   23088   if (tag == TPM_ST_SESSIONS) {
   23089     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23090     if (!authorization_delegate->CheckResponseAuthorization(
   23091             response_hash, authorization_section_bytes)) {
   23092       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23093     }
   23094   }
   23095   return TPM_RC_SUCCESS;
   23096 }
   23097 
   23098 void PolicyPhysicalPresenceErrorCallback(
   23099     const Tpm::PolicyPhysicalPresenceResponse& callback,
   23100     TPM_RC response_code) {
   23101   VLOG(1) << __func__;
   23102   callback.Run(response_code);
   23103 }
   23104 
   23105 void PolicyPhysicalPresenceResponseParser(
   23106     const Tpm::PolicyPhysicalPresenceResponse& callback,
   23107     AuthorizationDelegate* authorization_delegate,
   23108     const std::string& response) {
   23109   VLOG(1) << __func__;
   23110   base::Callback<void(TPM_RC)> error_reporter =
   23111       base::Bind(PolicyPhysicalPresenceErrorCallback, callback);
   23112   TPM_RC rc = Tpm::ParseResponse_PolicyPhysicalPresence(response,
   23113                                                         authorization_delegate);
   23114   if (rc != TPM_RC_SUCCESS) {
   23115     error_reporter.Run(rc);
   23116     return;
   23117   }
   23118   callback.Run(rc);
   23119 }
   23120 
   23121 void Tpm::PolicyPhysicalPresence(
   23122     const TPMI_SH_POLICY& policy_session,
   23123     const std::string& policy_session_name,
   23124     AuthorizationDelegate* authorization_delegate,
   23125     const PolicyPhysicalPresenceResponse& callback) {
   23126   VLOG(1) << __func__;
   23127   base::Callback<void(TPM_RC)> error_reporter =
   23128       base::Bind(PolicyPhysicalPresenceErrorCallback, callback);
   23129   base::Callback<void(const std::string&)> parser = base::Bind(
   23130       PolicyPhysicalPresenceResponseParser, callback, authorization_delegate);
   23131   std::string command;
   23132   TPM_RC rc = SerializeCommand_PolicyPhysicalPresence(
   23133       policy_session, policy_session_name, &command, authorization_delegate);
   23134   if (rc != TPM_RC_SUCCESS) {
   23135     error_reporter.Run(rc);
   23136     return;
   23137   }
   23138   transceiver_->SendCommand(command, parser);
   23139 }
   23140 
   23141 TPM_RC Tpm::PolicyPhysicalPresenceSync(
   23142     const TPMI_SH_POLICY& policy_session,
   23143     const std::string& policy_session_name,
   23144     AuthorizationDelegate* authorization_delegate) {
   23145   VLOG(1) << __func__;
   23146   std::string command;
   23147   TPM_RC rc = SerializeCommand_PolicyPhysicalPresence(
   23148       policy_session, policy_session_name, &command, authorization_delegate);
   23149   if (rc != TPM_RC_SUCCESS) {
   23150     return rc;
   23151   }
   23152   std::string response = transceiver_->SendCommandAndWait(command);
   23153   rc = ParseResponse_PolicyPhysicalPresence(response, authorization_delegate);
   23154   return rc;
   23155 }
   23156 
   23157 TPM_RC Tpm::SerializeCommand_PolicyCpHash(
   23158     const TPMI_SH_POLICY& policy_session,
   23159     const std::string& policy_session_name,
   23160     const TPM2B_DIGEST& cp_hash_a,
   23161     std::string* serialized_command,
   23162     AuthorizationDelegate* authorization_delegate) {
   23163   VLOG(3) << __func__;
   23164   TPM_RC rc = TPM_RC_SUCCESS;
   23165   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23166   UINT32 command_size = 10;  // Header size.
   23167   std::string handle_section_bytes;
   23168   std::string parameter_section_bytes;
   23169   TPM_CC command_code = TPM_CC_PolicyCpHash;
   23170   bool is_command_parameter_encryption_possible = true;
   23171   bool is_response_parameter_encryption_possible = false;
   23172   std::string command_code_bytes;
   23173   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23174   if (rc != TPM_RC_SUCCESS) {
   23175     return rc;
   23176   }
   23177   std::string policy_session_bytes;
   23178   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   23179   if (rc != TPM_RC_SUCCESS) {
   23180     return rc;
   23181   }
   23182   std::string cp_hash_a_bytes;
   23183   rc = Serialize_TPM2B_DIGEST(cp_hash_a, &cp_hash_a_bytes);
   23184   if (rc != TPM_RC_SUCCESS) {
   23185     return rc;
   23186   }
   23187   if (authorization_delegate) {
   23188     // Encrypt just the parameter data, not the size.
   23189     std::string tmp = cp_hash_a_bytes.substr(2);
   23190     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   23191       return TRUNKS_RC_ENCRYPTION_FAILED;
   23192     }
   23193     cp_hash_a_bytes.replace(2, std::string::npos, tmp);
   23194   }
   23195   std::unique_ptr<crypto::SecureHash> hash(
   23196       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23197   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23198   hash->Update(policy_session_name.data(), policy_session_name.size());
   23199   handle_section_bytes += policy_session_bytes;
   23200   command_size += policy_session_bytes.size();
   23201   hash->Update(cp_hash_a_bytes.data(), cp_hash_a_bytes.size());
   23202   parameter_section_bytes += cp_hash_a_bytes;
   23203   command_size += cp_hash_a_bytes.size();
   23204   std::string command_hash(32, 0);
   23205   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   23206   std::string authorization_section_bytes;
   23207   std::string authorization_size_bytes;
   23208   if (authorization_delegate) {
   23209     if (!authorization_delegate->GetCommandAuthorization(
   23210             command_hash, is_command_parameter_encryption_possible,
   23211             is_response_parameter_encryption_possible,
   23212             &authorization_section_bytes)) {
   23213       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23214     }
   23215     if (!authorization_section_bytes.empty()) {
   23216       tag = TPM_ST_SESSIONS;
   23217       std::string tmp;
   23218       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23219                             &authorization_size_bytes);
   23220       if (rc != TPM_RC_SUCCESS) {
   23221         return rc;
   23222       }
   23223       command_size +=
   23224           authorization_size_bytes.size() + authorization_section_bytes.size();
   23225     }
   23226   }
   23227   std::string tag_bytes;
   23228   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   23229   if (rc != TPM_RC_SUCCESS) {
   23230     return rc;
   23231   }
   23232   std::string command_size_bytes;
   23233   rc = Serialize_UINT32(command_size, &command_size_bytes);
   23234   if (rc != TPM_RC_SUCCESS) {
   23235     return rc;
   23236   }
   23237   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   23238                         handle_section_bytes + authorization_size_bytes +
   23239                         authorization_section_bytes + parameter_section_bytes;
   23240   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23241   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23242                                             serialized_command->size());
   23243   return TPM_RC_SUCCESS;
   23244 }
   23245 
   23246 TPM_RC Tpm::ParseResponse_PolicyCpHash(
   23247     const std::string& response,
   23248     AuthorizationDelegate* authorization_delegate) {
   23249   VLOG(3) << __func__;
   23250   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23251   TPM_RC rc = TPM_RC_SUCCESS;
   23252   std::string buffer(response);
   23253   TPM_ST tag;
   23254   std::string tag_bytes;
   23255   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   23256   if (rc != TPM_RC_SUCCESS) {
   23257     return rc;
   23258   }
   23259   UINT32 response_size;
   23260   std::string response_size_bytes;
   23261   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   23262   if (rc != TPM_RC_SUCCESS) {
   23263     return rc;
   23264   }
   23265   TPM_RC response_code;
   23266   std::string response_code_bytes;
   23267   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   23268   if (rc != TPM_RC_SUCCESS) {
   23269     return rc;
   23270   }
   23271   if (response_size != response.size()) {
   23272     return TPM_RC_SIZE;
   23273   }
   23274   if (response_code != TPM_RC_SUCCESS) {
   23275     return response_code;
   23276   }
   23277   TPM_CC command_code = TPM_CC_PolicyCpHash;
   23278   std::string command_code_bytes;
   23279   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23280   if (rc != TPM_RC_SUCCESS) {
   23281     return rc;
   23282   }
   23283   std::string authorization_section_bytes;
   23284   if (tag == TPM_ST_SESSIONS) {
   23285     UINT32 parameter_section_size = buffer.size();
   23286     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23287     if (rc != TPM_RC_SUCCESS) {
   23288       return rc;
   23289     }
   23290     if (parameter_section_size > buffer.size()) {
   23291       return TPM_RC_INSUFFICIENT;
   23292     }
   23293     authorization_section_bytes = buffer.substr(parameter_section_size);
   23294     // Keep the parameter section in |buffer|.
   23295     buffer.erase(parameter_section_size);
   23296   }
   23297   std::unique_ptr<crypto::SecureHash> hash(
   23298       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23299   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   23300   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23301   hash->Update(buffer.data(), buffer.size());
   23302   std::string response_hash(32, 0);
   23303   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   23304   if (tag == TPM_ST_SESSIONS) {
   23305     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23306     if (!authorization_delegate->CheckResponseAuthorization(
   23307             response_hash, authorization_section_bytes)) {
   23308       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23309     }
   23310   }
   23311   return TPM_RC_SUCCESS;
   23312 }
   23313 
   23314 void PolicyCpHashErrorCallback(const Tpm::PolicyCpHashResponse& callback,
   23315                                TPM_RC response_code) {
   23316   VLOG(1) << __func__;
   23317   callback.Run(response_code);
   23318 }
   23319 
   23320 void PolicyCpHashResponseParser(const Tpm::PolicyCpHashResponse& callback,
   23321                                 AuthorizationDelegate* authorization_delegate,
   23322                                 const std::string& response) {
   23323   VLOG(1) << __func__;
   23324   base::Callback<void(TPM_RC)> error_reporter =
   23325       base::Bind(PolicyCpHashErrorCallback, callback);
   23326   TPM_RC rc = Tpm::ParseResponse_PolicyCpHash(response, authorization_delegate);
   23327   if (rc != TPM_RC_SUCCESS) {
   23328     error_reporter.Run(rc);
   23329     return;
   23330   }
   23331   callback.Run(rc);
   23332 }
   23333 
   23334 void Tpm::PolicyCpHash(const TPMI_SH_POLICY& policy_session,
   23335                        const std::string& policy_session_name,
   23336                        const TPM2B_DIGEST& cp_hash_a,
   23337                        AuthorizationDelegate* authorization_delegate,
   23338                        const PolicyCpHashResponse& callback) {
   23339   VLOG(1) << __func__;
   23340   base::Callback<void(TPM_RC)> error_reporter =
   23341       base::Bind(PolicyCpHashErrorCallback, callback);
   23342   base::Callback<void(const std::string&)> parser =
   23343       base::Bind(PolicyCpHashResponseParser, callback, authorization_delegate);
   23344   std::string command;
   23345   TPM_RC rc = SerializeCommand_PolicyCpHash(policy_session, policy_session_name,
   23346                                             cp_hash_a, &command,
   23347                                             authorization_delegate);
   23348   if (rc != TPM_RC_SUCCESS) {
   23349     error_reporter.Run(rc);
   23350     return;
   23351   }
   23352   transceiver_->SendCommand(command, parser);
   23353 }
   23354 
   23355 TPM_RC Tpm::PolicyCpHashSync(const TPMI_SH_POLICY& policy_session,
   23356                              const std::string& policy_session_name,
   23357                              const TPM2B_DIGEST& cp_hash_a,
   23358                              AuthorizationDelegate* authorization_delegate) {
   23359   VLOG(1) << __func__;
   23360   std::string command;
   23361   TPM_RC rc = SerializeCommand_PolicyCpHash(policy_session, policy_session_name,
   23362                                             cp_hash_a, &command,
   23363                                             authorization_delegate);
   23364   if (rc != TPM_RC_SUCCESS) {
   23365     return rc;
   23366   }
   23367   std::string response = transceiver_->SendCommandAndWait(command);
   23368   rc = ParseResponse_PolicyCpHash(response, authorization_delegate);
   23369   return rc;
   23370 }
   23371 
   23372 TPM_RC Tpm::SerializeCommand_PolicyNameHash(
   23373     const TPMI_SH_POLICY& policy_session,
   23374     const std::string& policy_session_name,
   23375     const TPM2B_DIGEST& name_hash,
   23376     std::string* serialized_command,
   23377     AuthorizationDelegate* authorization_delegate) {
   23378   VLOG(3) << __func__;
   23379   TPM_RC rc = TPM_RC_SUCCESS;
   23380   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23381   UINT32 command_size = 10;  // Header size.
   23382   std::string handle_section_bytes;
   23383   std::string parameter_section_bytes;
   23384   TPM_CC command_code = TPM_CC_PolicyNameHash;
   23385   bool is_command_parameter_encryption_possible = true;
   23386   bool is_response_parameter_encryption_possible = false;
   23387   std::string command_code_bytes;
   23388   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23389   if (rc != TPM_RC_SUCCESS) {
   23390     return rc;
   23391   }
   23392   std::string policy_session_bytes;
   23393   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   23394   if (rc != TPM_RC_SUCCESS) {
   23395     return rc;
   23396   }
   23397   std::string name_hash_bytes;
   23398   rc = Serialize_TPM2B_DIGEST(name_hash, &name_hash_bytes);
   23399   if (rc != TPM_RC_SUCCESS) {
   23400     return rc;
   23401   }
   23402   if (authorization_delegate) {
   23403     // Encrypt just the parameter data, not the size.
   23404     std::string tmp = name_hash_bytes.substr(2);
   23405     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   23406       return TRUNKS_RC_ENCRYPTION_FAILED;
   23407     }
   23408     name_hash_bytes.replace(2, std::string::npos, tmp);
   23409   }
   23410   std::unique_ptr<crypto::SecureHash> hash(
   23411       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23412   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23413   hash->Update(policy_session_name.data(), policy_session_name.size());
   23414   handle_section_bytes += policy_session_bytes;
   23415   command_size += policy_session_bytes.size();
   23416   hash->Update(name_hash_bytes.data(), name_hash_bytes.size());
   23417   parameter_section_bytes += name_hash_bytes;
   23418   command_size += name_hash_bytes.size();
   23419   std::string command_hash(32, 0);
   23420   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   23421   std::string authorization_section_bytes;
   23422   std::string authorization_size_bytes;
   23423   if (authorization_delegate) {
   23424     if (!authorization_delegate->GetCommandAuthorization(
   23425             command_hash, is_command_parameter_encryption_possible,
   23426             is_response_parameter_encryption_possible,
   23427             &authorization_section_bytes)) {
   23428       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23429     }
   23430     if (!authorization_section_bytes.empty()) {
   23431       tag = TPM_ST_SESSIONS;
   23432       std::string tmp;
   23433       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23434                             &authorization_size_bytes);
   23435       if (rc != TPM_RC_SUCCESS) {
   23436         return rc;
   23437       }
   23438       command_size +=
   23439           authorization_size_bytes.size() + authorization_section_bytes.size();
   23440     }
   23441   }
   23442   std::string tag_bytes;
   23443   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   23444   if (rc != TPM_RC_SUCCESS) {
   23445     return rc;
   23446   }
   23447   std::string command_size_bytes;
   23448   rc = Serialize_UINT32(command_size, &command_size_bytes);
   23449   if (rc != TPM_RC_SUCCESS) {
   23450     return rc;
   23451   }
   23452   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   23453                         handle_section_bytes + authorization_size_bytes +
   23454                         authorization_section_bytes + parameter_section_bytes;
   23455   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23456   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23457                                             serialized_command->size());
   23458   return TPM_RC_SUCCESS;
   23459 }
   23460 
   23461 TPM_RC Tpm::ParseResponse_PolicyNameHash(
   23462     const std::string& response,
   23463     AuthorizationDelegate* authorization_delegate) {
   23464   VLOG(3) << __func__;
   23465   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23466   TPM_RC rc = TPM_RC_SUCCESS;
   23467   std::string buffer(response);
   23468   TPM_ST tag;
   23469   std::string tag_bytes;
   23470   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   23471   if (rc != TPM_RC_SUCCESS) {
   23472     return rc;
   23473   }
   23474   UINT32 response_size;
   23475   std::string response_size_bytes;
   23476   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   23477   if (rc != TPM_RC_SUCCESS) {
   23478     return rc;
   23479   }
   23480   TPM_RC response_code;
   23481   std::string response_code_bytes;
   23482   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   23483   if (rc != TPM_RC_SUCCESS) {
   23484     return rc;
   23485   }
   23486   if (response_size != response.size()) {
   23487     return TPM_RC_SIZE;
   23488   }
   23489   if (response_code != TPM_RC_SUCCESS) {
   23490     return response_code;
   23491   }
   23492   TPM_CC command_code = TPM_CC_PolicyNameHash;
   23493   std::string command_code_bytes;
   23494   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23495   if (rc != TPM_RC_SUCCESS) {
   23496     return rc;
   23497   }
   23498   std::string authorization_section_bytes;
   23499   if (tag == TPM_ST_SESSIONS) {
   23500     UINT32 parameter_section_size = buffer.size();
   23501     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23502     if (rc != TPM_RC_SUCCESS) {
   23503       return rc;
   23504     }
   23505     if (parameter_section_size > buffer.size()) {
   23506       return TPM_RC_INSUFFICIENT;
   23507     }
   23508     authorization_section_bytes = buffer.substr(parameter_section_size);
   23509     // Keep the parameter section in |buffer|.
   23510     buffer.erase(parameter_section_size);
   23511   }
   23512   std::unique_ptr<crypto::SecureHash> hash(
   23513       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23514   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   23515   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23516   hash->Update(buffer.data(), buffer.size());
   23517   std::string response_hash(32, 0);
   23518   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   23519   if (tag == TPM_ST_SESSIONS) {
   23520     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23521     if (!authorization_delegate->CheckResponseAuthorization(
   23522             response_hash, authorization_section_bytes)) {
   23523       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23524     }
   23525   }
   23526   return TPM_RC_SUCCESS;
   23527 }
   23528 
   23529 void PolicyNameHashErrorCallback(const Tpm::PolicyNameHashResponse& callback,
   23530                                  TPM_RC response_code) {
   23531   VLOG(1) << __func__;
   23532   callback.Run(response_code);
   23533 }
   23534 
   23535 void PolicyNameHashResponseParser(const Tpm::PolicyNameHashResponse& callback,
   23536                                   AuthorizationDelegate* authorization_delegate,
   23537                                   const std::string& response) {
   23538   VLOG(1) << __func__;
   23539   base::Callback<void(TPM_RC)> error_reporter =
   23540       base::Bind(PolicyNameHashErrorCallback, callback);
   23541   TPM_RC rc =
   23542       Tpm::ParseResponse_PolicyNameHash(response, authorization_delegate);
   23543   if (rc != TPM_RC_SUCCESS) {
   23544     error_reporter.Run(rc);
   23545     return;
   23546   }
   23547   callback.Run(rc);
   23548 }
   23549 
   23550 void Tpm::PolicyNameHash(const TPMI_SH_POLICY& policy_session,
   23551                          const std::string& policy_session_name,
   23552                          const TPM2B_DIGEST& name_hash,
   23553                          AuthorizationDelegate* authorization_delegate,
   23554                          const PolicyNameHashResponse& callback) {
   23555   VLOG(1) << __func__;
   23556   base::Callback<void(TPM_RC)> error_reporter =
   23557       base::Bind(PolicyNameHashErrorCallback, callback);
   23558   base::Callback<void(const std::string&)> parser = base::Bind(
   23559       PolicyNameHashResponseParser, callback, authorization_delegate);
   23560   std::string command;
   23561   TPM_RC rc = SerializeCommand_PolicyNameHash(policy_session,
   23562                                               policy_session_name, name_hash,
   23563                                               &command, authorization_delegate);
   23564   if (rc != TPM_RC_SUCCESS) {
   23565     error_reporter.Run(rc);
   23566     return;
   23567   }
   23568   transceiver_->SendCommand(command, parser);
   23569 }
   23570 
   23571 TPM_RC Tpm::PolicyNameHashSync(const TPMI_SH_POLICY& policy_session,
   23572                                const std::string& policy_session_name,
   23573                                const TPM2B_DIGEST& name_hash,
   23574                                AuthorizationDelegate* authorization_delegate) {
   23575   VLOG(1) << __func__;
   23576   std::string command;
   23577   TPM_RC rc = SerializeCommand_PolicyNameHash(policy_session,
   23578                                               policy_session_name, name_hash,
   23579                                               &command, authorization_delegate);
   23580   if (rc != TPM_RC_SUCCESS) {
   23581     return rc;
   23582   }
   23583   std::string response = transceiver_->SendCommandAndWait(command);
   23584   rc = ParseResponse_PolicyNameHash(response, authorization_delegate);
   23585   return rc;
   23586 }
   23587 
   23588 TPM_RC Tpm::SerializeCommand_PolicyDuplicationSelect(
   23589     const TPMI_SH_POLICY& policy_session,
   23590     const std::string& policy_session_name,
   23591     const TPM2B_NAME& object_name,
   23592     const TPM2B_NAME& new_parent_name,
   23593     const TPMI_YES_NO& include_object,
   23594     std::string* serialized_command,
   23595     AuthorizationDelegate* authorization_delegate) {
   23596   VLOG(3) << __func__;
   23597   TPM_RC rc = TPM_RC_SUCCESS;
   23598   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23599   UINT32 command_size = 10;  // Header size.
   23600   std::string handle_section_bytes;
   23601   std::string parameter_section_bytes;
   23602   TPM_CC command_code = TPM_CC_PolicyDuplicationSelect;
   23603   bool is_command_parameter_encryption_possible = true;
   23604   bool is_response_parameter_encryption_possible = false;
   23605   std::string command_code_bytes;
   23606   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23607   if (rc != TPM_RC_SUCCESS) {
   23608     return rc;
   23609   }
   23610   std::string policy_session_bytes;
   23611   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   23612   if (rc != TPM_RC_SUCCESS) {
   23613     return rc;
   23614   }
   23615   std::string object_name_bytes;
   23616   rc = Serialize_TPM2B_NAME(object_name, &object_name_bytes);
   23617   if (rc != TPM_RC_SUCCESS) {
   23618     return rc;
   23619   }
   23620   std::string new_parent_name_bytes;
   23621   rc = Serialize_TPM2B_NAME(new_parent_name, &new_parent_name_bytes);
   23622   if (rc != TPM_RC_SUCCESS) {
   23623     return rc;
   23624   }
   23625   std::string include_object_bytes;
   23626   rc = Serialize_TPMI_YES_NO(include_object, &include_object_bytes);
   23627   if (rc != TPM_RC_SUCCESS) {
   23628     return rc;
   23629   }
   23630   if (authorization_delegate) {
   23631     // Encrypt just the parameter data, not the size.
   23632     std::string tmp = object_name_bytes.substr(2);
   23633     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   23634       return TRUNKS_RC_ENCRYPTION_FAILED;
   23635     }
   23636     object_name_bytes.replace(2, std::string::npos, tmp);
   23637   }
   23638   std::unique_ptr<crypto::SecureHash> hash(
   23639       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23640   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23641   hash->Update(policy_session_name.data(), policy_session_name.size());
   23642   handle_section_bytes += policy_session_bytes;
   23643   command_size += policy_session_bytes.size();
   23644   hash->Update(object_name_bytes.data(), object_name_bytes.size());
   23645   parameter_section_bytes += object_name_bytes;
   23646   command_size += object_name_bytes.size();
   23647   hash->Update(new_parent_name_bytes.data(), new_parent_name_bytes.size());
   23648   parameter_section_bytes += new_parent_name_bytes;
   23649   command_size += new_parent_name_bytes.size();
   23650   hash->Update(include_object_bytes.data(), include_object_bytes.size());
   23651   parameter_section_bytes += include_object_bytes;
   23652   command_size += include_object_bytes.size();
   23653   std::string command_hash(32, 0);
   23654   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   23655   std::string authorization_section_bytes;
   23656   std::string authorization_size_bytes;
   23657   if (authorization_delegate) {
   23658     if (!authorization_delegate->GetCommandAuthorization(
   23659             command_hash, is_command_parameter_encryption_possible,
   23660             is_response_parameter_encryption_possible,
   23661             &authorization_section_bytes)) {
   23662       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23663     }
   23664     if (!authorization_section_bytes.empty()) {
   23665       tag = TPM_ST_SESSIONS;
   23666       std::string tmp;
   23667       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23668                             &authorization_size_bytes);
   23669       if (rc != TPM_RC_SUCCESS) {
   23670         return rc;
   23671       }
   23672       command_size +=
   23673           authorization_size_bytes.size() + authorization_section_bytes.size();
   23674     }
   23675   }
   23676   std::string tag_bytes;
   23677   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   23678   if (rc != TPM_RC_SUCCESS) {
   23679     return rc;
   23680   }
   23681   std::string command_size_bytes;
   23682   rc = Serialize_UINT32(command_size, &command_size_bytes);
   23683   if (rc != TPM_RC_SUCCESS) {
   23684     return rc;
   23685   }
   23686   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   23687                         handle_section_bytes + authorization_size_bytes +
   23688                         authorization_section_bytes + parameter_section_bytes;
   23689   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23690   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23691                                             serialized_command->size());
   23692   return TPM_RC_SUCCESS;
   23693 }
   23694 
   23695 TPM_RC Tpm::ParseResponse_PolicyDuplicationSelect(
   23696     const std::string& response,
   23697     AuthorizationDelegate* authorization_delegate) {
   23698   VLOG(3) << __func__;
   23699   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23700   TPM_RC rc = TPM_RC_SUCCESS;
   23701   std::string buffer(response);
   23702   TPM_ST tag;
   23703   std::string tag_bytes;
   23704   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   23705   if (rc != TPM_RC_SUCCESS) {
   23706     return rc;
   23707   }
   23708   UINT32 response_size;
   23709   std::string response_size_bytes;
   23710   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   23711   if (rc != TPM_RC_SUCCESS) {
   23712     return rc;
   23713   }
   23714   TPM_RC response_code;
   23715   std::string response_code_bytes;
   23716   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   23717   if (rc != TPM_RC_SUCCESS) {
   23718     return rc;
   23719   }
   23720   if (response_size != response.size()) {
   23721     return TPM_RC_SIZE;
   23722   }
   23723   if (response_code != TPM_RC_SUCCESS) {
   23724     return response_code;
   23725   }
   23726   TPM_CC command_code = TPM_CC_PolicyDuplicationSelect;
   23727   std::string command_code_bytes;
   23728   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23729   if (rc != TPM_RC_SUCCESS) {
   23730     return rc;
   23731   }
   23732   std::string authorization_section_bytes;
   23733   if (tag == TPM_ST_SESSIONS) {
   23734     UINT32 parameter_section_size = buffer.size();
   23735     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23736     if (rc != TPM_RC_SUCCESS) {
   23737       return rc;
   23738     }
   23739     if (parameter_section_size > buffer.size()) {
   23740       return TPM_RC_INSUFFICIENT;
   23741     }
   23742     authorization_section_bytes = buffer.substr(parameter_section_size);
   23743     // Keep the parameter section in |buffer|.
   23744     buffer.erase(parameter_section_size);
   23745   }
   23746   std::unique_ptr<crypto::SecureHash> hash(
   23747       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23748   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   23749   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23750   hash->Update(buffer.data(), buffer.size());
   23751   std::string response_hash(32, 0);
   23752   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   23753   if (tag == TPM_ST_SESSIONS) {
   23754     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23755     if (!authorization_delegate->CheckResponseAuthorization(
   23756             response_hash, authorization_section_bytes)) {
   23757       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23758     }
   23759   }
   23760   return TPM_RC_SUCCESS;
   23761 }
   23762 
   23763 void PolicyDuplicationSelectErrorCallback(
   23764     const Tpm::PolicyDuplicationSelectResponse& callback,
   23765     TPM_RC response_code) {
   23766   VLOG(1) << __func__;
   23767   callback.Run(response_code);
   23768 }
   23769 
   23770 void PolicyDuplicationSelectResponseParser(
   23771     const Tpm::PolicyDuplicationSelectResponse& callback,
   23772     AuthorizationDelegate* authorization_delegate,
   23773     const std::string& response) {
   23774   VLOG(1) << __func__;
   23775   base::Callback<void(TPM_RC)> error_reporter =
   23776       base::Bind(PolicyDuplicationSelectErrorCallback, callback);
   23777   TPM_RC rc = Tpm::ParseResponse_PolicyDuplicationSelect(
   23778       response, authorization_delegate);
   23779   if (rc != TPM_RC_SUCCESS) {
   23780     error_reporter.Run(rc);
   23781     return;
   23782   }
   23783   callback.Run(rc);
   23784 }
   23785 
   23786 void Tpm::PolicyDuplicationSelect(
   23787     const TPMI_SH_POLICY& policy_session,
   23788     const std::string& policy_session_name,
   23789     const TPM2B_NAME& object_name,
   23790     const TPM2B_NAME& new_parent_name,
   23791     const TPMI_YES_NO& include_object,
   23792     AuthorizationDelegate* authorization_delegate,
   23793     const PolicyDuplicationSelectResponse& callback) {
   23794   VLOG(1) << __func__;
   23795   base::Callback<void(TPM_RC)> error_reporter =
   23796       base::Bind(PolicyDuplicationSelectErrorCallback, callback);
   23797   base::Callback<void(const std::string&)> parser = base::Bind(
   23798       PolicyDuplicationSelectResponseParser, callback, authorization_delegate);
   23799   std::string command;
   23800   TPM_RC rc = SerializeCommand_PolicyDuplicationSelect(
   23801       policy_session, policy_session_name, object_name, new_parent_name,
   23802       include_object, &command, authorization_delegate);
   23803   if (rc != TPM_RC_SUCCESS) {
   23804     error_reporter.Run(rc);
   23805     return;
   23806   }
   23807   transceiver_->SendCommand(command, parser);
   23808 }
   23809 
   23810 TPM_RC Tpm::PolicyDuplicationSelectSync(
   23811     const TPMI_SH_POLICY& policy_session,
   23812     const std::string& policy_session_name,
   23813     const TPM2B_NAME& object_name,
   23814     const TPM2B_NAME& new_parent_name,
   23815     const TPMI_YES_NO& include_object,
   23816     AuthorizationDelegate* authorization_delegate) {
   23817   VLOG(1) << __func__;
   23818   std::string command;
   23819   TPM_RC rc = SerializeCommand_PolicyDuplicationSelect(
   23820       policy_session, policy_session_name, object_name, new_parent_name,
   23821       include_object, &command, authorization_delegate);
   23822   if (rc != TPM_RC_SUCCESS) {
   23823     return rc;
   23824   }
   23825   std::string response = transceiver_->SendCommandAndWait(command);
   23826   rc = ParseResponse_PolicyDuplicationSelect(response, authorization_delegate);
   23827   return rc;
   23828 }
   23829 
   23830 TPM_RC Tpm::SerializeCommand_PolicyAuthorize(
   23831     const TPMI_SH_POLICY& policy_session,
   23832     const std::string& policy_session_name,
   23833     const TPM2B_DIGEST& approved_policy,
   23834     const TPM2B_NONCE& policy_ref,
   23835     const TPM2B_NAME& key_sign,
   23836     const TPMT_TK_VERIFIED& check_ticket,
   23837     std::string* serialized_command,
   23838     AuthorizationDelegate* authorization_delegate) {
   23839   VLOG(3) << __func__;
   23840   TPM_RC rc = TPM_RC_SUCCESS;
   23841   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23842   UINT32 command_size = 10;  // Header size.
   23843   std::string handle_section_bytes;
   23844   std::string parameter_section_bytes;
   23845   TPM_CC command_code = TPM_CC_PolicyAuthorize;
   23846   bool is_command_parameter_encryption_possible = true;
   23847   bool is_response_parameter_encryption_possible = false;
   23848   std::string command_code_bytes;
   23849   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23850   if (rc != TPM_RC_SUCCESS) {
   23851     return rc;
   23852   }
   23853   std::string policy_session_bytes;
   23854   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   23855   if (rc != TPM_RC_SUCCESS) {
   23856     return rc;
   23857   }
   23858   std::string approved_policy_bytes;
   23859   rc = Serialize_TPM2B_DIGEST(approved_policy, &approved_policy_bytes);
   23860   if (rc != TPM_RC_SUCCESS) {
   23861     return rc;
   23862   }
   23863   std::string policy_ref_bytes;
   23864   rc = Serialize_TPM2B_NONCE(policy_ref, &policy_ref_bytes);
   23865   if (rc != TPM_RC_SUCCESS) {
   23866     return rc;
   23867   }
   23868   std::string key_sign_bytes;
   23869   rc = Serialize_TPM2B_NAME(key_sign, &key_sign_bytes);
   23870   if (rc != TPM_RC_SUCCESS) {
   23871     return rc;
   23872   }
   23873   std::string check_ticket_bytes;
   23874   rc = Serialize_TPMT_TK_VERIFIED(check_ticket, &check_ticket_bytes);
   23875   if (rc != TPM_RC_SUCCESS) {
   23876     return rc;
   23877   }
   23878   if (authorization_delegate) {
   23879     // Encrypt just the parameter data, not the size.
   23880     std::string tmp = approved_policy_bytes.substr(2);
   23881     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   23882       return TRUNKS_RC_ENCRYPTION_FAILED;
   23883     }
   23884     approved_policy_bytes.replace(2, std::string::npos, tmp);
   23885   }
   23886   std::unique_ptr<crypto::SecureHash> hash(
   23887       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23888   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   23889   hash->Update(policy_session_name.data(), policy_session_name.size());
   23890   handle_section_bytes += policy_session_bytes;
   23891   command_size += policy_session_bytes.size();
   23892   hash->Update(approved_policy_bytes.data(), approved_policy_bytes.size());
   23893   parameter_section_bytes += approved_policy_bytes;
   23894   command_size += approved_policy_bytes.size();
   23895   hash->Update(policy_ref_bytes.data(), policy_ref_bytes.size());
   23896   parameter_section_bytes += policy_ref_bytes;
   23897   command_size += policy_ref_bytes.size();
   23898   hash->Update(key_sign_bytes.data(), key_sign_bytes.size());
   23899   parameter_section_bytes += key_sign_bytes;
   23900   command_size += key_sign_bytes.size();
   23901   hash->Update(check_ticket_bytes.data(), check_ticket_bytes.size());
   23902   parameter_section_bytes += check_ticket_bytes;
   23903   command_size += check_ticket_bytes.size();
   23904   std::string command_hash(32, 0);
   23905   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   23906   std::string authorization_section_bytes;
   23907   std::string authorization_size_bytes;
   23908   if (authorization_delegate) {
   23909     if (!authorization_delegate->GetCommandAuthorization(
   23910             command_hash, is_command_parameter_encryption_possible,
   23911             is_response_parameter_encryption_possible,
   23912             &authorization_section_bytes)) {
   23913       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23914     }
   23915     if (!authorization_section_bytes.empty()) {
   23916       tag = TPM_ST_SESSIONS;
   23917       std::string tmp;
   23918       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23919                             &authorization_size_bytes);
   23920       if (rc != TPM_RC_SUCCESS) {
   23921         return rc;
   23922       }
   23923       command_size +=
   23924           authorization_size_bytes.size() + authorization_section_bytes.size();
   23925     }
   23926   }
   23927   std::string tag_bytes;
   23928   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   23929   if (rc != TPM_RC_SUCCESS) {
   23930     return rc;
   23931   }
   23932   std::string command_size_bytes;
   23933   rc = Serialize_UINT32(command_size, &command_size_bytes);
   23934   if (rc != TPM_RC_SUCCESS) {
   23935     return rc;
   23936   }
   23937   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   23938                         handle_section_bytes + authorization_size_bytes +
   23939                         authorization_section_bytes + parameter_section_bytes;
   23940   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23941   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23942                                             serialized_command->size());
   23943   return TPM_RC_SUCCESS;
   23944 }
   23945 
   23946 TPM_RC Tpm::ParseResponse_PolicyAuthorize(
   23947     const std::string& response,
   23948     AuthorizationDelegate* authorization_delegate) {
   23949   VLOG(3) << __func__;
   23950   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23951   TPM_RC rc = TPM_RC_SUCCESS;
   23952   std::string buffer(response);
   23953   TPM_ST tag;
   23954   std::string tag_bytes;
   23955   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   23956   if (rc != TPM_RC_SUCCESS) {
   23957     return rc;
   23958   }
   23959   UINT32 response_size;
   23960   std::string response_size_bytes;
   23961   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   23962   if (rc != TPM_RC_SUCCESS) {
   23963     return rc;
   23964   }
   23965   TPM_RC response_code;
   23966   std::string response_code_bytes;
   23967   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   23968   if (rc != TPM_RC_SUCCESS) {
   23969     return rc;
   23970   }
   23971   if (response_size != response.size()) {
   23972     return TPM_RC_SIZE;
   23973   }
   23974   if (response_code != TPM_RC_SUCCESS) {
   23975     return response_code;
   23976   }
   23977   TPM_CC command_code = TPM_CC_PolicyAuthorize;
   23978   std::string command_code_bytes;
   23979   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   23980   if (rc != TPM_RC_SUCCESS) {
   23981     return rc;
   23982   }
   23983   std::string authorization_section_bytes;
   23984   if (tag == TPM_ST_SESSIONS) {
   23985     UINT32 parameter_section_size = buffer.size();
   23986     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23987     if (rc != TPM_RC_SUCCESS) {
   23988       return rc;
   23989     }
   23990     if (parameter_section_size > buffer.size()) {
   23991       return TPM_RC_INSUFFICIENT;
   23992     }
   23993     authorization_section_bytes = buffer.substr(parameter_section_size);
   23994     // Keep the parameter section in |buffer|.
   23995     buffer.erase(parameter_section_size);
   23996   }
   23997   std::unique_ptr<crypto::SecureHash> hash(
   23998       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   23999   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   24000   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24001   hash->Update(buffer.data(), buffer.size());
   24002   std::string response_hash(32, 0);
   24003   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   24004   if (tag == TPM_ST_SESSIONS) {
   24005     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24006     if (!authorization_delegate->CheckResponseAuthorization(
   24007             response_hash, authorization_section_bytes)) {
   24008       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24009     }
   24010   }
   24011   return TPM_RC_SUCCESS;
   24012 }
   24013 
   24014 void PolicyAuthorizeErrorCallback(const Tpm::PolicyAuthorizeResponse& callback,
   24015                                   TPM_RC response_code) {
   24016   VLOG(1) << __func__;
   24017   callback.Run(response_code);
   24018 }
   24019 
   24020 void PolicyAuthorizeResponseParser(
   24021     const Tpm::PolicyAuthorizeResponse& callback,
   24022     AuthorizationDelegate* authorization_delegate,
   24023     const std::string& response) {
   24024   VLOG(1) << __func__;
   24025   base::Callback<void(TPM_RC)> error_reporter =
   24026       base::Bind(PolicyAuthorizeErrorCallback, callback);
   24027   TPM_RC rc =
   24028       Tpm::ParseResponse_PolicyAuthorize(response, authorization_delegate);
   24029   if (rc != TPM_RC_SUCCESS) {
   24030     error_reporter.Run(rc);
   24031     return;
   24032   }
   24033   callback.Run(rc);
   24034 }
   24035 
   24036 void Tpm::PolicyAuthorize(const TPMI_SH_POLICY& policy_session,
   24037                           const std::string& policy_session_name,
   24038                           const TPM2B_DIGEST& approved_policy,
   24039                           const TPM2B_NONCE& policy_ref,
   24040                           const TPM2B_NAME& key_sign,
   24041                           const TPMT_TK_VERIFIED& check_ticket,
   24042                           AuthorizationDelegate* authorization_delegate,
   24043                           const PolicyAuthorizeResponse& callback) {
   24044   VLOG(1) << __func__;
   24045   base::Callback<void(TPM_RC)> error_reporter =
   24046       base::Bind(PolicyAuthorizeErrorCallback, callback);
   24047   base::Callback<void(const std::string&)> parser = base::Bind(
   24048       PolicyAuthorizeResponseParser, callback, authorization_delegate);
   24049   std::string command;
   24050   TPM_RC rc = SerializeCommand_PolicyAuthorize(
   24051       policy_session, policy_session_name, approved_policy, policy_ref,
   24052       key_sign, check_ticket, &command, authorization_delegate);
   24053   if (rc != TPM_RC_SUCCESS) {
   24054     error_reporter.Run(rc);
   24055     return;
   24056   }
   24057   transceiver_->SendCommand(command, parser);
   24058 }
   24059 
   24060 TPM_RC Tpm::PolicyAuthorizeSync(const TPMI_SH_POLICY& policy_session,
   24061                                 const std::string& policy_session_name,
   24062                                 const TPM2B_DIGEST& approved_policy,
   24063                                 const TPM2B_NONCE& policy_ref,
   24064                                 const TPM2B_NAME& key_sign,
   24065                                 const TPMT_TK_VERIFIED& check_ticket,
   24066                                 AuthorizationDelegate* authorization_delegate) {
   24067   VLOG(1) << __func__;
   24068   std::string command;
   24069   TPM_RC rc = SerializeCommand_PolicyAuthorize(
   24070       policy_session, policy_session_name, approved_policy, policy_ref,
   24071       key_sign, check_ticket, &command, authorization_delegate);
   24072   if (rc != TPM_RC_SUCCESS) {
   24073     return rc;
   24074   }
   24075   std::string response = transceiver_->SendCommandAndWait(command);
   24076   rc = ParseResponse_PolicyAuthorize(response, authorization_delegate);
   24077   return rc;
   24078 }
   24079 
   24080 TPM_RC Tpm::SerializeCommand_PolicyAuthValue(
   24081     const TPMI_SH_POLICY& policy_session,
   24082     const std::string& policy_session_name,
   24083     std::string* serialized_command,
   24084     AuthorizationDelegate* authorization_delegate) {
   24085   VLOG(3) << __func__;
   24086   TPM_RC rc = TPM_RC_SUCCESS;
   24087   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24088   UINT32 command_size = 10;  // Header size.
   24089   std::string handle_section_bytes;
   24090   std::string parameter_section_bytes;
   24091   TPM_CC command_code = TPM_CC_PolicyAuthValue;
   24092   bool is_command_parameter_encryption_possible = false;
   24093   bool is_response_parameter_encryption_possible = false;
   24094   std::string command_code_bytes;
   24095   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24096   if (rc != TPM_RC_SUCCESS) {
   24097     return rc;
   24098   }
   24099   std::string policy_session_bytes;
   24100   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   24101   if (rc != TPM_RC_SUCCESS) {
   24102     return rc;
   24103   }
   24104   std::unique_ptr<crypto::SecureHash> hash(
   24105       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24106   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24107   hash->Update(policy_session_name.data(), policy_session_name.size());
   24108   handle_section_bytes += policy_session_bytes;
   24109   command_size += policy_session_bytes.size();
   24110   std::string command_hash(32, 0);
   24111   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   24112   std::string authorization_section_bytes;
   24113   std::string authorization_size_bytes;
   24114   if (authorization_delegate) {
   24115     if (!authorization_delegate->GetCommandAuthorization(
   24116             command_hash, is_command_parameter_encryption_possible,
   24117             is_response_parameter_encryption_possible,
   24118             &authorization_section_bytes)) {
   24119       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24120     }
   24121     if (!authorization_section_bytes.empty()) {
   24122       tag = TPM_ST_SESSIONS;
   24123       std::string tmp;
   24124       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24125                             &authorization_size_bytes);
   24126       if (rc != TPM_RC_SUCCESS) {
   24127         return rc;
   24128       }
   24129       command_size +=
   24130           authorization_size_bytes.size() + authorization_section_bytes.size();
   24131     }
   24132   }
   24133   std::string tag_bytes;
   24134   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   24135   if (rc != TPM_RC_SUCCESS) {
   24136     return rc;
   24137   }
   24138   std::string command_size_bytes;
   24139   rc = Serialize_UINT32(command_size, &command_size_bytes);
   24140   if (rc != TPM_RC_SUCCESS) {
   24141     return rc;
   24142   }
   24143   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   24144                         handle_section_bytes + authorization_size_bytes +
   24145                         authorization_section_bytes + parameter_section_bytes;
   24146   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24147   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24148                                             serialized_command->size());
   24149   return TPM_RC_SUCCESS;
   24150 }
   24151 
   24152 TPM_RC Tpm::ParseResponse_PolicyAuthValue(
   24153     const std::string& response,
   24154     AuthorizationDelegate* authorization_delegate) {
   24155   VLOG(3) << __func__;
   24156   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24157   TPM_RC rc = TPM_RC_SUCCESS;
   24158   std::string buffer(response);
   24159   TPM_ST tag;
   24160   std::string tag_bytes;
   24161   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   24162   if (rc != TPM_RC_SUCCESS) {
   24163     return rc;
   24164   }
   24165   UINT32 response_size;
   24166   std::string response_size_bytes;
   24167   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   24168   if (rc != TPM_RC_SUCCESS) {
   24169     return rc;
   24170   }
   24171   TPM_RC response_code;
   24172   std::string response_code_bytes;
   24173   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   24174   if (rc != TPM_RC_SUCCESS) {
   24175     return rc;
   24176   }
   24177   if (response_size != response.size()) {
   24178     return TPM_RC_SIZE;
   24179   }
   24180   if (response_code != TPM_RC_SUCCESS) {
   24181     return response_code;
   24182   }
   24183   TPM_CC command_code = TPM_CC_PolicyAuthValue;
   24184   std::string command_code_bytes;
   24185   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24186   if (rc != TPM_RC_SUCCESS) {
   24187     return rc;
   24188   }
   24189   std::string authorization_section_bytes;
   24190   if (tag == TPM_ST_SESSIONS) {
   24191     UINT32 parameter_section_size = buffer.size();
   24192     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24193     if (rc != TPM_RC_SUCCESS) {
   24194       return rc;
   24195     }
   24196     if (parameter_section_size > buffer.size()) {
   24197       return TPM_RC_INSUFFICIENT;
   24198     }
   24199     authorization_section_bytes = buffer.substr(parameter_section_size);
   24200     // Keep the parameter section in |buffer|.
   24201     buffer.erase(parameter_section_size);
   24202   }
   24203   std::unique_ptr<crypto::SecureHash> hash(
   24204       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24205   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   24206   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24207   hash->Update(buffer.data(), buffer.size());
   24208   std::string response_hash(32, 0);
   24209   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   24210   if (tag == TPM_ST_SESSIONS) {
   24211     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24212     if (!authorization_delegate->CheckResponseAuthorization(
   24213             response_hash, authorization_section_bytes)) {
   24214       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24215     }
   24216   }
   24217   return TPM_RC_SUCCESS;
   24218 }
   24219 
   24220 void PolicyAuthValueErrorCallback(const Tpm::PolicyAuthValueResponse& callback,
   24221                                   TPM_RC response_code) {
   24222   VLOG(1) << __func__;
   24223   callback.Run(response_code);
   24224 }
   24225 
   24226 void PolicyAuthValueResponseParser(
   24227     const Tpm::PolicyAuthValueResponse& callback,
   24228     AuthorizationDelegate* authorization_delegate,
   24229     const std::string& response) {
   24230   VLOG(1) << __func__;
   24231   base::Callback<void(TPM_RC)> error_reporter =
   24232       base::Bind(PolicyAuthValueErrorCallback, callback);
   24233   TPM_RC rc =
   24234       Tpm::ParseResponse_PolicyAuthValue(response, authorization_delegate);
   24235   if (rc != TPM_RC_SUCCESS) {
   24236     error_reporter.Run(rc);
   24237     return;
   24238   }
   24239   callback.Run(rc);
   24240 }
   24241 
   24242 void Tpm::PolicyAuthValue(const TPMI_SH_POLICY& policy_session,
   24243                           const std::string& policy_session_name,
   24244                           AuthorizationDelegate* authorization_delegate,
   24245                           const PolicyAuthValueResponse& callback) {
   24246   VLOG(1) << __func__;
   24247   base::Callback<void(TPM_RC)> error_reporter =
   24248       base::Bind(PolicyAuthValueErrorCallback, callback);
   24249   base::Callback<void(const std::string&)> parser = base::Bind(
   24250       PolicyAuthValueResponseParser, callback, authorization_delegate);
   24251   std::string command;
   24252   TPM_RC rc = SerializeCommand_PolicyAuthValue(
   24253       policy_session, policy_session_name, &command, authorization_delegate);
   24254   if (rc != TPM_RC_SUCCESS) {
   24255     error_reporter.Run(rc);
   24256     return;
   24257   }
   24258   transceiver_->SendCommand(command, parser);
   24259 }
   24260 
   24261 TPM_RC Tpm::PolicyAuthValueSync(const TPMI_SH_POLICY& policy_session,
   24262                                 const std::string& policy_session_name,
   24263                                 AuthorizationDelegate* authorization_delegate) {
   24264   VLOG(1) << __func__;
   24265   std::string command;
   24266   TPM_RC rc = SerializeCommand_PolicyAuthValue(
   24267       policy_session, policy_session_name, &command, authorization_delegate);
   24268   if (rc != TPM_RC_SUCCESS) {
   24269     return rc;
   24270   }
   24271   std::string response = transceiver_->SendCommandAndWait(command);
   24272   rc = ParseResponse_PolicyAuthValue(response, authorization_delegate);
   24273   return rc;
   24274 }
   24275 
   24276 TPM_RC Tpm::SerializeCommand_PolicyPassword(
   24277     const TPMI_SH_POLICY& policy_session,
   24278     const std::string& policy_session_name,
   24279     std::string* serialized_command,
   24280     AuthorizationDelegate* authorization_delegate) {
   24281   VLOG(3) << __func__;
   24282   TPM_RC rc = TPM_RC_SUCCESS;
   24283   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24284   UINT32 command_size = 10;  // Header size.
   24285   std::string handle_section_bytes;
   24286   std::string parameter_section_bytes;
   24287   TPM_CC command_code = TPM_CC_PolicyPassword;
   24288   bool is_command_parameter_encryption_possible = false;
   24289   bool is_response_parameter_encryption_possible = false;
   24290   std::string command_code_bytes;
   24291   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24292   if (rc != TPM_RC_SUCCESS) {
   24293     return rc;
   24294   }
   24295   std::string policy_session_bytes;
   24296   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   24297   if (rc != TPM_RC_SUCCESS) {
   24298     return rc;
   24299   }
   24300   std::unique_ptr<crypto::SecureHash> hash(
   24301       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24302   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24303   hash->Update(policy_session_name.data(), policy_session_name.size());
   24304   handle_section_bytes += policy_session_bytes;
   24305   command_size += policy_session_bytes.size();
   24306   std::string command_hash(32, 0);
   24307   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   24308   std::string authorization_section_bytes;
   24309   std::string authorization_size_bytes;
   24310   if (authorization_delegate) {
   24311     if (!authorization_delegate->GetCommandAuthorization(
   24312             command_hash, is_command_parameter_encryption_possible,
   24313             is_response_parameter_encryption_possible,
   24314             &authorization_section_bytes)) {
   24315       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24316     }
   24317     if (!authorization_section_bytes.empty()) {
   24318       tag = TPM_ST_SESSIONS;
   24319       std::string tmp;
   24320       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24321                             &authorization_size_bytes);
   24322       if (rc != TPM_RC_SUCCESS) {
   24323         return rc;
   24324       }
   24325       command_size +=
   24326           authorization_size_bytes.size() + authorization_section_bytes.size();
   24327     }
   24328   }
   24329   std::string tag_bytes;
   24330   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   24331   if (rc != TPM_RC_SUCCESS) {
   24332     return rc;
   24333   }
   24334   std::string command_size_bytes;
   24335   rc = Serialize_UINT32(command_size, &command_size_bytes);
   24336   if (rc != TPM_RC_SUCCESS) {
   24337     return rc;
   24338   }
   24339   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   24340                         handle_section_bytes + authorization_size_bytes +
   24341                         authorization_section_bytes + parameter_section_bytes;
   24342   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24343   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24344                                             serialized_command->size());
   24345   return TPM_RC_SUCCESS;
   24346 }
   24347 
   24348 TPM_RC Tpm::ParseResponse_PolicyPassword(
   24349     const std::string& response,
   24350     AuthorizationDelegate* authorization_delegate) {
   24351   VLOG(3) << __func__;
   24352   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24353   TPM_RC rc = TPM_RC_SUCCESS;
   24354   std::string buffer(response);
   24355   TPM_ST tag;
   24356   std::string tag_bytes;
   24357   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   24358   if (rc != TPM_RC_SUCCESS) {
   24359     return rc;
   24360   }
   24361   UINT32 response_size;
   24362   std::string response_size_bytes;
   24363   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   24364   if (rc != TPM_RC_SUCCESS) {
   24365     return rc;
   24366   }
   24367   TPM_RC response_code;
   24368   std::string response_code_bytes;
   24369   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   24370   if (rc != TPM_RC_SUCCESS) {
   24371     return rc;
   24372   }
   24373   if (response_size != response.size()) {
   24374     return TPM_RC_SIZE;
   24375   }
   24376   if (response_code != TPM_RC_SUCCESS) {
   24377     return response_code;
   24378   }
   24379   TPM_CC command_code = TPM_CC_PolicyPassword;
   24380   std::string command_code_bytes;
   24381   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24382   if (rc != TPM_RC_SUCCESS) {
   24383     return rc;
   24384   }
   24385   std::string authorization_section_bytes;
   24386   if (tag == TPM_ST_SESSIONS) {
   24387     UINT32 parameter_section_size = buffer.size();
   24388     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24389     if (rc != TPM_RC_SUCCESS) {
   24390       return rc;
   24391     }
   24392     if (parameter_section_size > buffer.size()) {
   24393       return TPM_RC_INSUFFICIENT;
   24394     }
   24395     authorization_section_bytes = buffer.substr(parameter_section_size);
   24396     // Keep the parameter section in |buffer|.
   24397     buffer.erase(parameter_section_size);
   24398   }
   24399   std::unique_ptr<crypto::SecureHash> hash(
   24400       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24401   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   24402   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24403   hash->Update(buffer.data(), buffer.size());
   24404   std::string response_hash(32, 0);
   24405   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   24406   if (tag == TPM_ST_SESSIONS) {
   24407     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24408     if (!authorization_delegate->CheckResponseAuthorization(
   24409             response_hash, authorization_section_bytes)) {
   24410       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24411     }
   24412   }
   24413   return TPM_RC_SUCCESS;
   24414 }
   24415 
   24416 void PolicyPasswordErrorCallback(const Tpm::PolicyPasswordResponse& callback,
   24417                                  TPM_RC response_code) {
   24418   VLOG(1) << __func__;
   24419   callback.Run(response_code);
   24420 }
   24421 
   24422 void PolicyPasswordResponseParser(const Tpm::PolicyPasswordResponse& callback,
   24423                                   AuthorizationDelegate* authorization_delegate,
   24424                                   const std::string& response) {
   24425   VLOG(1) << __func__;
   24426   base::Callback<void(TPM_RC)> error_reporter =
   24427       base::Bind(PolicyPasswordErrorCallback, callback);
   24428   TPM_RC rc =
   24429       Tpm::ParseResponse_PolicyPassword(response, authorization_delegate);
   24430   if (rc != TPM_RC_SUCCESS) {
   24431     error_reporter.Run(rc);
   24432     return;
   24433   }
   24434   callback.Run(rc);
   24435 }
   24436 
   24437 void Tpm::PolicyPassword(const TPMI_SH_POLICY& policy_session,
   24438                          const std::string& policy_session_name,
   24439                          AuthorizationDelegate* authorization_delegate,
   24440                          const PolicyPasswordResponse& callback) {
   24441   VLOG(1) << __func__;
   24442   base::Callback<void(TPM_RC)> error_reporter =
   24443       base::Bind(PolicyPasswordErrorCallback, callback);
   24444   base::Callback<void(const std::string&)> parser = base::Bind(
   24445       PolicyPasswordResponseParser, callback, authorization_delegate);
   24446   std::string command;
   24447   TPM_RC rc = SerializeCommand_PolicyPassword(
   24448       policy_session, policy_session_name, &command, authorization_delegate);
   24449   if (rc != TPM_RC_SUCCESS) {
   24450     error_reporter.Run(rc);
   24451     return;
   24452   }
   24453   transceiver_->SendCommand(command, parser);
   24454 }
   24455 
   24456 TPM_RC Tpm::PolicyPasswordSync(const TPMI_SH_POLICY& policy_session,
   24457                                const std::string& policy_session_name,
   24458                                AuthorizationDelegate* authorization_delegate) {
   24459   VLOG(1) << __func__;
   24460   std::string command;
   24461   TPM_RC rc = SerializeCommand_PolicyPassword(
   24462       policy_session, policy_session_name, &command, authorization_delegate);
   24463   if (rc != TPM_RC_SUCCESS) {
   24464     return rc;
   24465   }
   24466   std::string response = transceiver_->SendCommandAndWait(command);
   24467   rc = ParseResponse_PolicyPassword(response, authorization_delegate);
   24468   return rc;
   24469 }
   24470 
   24471 TPM_RC Tpm::SerializeCommand_PolicyGetDigest(
   24472     const TPMI_SH_POLICY& policy_session,
   24473     const std::string& policy_session_name,
   24474     std::string* serialized_command,
   24475     AuthorizationDelegate* authorization_delegate) {
   24476   VLOG(3) << __func__;
   24477   TPM_RC rc = TPM_RC_SUCCESS;
   24478   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24479   UINT32 command_size = 10;  // Header size.
   24480   std::string handle_section_bytes;
   24481   std::string parameter_section_bytes;
   24482   TPM_CC command_code = TPM_CC_PolicyGetDigest;
   24483   bool is_command_parameter_encryption_possible = false;
   24484   bool is_response_parameter_encryption_possible = true;
   24485   std::string command_code_bytes;
   24486   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24487   if (rc != TPM_RC_SUCCESS) {
   24488     return rc;
   24489   }
   24490   std::string policy_session_bytes;
   24491   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   24492   if (rc != TPM_RC_SUCCESS) {
   24493     return rc;
   24494   }
   24495   std::unique_ptr<crypto::SecureHash> hash(
   24496       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24497   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24498   hash->Update(policy_session_name.data(), policy_session_name.size());
   24499   handle_section_bytes += policy_session_bytes;
   24500   command_size += policy_session_bytes.size();
   24501   std::string command_hash(32, 0);
   24502   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   24503   std::string authorization_section_bytes;
   24504   std::string authorization_size_bytes;
   24505   if (authorization_delegate) {
   24506     if (!authorization_delegate->GetCommandAuthorization(
   24507             command_hash, is_command_parameter_encryption_possible,
   24508             is_response_parameter_encryption_possible,
   24509             &authorization_section_bytes)) {
   24510       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24511     }
   24512     if (!authorization_section_bytes.empty()) {
   24513       tag = TPM_ST_SESSIONS;
   24514       std::string tmp;
   24515       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24516                             &authorization_size_bytes);
   24517       if (rc != TPM_RC_SUCCESS) {
   24518         return rc;
   24519       }
   24520       command_size +=
   24521           authorization_size_bytes.size() + authorization_section_bytes.size();
   24522     }
   24523   }
   24524   std::string tag_bytes;
   24525   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   24526   if (rc != TPM_RC_SUCCESS) {
   24527     return rc;
   24528   }
   24529   std::string command_size_bytes;
   24530   rc = Serialize_UINT32(command_size, &command_size_bytes);
   24531   if (rc != TPM_RC_SUCCESS) {
   24532     return rc;
   24533   }
   24534   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   24535                         handle_section_bytes + authorization_size_bytes +
   24536                         authorization_section_bytes + parameter_section_bytes;
   24537   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24538   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24539                                             serialized_command->size());
   24540   return TPM_RC_SUCCESS;
   24541 }
   24542 
   24543 TPM_RC Tpm::ParseResponse_PolicyGetDigest(
   24544     const std::string& response,
   24545     TPM2B_DIGEST* policy_digest,
   24546     AuthorizationDelegate* authorization_delegate) {
   24547   VLOG(3) << __func__;
   24548   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24549   TPM_RC rc = TPM_RC_SUCCESS;
   24550   std::string buffer(response);
   24551   TPM_ST tag;
   24552   std::string tag_bytes;
   24553   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   24554   if (rc != TPM_RC_SUCCESS) {
   24555     return rc;
   24556   }
   24557   UINT32 response_size;
   24558   std::string response_size_bytes;
   24559   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   24560   if (rc != TPM_RC_SUCCESS) {
   24561     return rc;
   24562   }
   24563   TPM_RC response_code;
   24564   std::string response_code_bytes;
   24565   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   24566   if (rc != TPM_RC_SUCCESS) {
   24567     return rc;
   24568   }
   24569   if (response_size != response.size()) {
   24570     return TPM_RC_SIZE;
   24571   }
   24572   if (response_code != TPM_RC_SUCCESS) {
   24573     return response_code;
   24574   }
   24575   TPM_CC command_code = TPM_CC_PolicyGetDigest;
   24576   std::string command_code_bytes;
   24577   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24578   if (rc != TPM_RC_SUCCESS) {
   24579     return rc;
   24580   }
   24581   std::string authorization_section_bytes;
   24582   if (tag == TPM_ST_SESSIONS) {
   24583     UINT32 parameter_section_size = buffer.size();
   24584     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24585     if (rc != TPM_RC_SUCCESS) {
   24586       return rc;
   24587     }
   24588     if (parameter_section_size > buffer.size()) {
   24589       return TPM_RC_INSUFFICIENT;
   24590     }
   24591     authorization_section_bytes = buffer.substr(parameter_section_size);
   24592     // Keep the parameter section in |buffer|.
   24593     buffer.erase(parameter_section_size);
   24594   }
   24595   std::unique_ptr<crypto::SecureHash> hash(
   24596       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24597   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   24598   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24599   hash->Update(buffer.data(), buffer.size());
   24600   std::string response_hash(32, 0);
   24601   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   24602   if (tag == TPM_ST_SESSIONS) {
   24603     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24604     if (!authorization_delegate->CheckResponseAuthorization(
   24605             response_hash, authorization_section_bytes)) {
   24606       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24607     }
   24608   }
   24609   std::string policy_digest_bytes;
   24610   rc = Parse_TPM2B_DIGEST(&buffer, policy_digest, &policy_digest_bytes);
   24611   if (rc != TPM_RC_SUCCESS) {
   24612     return rc;
   24613   }
   24614   if (tag == TPM_ST_SESSIONS) {
   24615     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24616     // Decrypt just the parameter data, not the size.
   24617     std::string tmp = policy_digest_bytes.substr(2);
   24618     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   24619       return TRUNKS_RC_ENCRYPTION_FAILED;
   24620     }
   24621     policy_digest_bytes.replace(2, std::string::npos, tmp);
   24622     rc = Parse_TPM2B_DIGEST(&policy_digest_bytes, policy_digest, nullptr);
   24623     if (rc != TPM_RC_SUCCESS) {
   24624       return rc;
   24625     }
   24626   }
   24627   return TPM_RC_SUCCESS;
   24628 }
   24629 
   24630 void PolicyGetDigestErrorCallback(const Tpm::PolicyGetDigestResponse& callback,
   24631                                   TPM_RC response_code) {
   24632   VLOG(1) << __func__;
   24633   callback.Run(response_code, TPM2B_DIGEST());
   24634 }
   24635 
   24636 void PolicyGetDigestResponseParser(
   24637     const Tpm::PolicyGetDigestResponse& callback,
   24638     AuthorizationDelegate* authorization_delegate,
   24639     const std::string& response) {
   24640   VLOG(1) << __func__;
   24641   base::Callback<void(TPM_RC)> error_reporter =
   24642       base::Bind(PolicyGetDigestErrorCallback, callback);
   24643   TPM2B_DIGEST policy_digest;
   24644   TPM_RC rc = Tpm::ParseResponse_PolicyGetDigest(response, &policy_digest,
   24645                                                  authorization_delegate);
   24646   if (rc != TPM_RC_SUCCESS) {
   24647     error_reporter.Run(rc);
   24648     return;
   24649   }
   24650   callback.Run(rc, policy_digest);
   24651 }
   24652 
   24653 void Tpm::PolicyGetDigest(const TPMI_SH_POLICY& policy_session,
   24654                           const std::string& policy_session_name,
   24655                           AuthorizationDelegate* authorization_delegate,
   24656                           const PolicyGetDigestResponse& callback) {
   24657   VLOG(1) << __func__;
   24658   base::Callback<void(TPM_RC)> error_reporter =
   24659       base::Bind(PolicyGetDigestErrorCallback, callback);
   24660   base::Callback<void(const std::string&)> parser = base::Bind(
   24661       PolicyGetDigestResponseParser, callback, authorization_delegate);
   24662   std::string command;
   24663   TPM_RC rc = SerializeCommand_PolicyGetDigest(
   24664       policy_session, policy_session_name, &command, authorization_delegate);
   24665   if (rc != TPM_RC_SUCCESS) {
   24666     error_reporter.Run(rc);
   24667     return;
   24668   }
   24669   transceiver_->SendCommand(command, parser);
   24670 }
   24671 
   24672 TPM_RC Tpm::PolicyGetDigestSync(const TPMI_SH_POLICY& policy_session,
   24673                                 const std::string& policy_session_name,
   24674                                 TPM2B_DIGEST* policy_digest,
   24675                                 AuthorizationDelegate* authorization_delegate) {
   24676   VLOG(1) << __func__;
   24677   std::string command;
   24678   TPM_RC rc = SerializeCommand_PolicyGetDigest(
   24679       policy_session, policy_session_name, &command, authorization_delegate);
   24680   if (rc != TPM_RC_SUCCESS) {
   24681     return rc;
   24682   }
   24683   std::string response = transceiver_->SendCommandAndWait(command);
   24684   rc = ParseResponse_PolicyGetDigest(response, policy_digest,
   24685                                      authorization_delegate);
   24686   return rc;
   24687 }
   24688 
   24689 TPM_RC Tpm::SerializeCommand_PolicyNvWritten(
   24690     const TPMI_SH_POLICY& policy_session,
   24691     const std::string& policy_session_name,
   24692     const TPMI_YES_NO& written_set,
   24693     std::string* serialized_command,
   24694     AuthorizationDelegate* authorization_delegate) {
   24695   VLOG(3) << __func__;
   24696   TPM_RC rc = TPM_RC_SUCCESS;
   24697   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24698   UINT32 command_size = 10;  // Header size.
   24699   std::string handle_section_bytes;
   24700   std::string parameter_section_bytes;
   24701   TPM_CC command_code = TPM_CC_PolicyNvWritten;
   24702   bool is_command_parameter_encryption_possible = false;
   24703   bool is_response_parameter_encryption_possible = false;
   24704   std::string command_code_bytes;
   24705   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24706   if (rc != TPM_RC_SUCCESS) {
   24707     return rc;
   24708   }
   24709   std::string policy_session_bytes;
   24710   rc = Serialize_TPMI_SH_POLICY(policy_session, &policy_session_bytes);
   24711   if (rc != TPM_RC_SUCCESS) {
   24712     return rc;
   24713   }
   24714   std::string written_set_bytes;
   24715   rc = Serialize_TPMI_YES_NO(written_set, &written_set_bytes);
   24716   if (rc != TPM_RC_SUCCESS) {
   24717     return rc;
   24718   }
   24719   std::unique_ptr<crypto::SecureHash> hash(
   24720       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24721   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24722   hash->Update(policy_session_name.data(), policy_session_name.size());
   24723   handle_section_bytes += policy_session_bytes;
   24724   command_size += policy_session_bytes.size();
   24725   hash->Update(written_set_bytes.data(), written_set_bytes.size());
   24726   parameter_section_bytes += written_set_bytes;
   24727   command_size += written_set_bytes.size();
   24728   std::string command_hash(32, 0);
   24729   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   24730   std::string authorization_section_bytes;
   24731   std::string authorization_size_bytes;
   24732   if (authorization_delegate) {
   24733     if (!authorization_delegate->GetCommandAuthorization(
   24734             command_hash, is_command_parameter_encryption_possible,
   24735             is_response_parameter_encryption_possible,
   24736             &authorization_section_bytes)) {
   24737       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24738     }
   24739     if (!authorization_section_bytes.empty()) {
   24740       tag = TPM_ST_SESSIONS;
   24741       std::string tmp;
   24742       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24743                             &authorization_size_bytes);
   24744       if (rc != TPM_RC_SUCCESS) {
   24745         return rc;
   24746       }
   24747       command_size +=
   24748           authorization_size_bytes.size() + authorization_section_bytes.size();
   24749     }
   24750   }
   24751   std::string tag_bytes;
   24752   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   24753   if (rc != TPM_RC_SUCCESS) {
   24754     return rc;
   24755   }
   24756   std::string command_size_bytes;
   24757   rc = Serialize_UINT32(command_size, &command_size_bytes);
   24758   if (rc != TPM_RC_SUCCESS) {
   24759     return rc;
   24760   }
   24761   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   24762                         handle_section_bytes + authorization_size_bytes +
   24763                         authorization_section_bytes + parameter_section_bytes;
   24764   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24765   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24766                                             serialized_command->size());
   24767   return TPM_RC_SUCCESS;
   24768 }
   24769 
   24770 TPM_RC Tpm::ParseResponse_PolicyNvWritten(
   24771     const std::string& response,
   24772     AuthorizationDelegate* authorization_delegate) {
   24773   VLOG(3) << __func__;
   24774   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24775   TPM_RC rc = TPM_RC_SUCCESS;
   24776   std::string buffer(response);
   24777   TPM_ST tag;
   24778   std::string tag_bytes;
   24779   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   24780   if (rc != TPM_RC_SUCCESS) {
   24781     return rc;
   24782   }
   24783   UINT32 response_size;
   24784   std::string response_size_bytes;
   24785   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   24786   if (rc != TPM_RC_SUCCESS) {
   24787     return rc;
   24788   }
   24789   TPM_RC response_code;
   24790   std::string response_code_bytes;
   24791   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   24792   if (rc != TPM_RC_SUCCESS) {
   24793     return rc;
   24794   }
   24795   if (response_size != response.size()) {
   24796     return TPM_RC_SIZE;
   24797   }
   24798   if (response_code != TPM_RC_SUCCESS) {
   24799     return response_code;
   24800   }
   24801   TPM_CC command_code = TPM_CC_PolicyNvWritten;
   24802   std::string command_code_bytes;
   24803   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24804   if (rc != TPM_RC_SUCCESS) {
   24805     return rc;
   24806   }
   24807   std::string authorization_section_bytes;
   24808   if (tag == TPM_ST_SESSIONS) {
   24809     UINT32 parameter_section_size = buffer.size();
   24810     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24811     if (rc != TPM_RC_SUCCESS) {
   24812       return rc;
   24813     }
   24814     if (parameter_section_size > buffer.size()) {
   24815       return TPM_RC_INSUFFICIENT;
   24816     }
   24817     authorization_section_bytes = buffer.substr(parameter_section_size);
   24818     // Keep the parameter section in |buffer|.
   24819     buffer.erase(parameter_section_size);
   24820   }
   24821   std::unique_ptr<crypto::SecureHash> hash(
   24822       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24823   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   24824   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24825   hash->Update(buffer.data(), buffer.size());
   24826   std::string response_hash(32, 0);
   24827   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   24828   if (tag == TPM_ST_SESSIONS) {
   24829     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24830     if (!authorization_delegate->CheckResponseAuthorization(
   24831             response_hash, authorization_section_bytes)) {
   24832       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24833     }
   24834   }
   24835   return TPM_RC_SUCCESS;
   24836 }
   24837 
   24838 void PolicyNvWrittenErrorCallback(const Tpm::PolicyNvWrittenResponse& callback,
   24839                                   TPM_RC response_code) {
   24840   VLOG(1) << __func__;
   24841   callback.Run(response_code);
   24842 }
   24843 
   24844 void PolicyNvWrittenResponseParser(
   24845     const Tpm::PolicyNvWrittenResponse& callback,
   24846     AuthorizationDelegate* authorization_delegate,
   24847     const std::string& response) {
   24848   VLOG(1) << __func__;
   24849   base::Callback<void(TPM_RC)> error_reporter =
   24850       base::Bind(PolicyNvWrittenErrorCallback, callback);
   24851   TPM_RC rc =
   24852       Tpm::ParseResponse_PolicyNvWritten(response, authorization_delegate);
   24853   if (rc != TPM_RC_SUCCESS) {
   24854     error_reporter.Run(rc);
   24855     return;
   24856   }
   24857   callback.Run(rc);
   24858 }
   24859 
   24860 void Tpm::PolicyNvWritten(const TPMI_SH_POLICY& policy_session,
   24861                           const std::string& policy_session_name,
   24862                           const TPMI_YES_NO& written_set,
   24863                           AuthorizationDelegate* authorization_delegate,
   24864                           const PolicyNvWrittenResponse& callback) {
   24865   VLOG(1) << __func__;
   24866   base::Callback<void(TPM_RC)> error_reporter =
   24867       base::Bind(PolicyNvWrittenErrorCallback, callback);
   24868   base::Callback<void(const std::string&)> parser = base::Bind(
   24869       PolicyNvWrittenResponseParser, callback, authorization_delegate);
   24870   std::string command;
   24871   TPM_RC rc = SerializeCommand_PolicyNvWritten(
   24872       policy_session, policy_session_name, written_set, &command,
   24873       authorization_delegate);
   24874   if (rc != TPM_RC_SUCCESS) {
   24875     error_reporter.Run(rc);
   24876     return;
   24877   }
   24878   transceiver_->SendCommand(command, parser);
   24879 }
   24880 
   24881 TPM_RC Tpm::PolicyNvWrittenSync(const TPMI_SH_POLICY& policy_session,
   24882                                 const std::string& policy_session_name,
   24883                                 const TPMI_YES_NO& written_set,
   24884                                 AuthorizationDelegate* authorization_delegate) {
   24885   VLOG(1) << __func__;
   24886   std::string command;
   24887   TPM_RC rc = SerializeCommand_PolicyNvWritten(
   24888       policy_session, policy_session_name, written_set, &command,
   24889       authorization_delegate);
   24890   if (rc != TPM_RC_SUCCESS) {
   24891     return rc;
   24892   }
   24893   std::string response = transceiver_->SendCommandAndWait(command);
   24894   rc = ParseResponse_PolicyNvWritten(response, authorization_delegate);
   24895   return rc;
   24896 }
   24897 
   24898 TPM_RC Tpm::SerializeCommand_CreatePrimary(
   24899     const TPMI_RH_HIERARCHY& primary_handle,
   24900     const std::string& primary_handle_name,
   24901     const TPM2B_SENSITIVE_CREATE& in_sensitive,
   24902     const TPM2B_PUBLIC& in_public,
   24903     const TPM2B_DATA& outside_info,
   24904     const TPML_PCR_SELECTION& creation_pcr,
   24905     std::string* serialized_command,
   24906     AuthorizationDelegate* authorization_delegate) {
   24907   VLOG(3) << __func__;
   24908   TPM_RC rc = TPM_RC_SUCCESS;
   24909   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24910   UINT32 command_size = 10;  // Header size.
   24911   std::string handle_section_bytes;
   24912   std::string parameter_section_bytes;
   24913   TPM_CC command_code = TPM_CC_CreatePrimary;
   24914   bool is_command_parameter_encryption_possible = true;
   24915   bool is_response_parameter_encryption_possible = true;
   24916   std::string command_code_bytes;
   24917   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   24918   if (rc != TPM_RC_SUCCESS) {
   24919     return rc;
   24920   }
   24921   std::string primary_handle_bytes;
   24922   rc = Serialize_TPMI_RH_HIERARCHY(primary_handle, &primary_handle_bytes);
   24923   if (rc != TPM_RC_SUCCESS) {
   24924     return rc;
   24925   }
   24926   std::string in_sensitive_bytes;
   24927   rc = Serialize_TPM2B_SENSITIVE_CREATE(in_sensitive, &in_sensitive_bytes);
   24928   if (rc != TPM_RC_SUCCESS) {
   24929     return rc;
   24930   }
   24931   std::string in_public_bytes;
   24932   rc = Serialize_TPM2B_PUBLIC(in_public, &in_public_bytes);
   24933   if (rc != TPM_RC_SUCCESS) {
   24934     return rc;
   24935   }
   24936   std::string outside_info_bytes;
   24937   rc = Serialize_TPM2B_DATA(outside_info, &outside_info_bytes);
   24938   if (rc != TPM_RC_SUCCESS) {
   24939     return rc;
   24940   }
   24941   std::string creation_pcr_bytes;
   24942   rc = Serialize_TPML_PCR_SELECTION(creation_pcr, &creation_pcr_bytes);
   24943   if (rc != TPM_RC_SUCCESS) {
   24944     return rc;
   24945   }
   24946   if (authorization_delegate) {
   24947     // Encrypt just the parameter data, not the size.
   24948     std::string tmp = in_sensitive_bytes.substr(2);
   24949     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   24950       return TRUNKS_RC_ENCRYPTION_FAILED;
   24951     }
   24952     in_sensitive_bytes.replace(2, std::string::npos, tmp);
   24953   }
   24954   std::unique_ptr<crypto::SecureHash> hash(
   24955       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   24956   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   24957   hash->Update(primary_handle_name.data(), primary_handle_name.size());
   24958   handle_section_bytes += primary_handle_bytes;
   24959   command_size += primary_handle_bytes.size();
   24960   hash->Update(in_sensitive_bytes.data(), in_sensitive_bytes.size());
   24961   parameter_section_bytes += in_sensitive_bytes;
   24962   command_size += in_sensitive_bytes.size();
   24963   hash->Update(in_public_bytes.data(), in_public_bytes.size());
   24964   parameter_section_bytes += in_public_bytes;
   24965   command_size += in_public_bytes.size();
   24966   hash->Update(outside_info_bytes.data(), outside_info_bytes.size());
   24967   parameter_section_bytes += outside_info_bytes;
   24968   command_size += outside_info_bytes.size();
   24969   hash->Update(creation_pcr_bytes.data(), creation_pcr_bytes.size());
   24970   parameter_section_bytes += creation_pcr_bytes;
   24971   command_size += creation_pcr_bytes.size();
   24972   std::string command_hash(32, 0);
   24973   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   24974   std::string authorization_section_bytes;
   24975   std::string authorization_size_bytes;
   24976   if (authorization_delegate) {
   24977     if (!authorization_delegate->GetCommandAuthorization(
   24978             command_hash, is_command_parameter_encryption_possible,
   24979             is_response_parameter_encryption_possible,
   24980             &authorization_section_bytes)) {
   24981       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24982     }
   24983     if (!authorization_section_bytes.empty()) {
   24984       tag = TPM_ST_SESSIONS;
   24985       std::string tmp;
   24986       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24987                             &authorization_size_bytes);
   24988       if (rc != TPM_RC_SUCCESS) {
   24989         return rc;
   24990       }
   24991       command_size +=
   24992           authorization_size_bytes.size() + authorization_section_bytes.size();
   24993     }
   24994   }
   24995   std::string tag_bytes;
   24996   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   24997   if (rc != TPM_RC_SUCCESS) {
   24998     return rc;
   24999   }
   25000   std::string command_size_bytes;
   25001   rc = Serialize_UINT32(command_size, &command_size_bytes);
   25002   if (rc != TPM_RC_SUCCESS) {
   25003     return rc;
   25004   }
   25005   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   25006                         handle_section_bytes + authorization_size_bytes +
   25007                         authorization_section_bytes + parameter_section_bytes;
   25008   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25009   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25010                                             serialized_command->size());
   25011   return TPM_RC_SUCCESS;
   25012 }
   25013 
   25014 TPM_RC Tpm::ParseResponse_CreatePrimary(
   25015     const std::string& response,
   25016     TPM_HANDLE* object_handle,
   25017     TPM2B_PUBLIC* out_public,
   25018     TPM2B_CREATION_DATA* creation_data,
   25019     TPM2B_DIGEST* creation_hash,
   25020     TPMT_TK_CREATION* creation_ticket,
   25021     TPM2B_NAME* name,
   25022     AuthorizationDelegate* authorization_delegate) {
   25023   VLOG(3) << __func__;
   25024   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25025   TPM_RC rc = TPM_RC_SUCCESS;
   25026   std::string buffer(response);
   25027   TPM_ST tag;
   25028   std::string tag_bytes;
   25029   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   25030   if (rc != TPM_RC_SUCCESS) {
   25031     return rc;
   25032   }
   25033   UINT32 response_size;
   25034   std::string response_size_bytes;
   25035   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   25036   if (rc != TPM_RC_SUCCESS) {
   25037     return rc;
   25038   }
   25039   TPM_RC response_code;
   25040   std::string response_code_bytes;
   25041   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   25042   if (rc != TPM_RC_SUCCESS) {
   25043     return rc;
   25044   }
   25045   if (response_size != response.size()) {
   25046     return TPM_RC_SIZE;
   25047   }
   25048   if (response_code != TPM_RC_SUCCESS) {
   25049     return response_code;
   25050   }
   25051   std::string object_handle_bytes;
   25052   rc = Parse_TPM_HANDLE(&buffer, object_handle, &object_handle_bytes);
   25053   if (rc != TPM_RC_SUCCESS) {
   25054     return rc;
   25055   }
   25056   TPM_CC command_code = TPM_CC_CreatePrimary;
   25057   std::string command_code_bytes;
   25058   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25059   if (rc != TPM_RC_SUCCESS) {
   25060     return rc;
   25061   }
   25062   std::string authorization_section_bytes;
   25063   if (tag == TPM_ST_SESSIONS) {
   25064     UINT32 parameter_section_size = buffer.size();
   25065     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25066     if (rc != TPM_RC_SUCCESS) {
   25067       return rc;
   25068     }
   25069     if (parameter_section_size > buffer.size()) {
   25070       return TPM_RC_INSUFFICIENT;
   25071     }
   25072     authorization_section_bytes = buffer.substr(parameter_section_size);
   25073     // Keep the parameter section in |buffer|.
   25074     buffer.erase(parameter_section_size);
   25075   }
   25076   std::unique_ptr<crypto::SecureHash> hash(
   25077       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25078   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   25079   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25080   hash->Update(buffer.data(), buffer.size());
   25081   std::string response_hash(32, 0);
   25082   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   25083   if (tag == TPM_ST_SESSIONS) {
   25084     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25085     if (!authorization_delegate->CheckResponseAuthorization(
   25086             response_hash, authorization_section_bytes)) {
   25087       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25088     }
   25089   }
   25090   std::string out_public_bytes;
   25091   rc = Parse_TPM2B_PUBLIC(&buffer, out_public, &out_public_bytes);
   25092   if (rc != TPM_RC_SUCCESS) {
   25093     return rc;
   25094   }
   25095   std::string creation_data_bytes;
   25096   rc = Parse_TPM2B_CREATION_DATA(&buffer, creation_data, &creation_data_bytes);
   25097   if (rc != TPM_RC_SUCCESS) {
   25098     return rc;
   25099   }
   25100   std::string creation_hash_bytes;
   25101   rc = Parse_TPM2B_DIGEST(&buffer, creation_hash, &creation_hash_bytes);
   25102   if (rc != TPM_RC_SUCCESS) {
   25103     return rc;
   25104   }
   25105   std::string creation_ticket_bytes;
   25106   rc = Parse_TPMT_TK_CREATION(&buffer, creation_ticket, &creation_ticket_bytes);
   25107   if (rc != TPM_RC_SUCCESS) {
   25108     return rc;
   25109   }
   25110   std::string name_bytes;
   25111   rc = Parse_TPM2B_NAME(&buffer, name, &name_bytes);
   25112   if (rc != TPM_RC_SUCCESS) {
   25113     return rc;
   25114   }
   25115   if (tag == TPM_ST_SESSIONS) {
   25116     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25117     // Decrypt just the parameter data, not the size.
   25118     std::string tmp = out_public_bytes.substr(2);
   25119     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   25120       return TRUNKS_RC_ENCRYPTION_FAILED;
   25121     }
   25122     out_public_bytes.replace(2, std::string::npos, tmp);
   25123     rc = Parse_TPM2B_PUBLIC(&out_public_bytes, out_public, nullptr);
   25124     if (rc != TPM_RC_SUCCESS) {
   25125       return rc;
   25126     }
   25127   }
   25128   return TPM_RC_SUCCESS;
   25129 }
   25130 
   25131 void CreatePrimaryErrorCallback(const Tpm::CreatePrimaryResponse& callback,
   25132                                 TPM_RC response_code) {
   25133   VLOG(1) << __func__;
   25134   callback.Run(response_code, TPM_HANDLE(), TPM2B_PUBLIC(),
   25135                TPM2B_CREATION_DATA(), TPM2B_DIGEST(), TPMT_TK_CREATION(),
   25136                TPM2B_NAME());
   25137 }
   25138 
   25139 void CreatePrimaryResponseParser(const Tpm::CreatePrimaryResponse& callback,
   25140                                  AuthorizationDelegate* authorization_delegate,
   25141                                  const std::string& response) {
   25142   VLOG(1) << __func__;
   25143   base::Callback<void(TPM_RC)> error_reporter =
   25144       base::Bind(CreatePrimaryErrorCallback, callback);
   25145   TPM_HANDLE object_handle;
   25146   TPM2B_PUBLIC out_public;
   25147   TPM2B_CREATION_DATA creation_data;
   25148   TPM2B_DIGEST creation_hash;
   25149   TPMT_TK_CREATION creation_ticket;
   25150   TPM2B_NAME name;
   25151   TPM_RC rc = Tpm::ParseResponse_CreatePrimary(
   25152       response, &object_handle, &out_public, &creation_data, &creation_hash,
   25153       &creation_ticket, &name, authorization_delegate);
   25154   if (rc != TPM_RC_SUCCESS) {
   25155     error_reporter.Run(rc);
   25156     return;
   25157   }
   25158   callback.Run(rc, object_handle, out_public, creation_data, creation_hash,
   25159                creation_ticket, name);
   25160 }
   25161 
   25162 void Tpm::CreatePrimary(const TPMI_RH_HIERARCHY& primary_handle,
   25163                         const std::string& primary_handle_name,
   25164                         const TPM2B_SENSITIVE_CREATE& in_sensitive,
   25165                         const TPM2B_PUBLIC& in_public,
   25166                         const TPM2B_DATA& outside_info,
   25167                         const TPML_PCR_SELECTION& creation_pcr,
   25168                         AuthorizationDelegate* authorization_delegate,
   25169                         const CreatePrimaryResponse& callback) {
   25170   VLOG(1) << __func__;
   25171   base::Callback<void(TPM_RC)> error_reporter =
   25172       base::Bind(CreatePrimaryErrorCallback, callback);
   25173   base::Callback<void(const std::string&)> parser =
   25174       base::Bind(CreatePrimaryResponseParser, callback, authorization_delegate);
   25175   std::string command;
   25176   TPM_RC rc = SerializeCommand_CreatePrimary(
   25177       primary_handle, primary_handle_name, in_sensitive, in_public,
   25178       outside_info, creation_pcr, &command, authorization_delegate);
   25179   if (rc != TPM_RC_SUCCESS) {
   25180     error_reporter.Run(rc);
   25181     return;
   25182   }
   25183   transceiver_->SendCommand(command, parser);
   25184 }
   25185 
   25186 TPM_RC Tpm::CreatePrimarySync(const TPMI_RH_HIERARCHY& primary_handle,
   25187                               const std::string& primary_handle_name,
   25188                               const TPM2B_SENSITIVE_CREATE& in_sensitive,
   25189                               const TPM2B_PUBLIC& in_public,
   25190                               const TPM2B_DATA& outside_info,
   25191                               const TPML_PCR_SELECTION& creation_pcr,
   25192                               TPM_HANDLE* object_handle,
   25193                               TPM2B_PUBLIC* out_public,
   25194                               TPM2B_CREATION_DATA* creation_data,
   25195                               TPM2B_DIGEST* creation_hash,
   25196                               TPMT_TK_CREATION* creation_ticket,
   25197                               TPM2B_NAME* name,
   25198                               AuthorizationDelegate* authorization_delegate) {
   25199   VLOG(1) << __func__;
   25200   std::string command;
   25201   TPM_RC rc = SerializeCommand_CreatePrimary(
   25202       primary_handle, primary_handle_name, in_sensitive, in_public,
   25203       outside_info, creation_pcr, &command, authorization_delegate);
   25204   if (rc != TPM_RC_SUCCESS) {
   25205     return rc;
   25206   }
   25207   std::string response = transceiver_->SendCommandAndWait(command);
   25208   rc = ParseResponse_CreatePrimary(
   25209       response, object_handle, out_public, creation_data, creation_hash,
   25210       creation_ticket, name, authorization_delegate);
   25211   return rc;
   25212 }
   25213 
   25214 TPM_RC Tpm::SerializeCommand_HierarchyControl(
   25215     const TPMI_RH_HIERARCHY& auth_handle,
   25216     const std::string& auth_handle_name,
   25217     const TPMI_RH_ENABLES& enable,
   25218     const TPMI_YES_NO& state,
   25219     std::string* serialized_command,
   25220     AuthorizationDelegate* authorization_delegate) {
   25221   VLOG(3) << __func__;
   25222   TPM_RC rc = TPM_RC_SUCCESS;
   25223   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25224   UINT32 command_size = 10;  // Header size.
   25225   std::string handle_section_bytes;
   25226   std::string parameter_section_bytes;
   25227   TPM_CC command_code = TPM_CC_HierarchyControl;
   25228   bool is_command_parameter_encryption_possible = false;
   25229   bool is_response_parameter_encryption_possible = false;
   25230   std::string command_code_bytes;
   25231   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25232   if (rc != TPM_RC_SUCCESS) {
   25233     return rc;
   25234   }
   25235   std::string auth_handle_bytes;
   25236   rc = Serialize_TPMI_RH_HIERARCHY(auth_handle, &auth_handle_bytes);
   25237   if (rc != TPM_RC_SUCCESS) {
   25238     return rc;
   25239   }
   25240   std::string enable_bytes;
   25241   rc = Serialize_TPMI_RH_ENABLES(enable, &enable_bytes);
   25242   if (rc != TPM_RC_SUCCESS) {
   25243     return rc;
   25244   }
   25245   std::string state_bytes;
   25246   rc = Serialize_TPMI_YES_NO(state, &state_bytes);
   25247   if (rc != TPM_RC_SUCCESS) {
   25248     return rc;
   25249   }
   25250   std::unique_ptr<crypto::SecureHash> hash(
   25251       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25252   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25253   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   25254   handle_section_bytes += auth_handle_bytes;
   25255   command_size += auth_handle_bytes.size();
   25256   hash->Update(enable_bytes.data(), enable_bytes.size());
   25257   parameter_section_bytes += enable_bytes;
   25258   command_size += enable_bytes.size();
   25259   hash->Update(state_bytes.data(), state_bytes.size());
   25260   parameter_section_bytes += state_bytes;
   25261   command_size += state_bytes.size();
   25262   std::string command_hash(32, 0);
   25263   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   25264   std::string authorization_section_bytes;
   25265   std::string authorization_size_bytes;
   25266   if (authorization_delegate) {
   25267     if (!authorization_delegate->GetCommandAuthorization(
   25268             command_hash, is_command_parameter_encryption_possible,
   25269             is_response_parameter_encryption_possible,
   25270             &authorization_section_bytes)) {
   25271       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25272     }
   25273     if (!authorization_section_bytes.empty()) {
   25274       tag = TPM_ST_SESSIONS;
   25275       std::string tmp;
   25276       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25277                             &authorization_size_bytes);
   25278       if (rc != TPM_RC_SUCCESS) {
   25279         return rc;
   25280       }
   25281       command_size +=
   25282           authorization_size_bytes.size() + authorization_section_bytes.size();
   25283     }
   25284   }
   25285   std::string tag_bytes;
   25286   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   25287   if (rc != TPM_RC_SUCCESS) {
   25288     return rc;
   25289   }
   25290   std::string command_size_bytes;
   25291   rc = Serialize_UINT32(command_size, &command_size_bytes);
   25292   if (rc != TPM_RC_SUCCESS) {
   25293     return rc;
   25294   }
   25295   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   25296                         handle_section_bytes + authorization_size_bytes +
   25297                         authorization_section_bytes + parameter_section_bytes;
   25298   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25299   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25300                                             serialized_command->size());
   25301   return TPM_RC_SUCCESS;
   25302 }
   25303 
   25304 TPM_RC Tpm::ParseResponse_HierarchyControl(
   25305     const std::string& response,
   25306     AuthorizationDelegate* authorization_delegate) {
   25307   VLOG(3) << __func__;
   25308   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25309   TPM_RC rc = TPM_RC_SUCCESS;
   25310   std::string buffer(response);
   25311   TPM_ST tag;
   25312   std::string tag_bytes;
   25313   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   25314   if (rc != TPM_RC_SUCCESS) {
   25315     return rc;
   25316   }
   25317   UINT32 response_size;
   25318   std::string response_size_bytes;
   25319   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   25320   if (rc != TPM_RC_SUCCESS) {
   25321     return rc;
   25322   }
   25323   TPM_RC response_code;
   25324   std::string response_code_bytes;
   25325   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   25326   if (rc != TPM_RC_SUCCESS) {
   25327     return rc;
   25328   }
   25329   if (response_size != response.size()) {
   25330     return TPM_RC_SIZE;
   25331   }
   25332   if (response_code != TPM_RC_SUCCESS) {
   25333     return response_code;
   25334   }
   25335   TPM_CC command_code = TPM_CC_HierarchyControl;
   25336   std::string command_code_bytes;
   25337   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25338   if (rc != TPM_RC_SUCCESS) {
   25339     return rc;
   25340   }
   25341   std::string authorization_section_bytes;
   25342   if (tag == TPM_ST_SESSIONS) {
   25343     UINT32 parameter_section_size = buffer.size();
   25344     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25345     if (rc != TPM_RC_SUCCESS) {
   25346       return rc;
   25347     }
   25348     if (parameter_section_size > buffer.size()) {
   25349       return TPM_RC_INSUFFICIENT;
   25350     }
   25351     authorization_section_bytes = buffer.substr(parameter_section_size);
   25352     // Keep the parameter section in |buffer|.
   25353     buffer.erase(parameter_section_size);
   25354   }
   25355   std::unique_ptr<crypto::SecureHash> hash(
   25356       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25357   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   25358   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25359   hash->Update(buffer.data(), buffer.size());
   25360   std::string response_hash(32, 0);
   25361   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   25362   if (tag == TPM_ST_SESSIONS) {
   25363     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25364     if (!authorization_delegate->CheckResponseAuthorization(
   25365             response_hash, authorization_section_bytes)) {
   25366       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25367     }
   25368   }
   25369   return TPM_RC_SUCCESS;
   25370 }
   25371 
   25372 void HierarchyControlErrorCallback(
   25373     const Tpm::HierarchyControlResponse& callback,
   25374     TPM_RC response_code) {
   25375   VLOG(1) << __func__;
   25376   callback.Run(response_code);
   25377 }
   25378 
   25379 void HierarchyControlResponseParser(
   25380     const Tpm::HierarchyControlResponse& callback,
   25381     AuthorizationDelegate* authorization_delegate,
   25382     const std::string& response) {
   25383   VLOG(1) << __func__;
   25384   base::Callback<void(TPM_RC)> error_reporter =
   25385       base::Bind(HierarchyControlErrorCallback, callback);
   25386   TPM_RC rc =
   25387       Tpm::ParseResponse_HierarchyControl(response, authorization_delegate);
   25388   if (rc != TPM_RC_SUCCESS) {
   25389     error_reporter.Run(rc);
   25390     return;
   25391   }
   25392   callback.Run(rc);
   25393 }
   25394 
   25395 void Tpm::HierarchyControl(const TPMI_RH_HIERARCHY& auth_handle,
   25396                            const std::string& auth_handle_name,
   25397                            const TPMI_RH_ENABLES& enable,
   25398                            const TPMI_YES_NO& state,
   25399                            AuthorizationDelegate* authorization_delegate,
   25400                            const HierarchyControlResponse& callback) {
   25401   VLOG(1) << __func__;
   25402   base::Callback<void(TPM_RC)> error_reporter =
   25403       base::Bind(HierarchyControlErrorCallback, callback);
   25404   base::Callback<void(const std::string&)> parser = base::Bind(
   25405       HierarchyControlResponseParser, callback, authorization_delegate);
   25406   std::string command;
   25407   TPM_RC rc = SerializeCommand_HierarchyControl(auth_handle, auth_handle_name,
   25408                                                 enable, state, &command,
   25409                                                 authorization_delegate);
   25410   if (rc != TPM_RC_SUCCESS) {
   25411     error_reporter.Run(rc);
   25412     return;
   25413   }
   25414   transceiver_->SendCommand(command, parser);
   25415 }
   25416 
   25417 TPM_RC Tpm::HierarchyControlSync(
   25418     const TPMI_RH_HIERARCHY& auth_handle,
   25419     const std::string& auth_handle_name,
   25420     const TPMI_RH_ENABLES& enable,
   25421     const TPMI_YES_NO& state,
   25422     AuthorizationDelegate* authorization_delegate) {
   25423   VLOG(1) << __func__;
   25424   std::string command;
   25425   TPM_RC rc = SerializeCommand_HierarchyControl(auth_handle, auth_handle_name,
   25426                                                 enable, state, &command,
   25427                                                 authorization_delegate);
   25428   if (rc != TPM_RC_SUCCESS) {
   25429     return rc;
   25430   }
   25431   std::string response = transceiver_->SendCommandAndWait(command);
   25432   rc = ParseResponse_HierarchyControl(response, authorization_delegate);
   25433   return rc;
   25434 }
   25435 
   25436 TPM_RC Tpm::SerializeCommand_SetPrimaryPolicy(
   25437     const TPMI_RH_HIERARCHY& auth_handle,
   25438     const std::string& auth_handle_name,
   25439     const TPM2B_DIGEST& auth_policy,
   25440     const TPMI_ALG_HASH& hash_alg,
   25441     std::string* serialized_command,
   25442     AuthorizationDelegate* authorization_delegate) {
   25443   VLOG(3) << __func__;
   25444   TPM_RC rc = TPM_RC_SUCCESS;
   25445   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25446   UINT32 command_size = 10;  // Header size.
   25447   std::string handle_section_bytes;
   25448   std::string parameter_section_bytes;
   25449   TPM_CC command_code = TPM_CC_SetPrimaryPolicy;
   25450   bool is_command_parameter_encryption_possible = true;
   25451   bool is_response_parameter_encryption_possible = false;
   25452   std::string command_code_bytes;
   25453   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25454   if (rc != TPM_RC_SUCCESS) {
   25455     return rc;
   25456   }
   25457   std::string auth_handle_bytes;
   25458   rc = Serialize_TPMI_RH_HIERARCHY(auth_handle, &auth_handle_bytes);
   25459   if (rc != TPM_RC_SUCCESS) {
   25460     return rc;
   25461   }
   25462   std::string auth_policy_bytes;
   25463   rc = Serialize_TPM2B_DIGEST(auth_policy, &auth_policy_bytes);
   25464   if (rc != TPM_RC_SUCCESS) {
   25465     return rc;
   25466   }
   25467   std::string hash_alg_bytes;
   25468   rc = Serialize_TPMI_ALG_HASH(hash_alg, &hash_alg_bytes);
   25469   if (rc != TPM_RC_SUCCESS) {
   25470     return rc;
   25471   }
   25472   if (authorization_delegate) {
   25473     // Encrypt just the parameter data, not the size.
   25474     std::string tmp = auth_policy_bytes.substr(2);
   25475     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   25476       return TRUNKS_RC_ENCRYPTION_FAILED;
   25477     }
   25478     auth_policy_bytes.replace(2, std::string::npos, tmp);
   25479   }
   25480   std::unique_ptr<crypto::SecureHash> hash(
   25481       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25482   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25483   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   25484   handle_section_bytes += auth_handle_bytes;
   25485   command_size += auth_handle_bytes.size();
   25486   hash->Update(auth_policy_bytes.data(), auth_policy_bytes.size());
   25487   parameter_section_bytes += auth_policy_bytes;
   25488   command_size += auth_policy_bytes.size();
   25489   hash->Update(hash_alg_bytes.data(), hash_alg_bytes.size());
   25490   parameter_section_bytes += hash_alg_bytes;
   25491   command_size += hash_alg_bytes.size();
   25492   std::string command_hash(32, 0);
   25493   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   25494   std::string authorization_section_bytes;
   25495   std::string authorization_size_bytes;
   25496   if (authorization_delegate) {
   25497     if (!authorization_delegate->GetCommandAuthorization(
   25498             command_hash, is_command_parameter_encryption_possible,
   25499             is_response_parameter_encryption_possible,
   25500             &authorization_section_bytes)) {
   25501       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25502     }
   25503     if (!authorization_section_bytes.empty()) {
   25504       tag = TPM_ST_SESSIONS;
   25505       std::string tmp;
   25506       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25507                             &authorization_size_bytes);
   25508       if (rc != TPM_RC_SUCCESS) {
   25509         return rc;
   25510       }
   25511       command_size +=
   25512           authorization_size_bytes.size() + authorization_section_bytes.size();
   25513     }
   25514   }
   25515   std::string tag_bytes;
   25516   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   25517   if (rc != TPM_RC_SUCCESS) {
   25518     return rc;
   25519   }
   25520   std::string command_size_bytes;
   25521   rc = Serialize_UINT32(command_size, &command_size_bytes);
   25522   if (rc != TPM_RC_SUCCESS) {
   25523     return rc;
   25524   }
   25525   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   25526                         handle_section_bytes + authorization_size_bytes +
   25527                         authorization_section_bytes + parameter_section_bytes;
   25528   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25529   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25530                                             serialized_command->size());
   25531   return TPM_RC_SUCCESS;
   25532 }
   25533 
   25534 TPM_RC Tpm::ParseResponse_SetPrimaryPolicy(
   25535     const std::string& response,
   25536     AuthorizationDelegate* authorization_delegate) {
   25537   VLOG(3) << __func__;
   25538   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25539   TPM_RC rc = TPM_RC_SUCCESS;
   25540   std::string buffer(response);
   25541   TPM_ST tag;
   25542   std::string tag_bytes;
   25543   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   25544   if (rc != TPM_RC_SUCCESS) {
   25545     return rc;
   25546   }
   25547   UINT32 response_size;
   25548   std::string response_size_bytes;
   25549   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   25550   if (rc != TPM_RC_SUCCESS) {
   25551     return rc;
   25552   }
   25553   TPM_RC response_code;
   25554   std::string response_code_bytes;
   25555   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   25556   if (rc != TPM_RC_SUCCESS) {
   25557     return rc;
   25558   }
   25559   if (response_size != response.size()) {
   25560     return TPM_RC_SIZE;
   25561   }
   25562   if (response_code != TPM_RC_SUCCESS) {
   25563     return response_code;
   25564   }
   25565   TPM_CC command_code = TPM_CC_SetPrimaryPolicy;
   25566   std::string command_code_bytes;
   25567   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25568   if (rc != TPM_RC_SUCCESS) {
   25569     return rc;
   25570   }
   25571   std::string authorization_section_bytes;
   25572   if (tag == TPM_ST_SESSIONS) {
   25573     UINT32 parameter_section_size = buffer.size();
   25574     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25575     if (rc != TPM_RC_SUCCESS) {
   25576       return rc;
   25577     }
   25578     if (parameter_section_size > buffer.size()) {
   25579       return TPM_RC_INSUFFICIENT;
   25580     }
   25581     authorization_section_bytes = buffer.substr(parameter_section_size);
   25582     // Keep the parameter section in |buffer|.
   25583     buffer.erase(parameter_section_size);
   25584   }
   25585   std::unique_ptr<crypto::SecureHash> hash(
   25586       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25587   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   25588   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25589   hash->Update(buffer.data(), buffer.size());
   25590   std::string response_hash(32, 0);
   25591   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   25592   if (tag == TPM_ST_SESSIONS) {
   25593     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25594     if (!authorization_delegate->CheckResponseAuthorization(
   25595             response_hash, authorization_section_bytes)) {
   25596       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25597     }
   25598   }
   25599   return TPM_RC_SUCCESS;
   25600 }
   25601 
   25602 void SetPrimaryPolicyErrorCallback(
   25603     const Tpm::SetPrimaryPolicyResponse& callback,
   25604     TPM_RC response_code) {
   25605   VLOG(1) << __func__;
   25606   callback.Run(response_code);
   25607 }
   25608 
   25609 void SetPrimaryPolicyResponseParser(
   25610     const Tpm::SetPrimaryPolicyResponse& callback,
   25611     AuthorizationDelegate* authorization_delegate,
   25612     const std::string& response) {
   25613   VLOG(1) << __func__;
   25614   base::Callback<void(TPM_RC)> error_reporter =
   25615       base::Bind(SetPrimaryPolicyErrorCallback, callback);
   25616   TPM_RC rc =
   25617       Tpm::ParseResponse_SetPrimaryPolicy(response, authorization_delegate);
   25618   if (rc != TPM_RC_SUCCESS) {
   25619     error_reporter.Run(rc);
   25620     return;
   25621   }
   25622   callback.Run(rc);
   25623 }
   25624 
   25625 void Tpm::SetPrimaryPolicy(const TPMI_RH_HIERARCHY& auth_handle,
   25626                            const std::string& auth_handle_name,
   25627                            const TPM2B_DIGEST& auth_policy,
   25628                            const TPMI_ALG_HASH& hash_alg,
   25629                            AuthorizationDelegate* authorization_delegate,
   25630                            const SetPrimaryPolicyResponse& callback) {
   25631   VLOG(1) << __func__;
   25632   base::Callback<void(TPM_RC)> error_reporter =
   25633       base::Bind(SetPrimaryPolicyErrorCallback, callback);
   25634   base::Callback<void(const std::string&)> parser = base::Bind(
   25635       SetPrimaryPolicyResponseParser, callback, authorization_delegate);
   25636   std::string command;
   25637   TPM_RC rc = SerializeCommand_SetPrimaryPolicy(auth_handle, auth_handle_name,
   25638                                                 auth_policy, hash_alg, &command,
   25639                                                 authorization_delegate);
   25640   if (rc != TPM_RC_SUCCESS) {
   25641     error_reporter.Run(rc);
   25642     return;
   25643   }
   25644   transceiver_->SendCommand(command, parser);
   25645 }
   25646 
   25647 TPM_RC Tpm::SetPrimaryPolicySync(
   25648     const TPMI_RH_HIERARCHY& auth_handle,
   25649     const std::string& auth_handle_name,
   25650     const TPM2B_DIGEST& auth_policy,
   25651     const TPMI_ALG_HASH& hash_alg,
   25652     AuthorizationDelegate* authorization_delegate) {
   25653   VLOG(1) << __func__;
   25654   std::string command;
   25655   TPM_RC rc = SerializeCommand_SetPrimaryPolicy(auth_handle, auth_handle_name,
   25656                                                 auth_policy, hash_alg, &command,
   25657                                                 authorization_delegate);
   25658   if (rc != TPM_RC_SUCCESS) {
   25659     return rc;
   25660   }
   25661   std::string response = transceiver_->SendCommandAndWait(command);
   25662   rc = ParseResponse_SetPrimaryPolicy(response, authorization_delegate);
   25663   return rc;
   25664 }
   25665 
   25666 TPM_RC Tpm::SerializeCommand_ChangePPS(
   25667     const TPMI_RH_PLATFORM& auth_handle,
   25668     const std::string& auth_handle_name,
   25669     std::string* serialized_command,
   25670     AuthorizationDelegate* authorization_delegate) {
   25671   VLOG(3) << __func__;
   25672   TPM_RC rc = TPM_RC_SUCCESS;
   25673   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25674   UINT32 command_size = 10;  // Header size.
   25675   std::string handle_section_bytes;
   25676   std::string parameter_section_bytes;
   25677   TPM_CC command_code = TPM_CC_ChangePPS;
   25678   bool is_command_parameter_encryption_possible = false;
   25679   bool is_response_parameter_encryption_possible = false;
   25680   std::string command_code_bytes;
   25681   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25682   if (rc != TPM_RC_SUCCESS) {
   25683     return rc;
   25684   }
   25685   std::string auth_handle_bytes;
   25686   rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes);
   25687   if (rc != TPM_RC_SUCCESS) {
   25688     return rc;
   25689   }
   25690   std::unique_ptr<crypto::SecureHash> hash(
   25691       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25692   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25693   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   25694   handle_section_bytes += auth_handle_bytes;
   25695   command_size += auth_handle_bytes.size();
   25696   std::string command_hash(32, 0);
   25697   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   25698   std::string authorization_section_bytes;
   25699   std::string authorization_size_bytes;
   25700   if (authorization_delegate) {
   25701     if (!authorization_delegate->GetCommandAuthorization(
   25702             command_hash, is_command_parameter_encryption_possible,
   25703             is_response_parameter_encryption_possible,
   25704             &authorization_section_bytes)) {
   25705       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25706     }
   25707     if (!authorization_section_bytes.empty()) {
   25708       tag = TPM_ST_SESSIONS;
   25709       std::string tmp;
   25710       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25711                             &authorization_size_bytes);
   25712       if (rc != TPM_RC_SUCCESS) {
   25713         return rc;
   25714       }
   25715       command_size +=
   25716           authorization_size_bytes.size() + authorization_section_bytes.size();
   25717     }
   25718   }
   25719   std::string tag_bytes;
   25720   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   25721   if (rc != TPM_RC_SUCCESS) {
   25722     return rc;
   25723   }
   25724   std::string command_size_bytes;
   25725   rc = Serialize_UINT32(command_size, &command_size_bytes);
   25726   if (rc != TPM_RC_SUCCESS) {
   25727     return rc;
   25728   }
   25729   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   25730                         handle_section_bytes + authorization_size_bytes +
   25731                         authorization_section_bytes + parameter_section_bytes;
   25732   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25733   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25734                                             serialized_command->size());
   25735   return TPM_RC_SUCCESS;
   25736 }
   25737 
   25738 TPM_RC Tpm::ParseResponse_ChangePPS(
   25739     const std::string& response,
   25740     AuthorizationDelegate* authorization_delegate) {
   25741   VLOG(3) << __func__;
   25742   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25743   TPM_RC rc = TPM_RC_SUCCESS;
   25744   std::string buffer(response);
   25745   TPM_ST tag;
   25746   std::string tag_bytes;
   25747   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   25748   if (rc != TPM_RC_SUCCESS) {
   25749     return rc;
   25750   }
   25751   UINT32 response_size;
   25752   std::string response_size_bytes;
   25753   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   25754   if (rc != TPM_RC_SUCCESS) {
   25755     return rc;
   25756   }
   25757   TPM_RC response_code;
   25758   std::string response_code_bytes;
   25759   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   25760   if (rc != TPM_RC_SUCCESS) {
   25761     return rc;
   25762   }
   25763   if (response_size != response.size()) {
   25764     return TPM_RC_SIZE;
   25765   }
   25766   if (response_code != TPM_RC_SUCCESS) {
   25767     return response_code;
   25768   }
   25769   TPM_CC command_code = TPM_CC_ChangePPS;
   25770   std::string command_code_bytes;
   25771   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25772   if (rc != TPM_RC_SUCCESS) {
   25773     return rc;
   25774   }
   25775   std::string authorization_section_bytes;
   25776   if (tag == TPM_ST_SESSIONS) {
   25777     UINT32 parameter_section_size = buffer.size();
   25778     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25779     if (rc != TPM_RC_SUCCESS) {
   25780       return rc;
   25781     }
   25782     if (parameter_section_size > buffer.size()) {
   25783       return TPM_RC_INSUFFICIENT;
   25784     }
   25785     authorization_section_bytes = buffer.substr(parameter_section_size);
   25786     // Keep the parameter section in |buffer|.
   25787     buffer.erase(parameter_section_size);
   25788   }
   25789   std::unique_ptr<crypto::SecureHash> hash(
   25790       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25791   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   25792   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25793   hash->Update(buffer.data(), buffer.size());
   25794   std::string response_hash(32, 0);
   25795   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   25796   if (tag == TPM_ST_SESSIONS) {
   25797     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25798     if (!authorization_delegate->CheckResponseAuthorization(
   25799             response_hash, authorization_section_bytes)) {
   25800       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25801     }
   25802   }
   25803   return TPM_RC_SUCCESS;
   25804 }
   25805 
   25806 void ChangePPSErrorCallback(const Tpm::ChangePPSResponse& callback,
   25807                             TPM_RC response_code) {
   25808   VLOG(1) << __func__;
   25809   callback.Run(response_code);
   25810 }
   25811 
   25812 void ChangePPSResponseParser(const Tpm::ChangePPSResponse& callback,
   25813                              AuthorizationDelegate* authorization_delegate,
   25814                              const std::string& response) {
   25815   VLOG(1) << __func__;
   25816   base::Callback<void(TPM_RC)> error_reporter =
   25817       base::Bind(ChangePPSErrorCallback, callback);
   25818   TPM_RC rc = Tpm::ParseResponse_ChangePPS(response, authorization_delegate);
   25819   if (rc != TPM_RC_SUCCESS) {
   25820     error_reporter.Run(rc);
   25821     return;
   25822   }
   25823   callback.Run(rc);
   25824 }
   25825 
   25826 void Tpm::ChangePPS(const TPMI_RH_PLATFORM& auth_handle,
   25827                     const std::string& auth_handle_name,
   25828                     AuthorizationDelegate* authorization_delegate,
   25829                     const ChangePPSResponse& callback) {
   25830   VLOG(1) << __func__;
   25831   base::Callback<void(TPM_RC)> error_reporter =
   25832       base::Bind(ChangePPSErrorCallback, callback);
   25833   base::Callback<void(const std::string&)> parser =
   25834       base::Bind(ChangePPSResponseParser, callback, authorization_delegate);
   25835   std::string command;
   25836   TPM_RC rc = SerializeCommand_ChangePPS(auth_handle, auth_handle_name,
   25837                                          &command, authorization_delegate);
   25838   if (rc != TPM_RC_SUCCESS) {
   25839     error_reporter.Run(rc);
   25840     return;
   25841   }
   25842   transceiver_->SendCommand(command, parser);
   25843 }
   25844 
   25845 TPM_RC Tpm::ChangePPSSync(const TPMI_RH_PLATFORM& auth_handle,
   25846                           const std::string& auth_handle_name,
   25847                           AuthorizationDelegate* authorization_delegate) {
   25848   VLOG(1) << __func__;
   25849   std::string command;
   25850   TPM_RC rc = SerializeCommand_ChangePPS(auth_handle, auth_handle_name,
   25851                                          &command, authorization_delegate);
   25852   if (rc != TPM_RC_SUCCESS) {
   25853     return rc;
   25854   }
   25855   std::string response = transceiver_->SendCommandAndWait(command);
   25856   rc = ParseResponse_ChangePPS(response, authorization_delegate);
   25857   return rc;
   25858 }
   25859 
   25860 TPM_RC Tpm::SerializeCommand_ChangeEPS(
   25861     const TPMI_RH_PLATFORM& auth_handle,
   25862     const std::string& auth_handle_name,
   25863     std::string* serialized_command,
   25864     AuthorizationDelegate* authorization_delegate) {
   25865   VLOG(3) << __func__;
   25866   TPM_RC rc = TPM_RC_SUCCESS;
   25867   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25868   UINT32 command_size = 10;  // Header size.
   25869   std::string handle_section_bytes;
   25870   std::string parameter_section_bytes;
   25871   TPM_CC command_code = TPM_CC_ChangeEPS;
   25872   bool is_command_parameter_encryption_possible = false;
   25873   bool is_response_parameter_encryption_possible = false;
   25874   std::string command_code_bytes;
   25875   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25876   if (rc != TPM_RC_SUCCESS) {
   25877     return rc;
   25878   }
   25879   std::string auth_handle_bytes;
   25880   rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes);
   25881   if (rc != TPM_RC_SUCCESS) {
   25882     return rc;
   25883   }
   25884   std::unique_ptr<crypto::SecureHash> hash(
   25885       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25886   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25887   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   25888   handle_section_bytes += auth_handle_bytes;
   25889   command_size += auth_handle_bytes.size();
   25890   std::string command_hash(32, 0);
   25891   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   25892   std::string authorization_section_bytes;
   25893   std::string authorization_size_bytes;
   25894   if (authorization_delegate) {
   25895     if (!authorization_delegate->GetCommandAuthorization(
   25896             command_hash, is_command_parameter_encryption_possible,
   25897             is_response_parameter_encryption_possible,
   25898             &authorization_section_bytes)) {
   25899       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25900     }
   25901     if (!authorization_section_bytes.empty()) {
   25902       tag = TPM_ST_SESSIONS;
   25903       std::string tmp;
   25904       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25905                             &authorization_size_bytes);
   25906       if (rc != TPM_RC_SUCCESS) {
   25907         return rc;
   25908       }
   25909       command_size +=
   25910           authorization_size_bytes.size() + authorization_section_bytes.size();
   25911     }
   25912   }
   25913   std::string tag_bytes;
   25914   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   25915   if (rc != TPM_RC_SUCCESS) {
   25916     return rc;
   25917   }
   25918   std::string command_size_bytes;
   25919   rc = Serialize_UINT32(command_size, &command_size_bytes);
   25920   if (rc != TPM_RC_SUCCESS) {
   25921     return rc;
   25922   }
   25923   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   25924                         handle_section_bytes + authorization_size_bytes +
   25925                         authorization_section_bytes + parameter_section_bytes;
   25926   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25927   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25928                                             serialized_command->size());
   25929   return TPM_RC_SUCCESS;
   25930 }
   25931 
   25932 TPM_RC Tpm::ParseResponse_ChangeEPS(
   25933     const std::string& response,
   25934     AuthorizationDelegate* authorization_delegate) {
   25935   VLOG(3) << __func__;
   25936   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25937   TPM_RC rc = TPM_RC_SUCCESS;
   25938   std::string buffer(response);
   25939   TPM_ST tag;
   25940   std::string tag_bytes;
   25941   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   25942   if (rc != TPM_RC_SUCCESS) {
   25943     return rc;
   25944   }
   25945   UINT32 response_size;
   25946   std::string response_size_bytes;
   25947   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   25948   if (rc != TPM_RC_SUCCESS) {
   25949     return rc;
   25950   }
   25951   TPM_RC response_code;
   25952   std::string response_code_bytes;
   25953   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   25954   if (rc != TPM_RC_SUCCESS) {
   25955     return rc;
   25956   }
   25957   if (response_size != response.size()) {
   25958     return TPM_RC_SIZE;
   25959   }
   25960   if (response_code != TPM_RC_SUCCESS) {
   25961     return response_code;
   25962   }
   25963   TPM_CC command_code = TPM_CC_ChangeEPS;
   25964   std::string command_code_bytes;
   25965   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   25966   if (rc != TPM_RC_SUCCESS) {
   25967     return rc;
   25968   }
   25969   std::string authorization_section_bytes;
   25970   if (tag == TPM_ST_SESSIONS) {
   25971     UINT32 parameter_section_size = buffer.size();
   25972     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25973     if (rc != TPM_RC_SUCCESS) {
   25974       return rc;
   25975     }
   25976     if (parameter_section_size > buffer.size()) {
   25977       return TPM_RC_INSUFFICIENT;
   25978     }
   25979     authorization_section_bytes = buffer.substr(parameter_section_size);
   25980     // Keep the parameter section in |buffer|.
   25981     buffer.erase(parameter_section_size);
   25982   }
   25983   std::unique_ptr<crypto::SecureHash> hash(
   25984       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   25985   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   25986   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   25987   hash->Update(buffer.data(), buffer.size());
   25988   std::string response_hash(32, 0);
   25989   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   25990   if (tag == TPM_ST_SESSIONS) {
   25991     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25992     if (!authorization_delegate->CheckResponseAuthorization(
   25993             response_hash, authorization_section_bytes)) {
   25994       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25995     }
   25996   }
   25997   return TPM_RC_SUCCESS;
   25998 }
   25999 
   26000 void ChangeEPSErrorCallback(const Tpm::ChangeEPSResponse& callback,
   26001                             TPM_RC response_code) {
   26002   VLOG(1) << __func__;
   26003   callback.Run(response_code);
   26004 }
   26005 
   26006 void ChangeEPSResponseParser(const Tpm::ChangeEPSResponse& callback,
   26007                              AuthorizationDelegate* authorization_delegate,
   26008                              const std::string& response) {
   26009   VLOG(1) << __func__;
   26010   base::Callback<void(TPM_RC)> error_reporter =
   26011       base::Bind(ChangeEPSErrorCallback, callback);
   26012   TPM_RC rc = Tpm::ParseResponse_ChangeEPS(response, authorization_delegate);
   26013   if (rc != TPM_RC_SUCCESS) {
   26014     error_reporter.Run(rc);
   26015     return;
   26016   }
   26017   callback.Run(rc);
   26018 }
   26019 
   26020 void Tpm::ChangeEPS(const TPMI_RH_PLATFORM& auth_handle,
   26021                     const std::string& auth_handle_name,
   26022                     AuthorizationDelegate* authorization_delegate,
   26023                     const ChangeEPSResponse& callback) {
   26024   VLOG(1) << __func__;
   26025   base::Callback<void(TPM_RC)> error_reporter =
   26026       base::Bind(ChangeEPSErrorCallback, callback);
   26027   base::Callback<void(const std::string&)> parser =
   26028       base::Bind(ChangeEPSResponseParser, callback, authorization_delegate);
   26029   std::string command;
   26030   TPM_RC rc = SerializeCommand_ChangeEPS(auth_handle, auth_handle_name,
   26031                                          &command, authorization_delegate);
   26032   if (rc != TPM_RC_SUCCESS) {
   26033     error_reporter.Run(rc);
   26034     return;
   26035   }
   26036   transceiver_->SendCommand(command, parser);
   26037 }
   26038 
   26039 TPM_RC Tpm::ChangeEPSSync(const TPMI_RH_PLATFORM& auth_handle,
   26040                           const std::string& auth_handle_name,
   26041                           AuthorizationDelegate* authorization_delegate) {
   26042   VLOG(1) << __func__;
   26043   std::string command;
   26044   TPM_RC rc = SerializeCommand_ChangeEPS(auth_handle, auth_handle_name,
   26045                                          &command, authorization_delegate);
   26046   if (rc != TPM_RC_SUCCESS) {
   26047     return rc;
   26048   }
   26049   std::string response = transceiver_->SendCommandAndWait(command);
   26050   rc = ParseResponse_ChangeEPS(response, authorization_delegate);
   26051   return rc;
   26052 }
   26053 
   26054 TPM_RC Tpm::SerializeCommand_Clear(
   26055     const TPMI_RH_CLEAR& auth_handle,
   26056     const std::string& auth_handle_name,
   26057     std::string* serialized_command,
   26058     AuthorizationDelegate* authorization_delegate) {
   26059   VLOG(3) << __func__;
   26060   TPM_RC rc = TPM_RC_SUCCESS;
   26061   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26062   UINT32 command_size = 10;  // Header size.
   26063   std::string handle_section_bytes;
   26064   std::string parameter_section_bytes;
   26065   TPM_CC command_code = TPM_CC_Clear;
   26066   bool is_command_parameter_encryption_possible = false;
   26067   bool is_response_parameter_encryption_possible = false;
   26068   std::string command_code_bytes;
   26069   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26070   if (rc != TPM_RC_SUCCESS) {
   26071     return rc;
   26072   }
   26073   std::string auth_handle_bytes;
   26074   rc = Serialize_TPMI_RH_CLEAR(auth_handle, &auth_handle_bytes);
   26075   if (rc != TPM_RC_SUCCESS) {
   26076     return rc;
   26077   }
   26078   std::unique_ptr<crypto::SecureHash> hash(
   26079       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26080   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26081   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   26082   handle_section_bytes += auth_handle_bytes;
   26083   command_size += auth_handle_bytes.size();
   26084   std::string command_hash(32, 0);
   26085   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   26086   std::string authorization_section_bytes;
   26087   std::string authorization_size_bytes;
   26088   if (authorization_delegate) {
   26089     if (!authorization_delegate->GetCommandAuthorization(
   26090             command_hash, is_command_parameter_encryption_possible,
   26091             is_response_parameter_encryption_possible,
   26092             &authorization_section_bytes)) {
   26093       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26094     }
   26095     if (!authorization_section_bytes.empty()) {
   26096       tag = TPM_ST_SESSIONS;
   26097       std::string tmp;
   26098       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26099                             &authorization_size_bytes);
   26100       if (rc != TPM_RC_SUCCESS) {
   26101         return rc;
   26102       }
   26103       command_size +=
   26104           authorization_size_bytes.size() + authorization_section_bytes.size();
   26105     }
   26106   }
   26107   std::string tag_bytes;
   26108   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   26109   if (rc != TPM_RC_SUCCESS) {
   26110     return rc;
   26111   }
   26112   std::string command_size_bytes;
   26113   rc = Serialize_UINT32(command_size, &command_size_bytes);
   26114   if (rc != TPM_RC_SUCCESS) {
   26115     return rc;
   26116   }
   26117   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   26118                         handle_section_bytes + authorization_size_bytes +
   26119                         authorization_section_bytes + parameter_section_bytes;
   26120   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26121   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26122                                             serialized_command->size());
   26123   return TPM_RC_SUCCESS;
   26124 }
   26125 
   26126 TPM_RC Tpm::ParseResponse_Clear(const std::string& response,
   26127                                 AuthorizationDelegate* authorization_delegate) {
   26128   VLOG(3) << __func__;
   26129   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26130   TPM_RC rc = TPM_RC_SUCCESS;
   26131   std::string buffer(response);
   26132   TPM_ST tag;
   26133   std::string tag_bytes;
   26134   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   26135   if (rc != TPM_RC_SUCCESS) {
   26136     return rc;
   26137   }
   26138   UINT32 response_size;
   26139   std::string response_size_bytes;
   26140   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   26141   if (rc != TPM_RC_SUCCESS) {
   26142     return rc;
   26143   }
   26144   TPM_RC response_code;
   26145   std::string response_code_bytes;
   26146   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   26147   if (rc != TPM_RC_SUCCESS) {
   26148     return rc;
   26149   }
   26150   if (response_size != response.size()) {
   26151     return TPM_RC_SIZE;
   26152   }
   26153   if (response_code != TPM_RC_SUCCESS) {
   26154     return response_code;
   26155   }
   26156   TPM_CC command_code = TPM_CC_Clear;
   26157   std::string command_code_bytes;
   26158   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26159   if (rc != TPM_RC_SUCCESS) {
   26160     return rc;
   26161   }
   26162   std::string authorization_section_bytes;
   26163   if (tag == TPM_ST_SESSIONS) {
   26164     UINT32 parameter_section_size = buffer.size();
   26165     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26166     if (rc != TPM_RC_SUCCESS) {
   26167       return rc;
   26168     }
   26169     if (parameter_section_size > buffer.size()) {
   26170       return TPM_RC_INSUFFICIENT;
   26171     }
   26172     authorization_section_bytes = buffer.substr(parameter_section_size);
   26173     // Keep the parameter section in |buffer|.
   26174     buffer.erase(parameter_section_size);
   26175   }
   26176   std::unique_ptr<crypto::SecureHash> hash(
   26177       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26178   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   26179   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26180   hash->Update(buffer.data(), buffer.size());
   26181   std::string response_hash(32, 0);
   26182   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   26183   if (tag == TPM_ST_SESSIONS) {
   26184     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26185     if (!authorization_delegate->CheckResponseAuthorization(
   26186             response_hash, authorization_section_bytes)) {
   26187       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26188     }
   26189   }
   26190   return TPM_RC_SUCCESS;
   26191 }
   26192 
   26193 void ClearErrorCallback(const Tpm::ClearResponse& callback,
   26194                         TPM_RC response_code) {
   26195   VLOG(1) << __func__;
   26196   callback.Run(response_code);
   26197 }
   26198 
   26199 void ClearResponseParser(const Tpm::ClearResponse& callback,
   26200                          AuthorizationDelegate* authorization_delegate,
   26201                          const std::string& response) {
   26202   VLOG(1) << __func__;
   26203   base::Callback<void(TPM_RC)> error_reporter =
   26204       base::Bind(ClearErrorCallback, callback);
   26205   TPM_RC rc = Tpm::ParseResponse_Clear(response, authorization_delegate);
   26206   if (rc != TPM_RC_SUCCESS) {
   26207     error_reporter.Run(rc);
   26208     return;
   26209   }
   26210   callback.Run(rc);
   26211 }
   26212 
   26213 void Tpm::Clear(const TPMI_RH_CLEAR& auth_handle,
   26214                 const std::string& auth_handle_name,
   26215                 AuthorizationDelegate* authorization_delegate,
   26216                 const ClearResponse& callback) {
   26217   VLOG(1) << __func__;
   26218   base::Callback<void(TPM_RC)> error_reporter =
   26219       base::Bind(ClearErrorCallback, callback);
   26220   base::Callback<void(const std::string&)> parser =
   26221       base::Bind(ClearResponseParser, callback, authorization_delegate);
   26222   std::string command;
   26223   TPM_RC rc = SerializeCommand_Clear(auth_handle, auth_handle_name, &command,
   26224                                      authorization_delegate);
   26225   if (rc != TPM_RC_SUCCESS) {
   26226     error_reporter.Run(rc);
   26227     return;
   26228   }
   26229   transceiver_->SendCommand(command, parser);
   26230 }
   26231 
   26232 TPM_RC Tpm::ClearSync(const TPMI_RH_CLEAR& auth_handle,
   26233                       const std::string& auth_handle_name,
   26234                       AuthorizationDelegate* authorization_delegate) {
   26235   VLOG(1) << __func__;
   26236   std::string command;
   26237   TPM_RC rc = SerializeCommand_Clear(auth_handle, auth_handle_name, &command,
   26238                                      authorization_delegate);
   26239   if (rc != TPM_RC_SUCCESS) {
   26240     return rc;
   26241   }
   26242   std::string response = transceiver_->SendCommandAndWait(command);
   26243   rc = ParseResponse_Clear(response, authorization_delegate);
   26244   return rc;
   26245 }
   26246 
   26247 TPM_RC Tpm::SerializeCommand_ClearControl(
   26248     const TPMI_RH_CLEAR& auth,
   26249     const std::string& auth_name,
   26250     const TPMI_YES_NO& disable,
   26251     std::string* serialized_command,
   26252     AuthorizationDelegate* authorization_delegate) {
   26253   VLOG(3) << __func__;
   26254   TPM_RC rc = TPM_RC_SUCCESS;
   26255   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26256   UINT32 command_size = 10;  // Header size.
   26257   std::string handle_section_bytes;
   26258   std::string parameter_section_bytes;
   26259   TPM_CC command_code = TPM_CC_ClearControl;
   26260   bool is_command_parameter_encryption_possible = false;
   26261   bool is_response_parameter_encryption_possible = false;
   26262   std::string command_code_bytes;
   26263   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26264   if (rc != TPM_RC_SUCCESS) {
   26265     return rc;
   26266   }
   26267   std::string auth_bytes;
   26268   rc = Serialize_TPMI_RH_CLEAR(auth, &auth_bytes);
   26269   if (rc != TPM_RC_SUCCESS) {
   26270     return rc;
   26271   }
   26272   std::string disable_bytes;
   26273   rc = Serialize_TPMI_YES_NO(disable, &disable_bytes);
   26274   if (rc != TPM_RC_SUCCESS) {
   26275     return rc;
   26276   }
   26277   std::unique_ptr<crypto::SecureHash> hash(
   26278       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26279   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26280   hash->Update(auth_name.data(), auth_name.size());
   26281   handle_section_bytes += auth_bytes;
   26282   command_size += auth_bytes.size();
   26283   hash->Update(disable_bytes.data(), disable_bytes.size());
   26284   parameter_section_bytes += disable_bytes;
   26285   command_size += disable_bytes.size();
   26286   std::string command_hash(32, 0);
   26287   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   26288   std::string authorization_section_bytes;
   26289   std::string authorization_size_bytes;
   26290   if (authorization_delegate) {
   26291     if (!authorization_delegate->GetCommandAuthorization(
   26292             command_hash, is_command_parameter_encryption_possible,
   26293             is_response_parameter_encryption_possible,
   26294             &authorization_section_bytes)) {
   26295       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26296     }
   26297     if (!authorization_section_bytes.empty()) {
   26298       tag = TPM_ST_SESSIONS;
   26299       std::string tmp;
   26300       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26301                             &authorization_size_bytes);
   26302       if (rc != TPM_RC_SUCCESS) {
   26303         return rc;
   26304       }
   26305       command_size +=
   26306           authorization_size_bytes.size() + authorization_section_bytes.size();
   26307     }
   26308   }
   26309   std::string tag_bytes;
   26310   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   26311   if (rc != TPM_RC_SUCCESS) {
   26312     return rc;
   26313   }
   26314   std::string command_size_bytes;
   26315   rc = Serialize_UINT32(command_size, &command_size_bytes);
   26316   if (rc != TPM_RC_SUCCESS) {
   26317     return rc;
   26318   }
   26319   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   26320                         handle_section_bytes + authorization_size_bytes +
   26321                         authorization_section_bytes + parameter_section_bytes;
   26322   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26323   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26324                                             serialized_command->size());
   26325   return TPM_RC_SUCCESS;
   26326 }
   26327 
   26328 TPM_RC Tpm::ParseResponse_ClearControl(
   26329     const std::string& response,
   26330     AuthorizationDelegate* authorization_delegate) {
   26331   VLOG(3) << __func__;
   26332   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26333   TPM_RC rc = TPM_RC_SUCCESS;
   26334   std::string buffer(response);
   26335   TPM_ST tag;
   26336   std::string tag_bytes;
   26337   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   26338   if (rc != TPM_RC_SUCCESS) {
   26339     return rc;
   26340   }
   26341   UINT32 response_size;
   26342   std::string response_size_bytes;
   26343   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   26344   if (rc != TPM_RC_SUCCESS) {
   26345     return rc;
   26346   }
   26347   TPM_RC response_code;
   26348   std::string response_code_bytes;
   26349   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   26350   if (rc != TPM_RC_SUCCESS) {
   26351     return rc;
   26352   }
   26353   if (response_size != response.size()) {
   26354     return TPM_RC_SIZE;
   26355   }
   26356   if (response_code != TPM_RC_SUCCESS) {
   26357     return response_code;
   26358   }
   26359   TPM_CC command_code = TPM_CC_ClearControl;
   26360   std::string command_code_bytes;
   26361   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26362   if (rc != TPM_RC_SUCCESS) {
   26363     return rc;
   26364   }
   26365   std::string authorization_section_bytes;
   26366   if (tag == TPM_ST_SESSIONS) {
   26367     UINT32 parameter_section_size = buffer.size();
   26368     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26369     if (rc != TPM_RC_SUCCESS) {
   26370       return rc;
   26371     }
   26372     if (parameter_section_size > buffer.size()) {
   26373       return TPM_RC_INSUFFICIENT;
   26374     }
   26375     authorization_section_bytes = buffer.substr(parameter_section_size);
   26376     // Keep the parameter section in |buffer|.
   26377     buffer.erase(parameter_section_size);
   26378   }
   26379   std::unique_ptr<crypto::SecureHash> hash(
   26380       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26381   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   26382   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26383   hash->Update(buffer.data(), buffer.size());
   26384   std::string response_hash(32, 0);
   26385   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   26386   if (tag == TPM_ST_SESSIONS) {
   26387     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26388     if (!authorization_delegate->CheckResponseAuthorization(
   26389             response_hash, authorization_section_bytes)) {
   26390       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26391     }
   26392   }
   26393   return TPM_RC_SUCCESS;
   26394 }
   26395 
   26396 void ClearControlErrorCallback(const Tpm::ClearControlResponse& callback,
   26397                                TPM_RC response_code) {
   26398   VLOG(1) << __func__;
   26399   callback.Run(response_code);
   26400 }
   26401 
   26402 void ClearControlResponseParser(const Tpm::ClearControlResponse& callback,
   26403                                 AuthorizationDelegate* authorization_delegate,
   26404                                 const std::string& response) {
   26405   VLOG(1) << __func__;
   26406   base::Callback<void(TPM_RC)> error_reporter =
   26407       base::Bind(ClearControlErrorCallback, callback);
   26408   TPM_RC rc = Tpm::ParseResponse_ClearControl(response, authorization_delegate);
   26409   if (rc != TPM_RC_SUCCESS) {
   26410     error_reporter.Run(rc);
   26411     return;
   26412   }
   26413   callback.Run(rc);
   26414 }
   26415 
   26416 void Tpm::ClearControl(const TPMI_RH_CLEAR& auth,
   26417                        const std::string& auth_name,
   26418                        const TPMI_YES_NO& disable,
   26419                        AuthorizationDelegate* authorization_delegate,
   26420                        const ClearControlResponse& callback) {
   26421   VLOG(1) << __func__;
   26422   base::Callback<void(TPM_RC)> error_reporter =
   26423       base::Bind(ClearControlErrorCallback, callback);
   26424   base::Callback<void(const std::string&)> parser =
   26425       base::Bind(ClearControlResponseParser, callback, authorization_delegate);
   26426   std::string command;
   26427   TPM_RC rc = SerializeCommand_ClearControl(auth, auth_name, disable, &command,
   26428                                             authorization_delegate);
   26429   if (rc != TPM_RC_SUCCESS) {
   26430     error_reporter.Run(rc);
   26431     return;
   26432   }
   26433   transceiver_->SendCommand(command, parser);
   26434 }
   26435 
   26436 TPM_RC Tpm::ClearControlSync(const TPMI_RH_CLEAR& auth,
   26437                              const std::string& auth_name,
   26438                              const TPMI_YES_NO& disable,
   26439                              AuthorizationDelegate* authorization_delegate) {
   26440   VLOG(1) << __func__;
   26441   std::string command;
   26442   TPM_RC rc = SerializeCommand_ClearControl(auth, auth_name, disable, &command,
   26443                                             authorization_delegate);
   26444   if (rc != TPM_RC_SUCCESS) {
   26445     return rc;
   26446   }
   26447   std::string response = transceiver_->SendCommandAndWait(command);
   26448   rc = ParseResponse_ClearControl(response, authorization_delegate);
   26449   return rc;
   26450 }
   26451 
   26452 TPM_RC Tpm::SerializeCommand_HierarchyChangeAuth(
   26453     const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   26454     const std::string& auth_handle_name,
   26455     const TPM2B_AUTH& new_auth,
   26456     std::string* serialized_command,
   26457     AuthorizationDelegate* authorization_delegate) {
   26458   VLOG(3) << __func__;
   26459   TPM_RC rc = TPM_RC_SUCCESS;
   26460   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26461   UINT32 command_size = 10;  // Header size.
   26462   std::string handle_section_bytes;
   26463   std::string parameter_section_bytes;
   26464   TPM_CC command_code = TPM_CC_HierarchyChangeAuth;
   26465   bool is_command_parameter_encryption_possible = true;
   26466   bool is_response_parameter_encryption_possible = false;
   26467   std::string command_code_bytes;
   26468   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26469   if (rc != TPM_RC_SUCCESS) {
   26470     return rc;
   26471   }
   26472   std::string auth_handle_bytes;
   26473   rc = Serialize_TPMI_RH_HIERARCHY_AUTH(auth_handle, &auth_handle_bytes);
   26474   if (rc != TPM_RC_SUCCESS) {
   26475     return rc;
   26476   }
   26477   std::string new_auth_bytes;
   26478   rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes);
   26479   if (rc != TPM_RC_SUCCESS) {
   26480     return rc;
   26481   }
   26482   if (authorization_delegate) {
   26483     // Encrypt just the parameter data, not the size.
   26484     std::string tmp = new_auth_bytes.substr(2);
   26485     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   26486       return TRUNKS_RC_ENCRYPTION_FAILED;
   26487     }
   26488     new_auth_bytes.replace(2, std::string::npos, tmp);
   26489   }
   26490   std::unique_ptr<crypto::SecureHash> hash(
   26491       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26492   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26493   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   26494   handle_section_bytes += auth_handle_bytes;
   26495   command_size += auth_handle_bytes.size();
   26496   hash->Update(new_auth_bytes.data(), new_auth_bytes.size());
   26497   parameter_section_bytes += new_auth_bytes;
   26498   command_size += new_auth_bytes.size();
   26499   std::string command_hash(32, 0);
   26500   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   26501   std::string authorization_section_bytes;
   26502   std::string authorization_size_bytes;
   26503   if (authorization_delegate) {
   26504     if (!authorization_delegate->GetCommandAuthorization(
   26505             command_hash, is_command_parameter_encryption_possible,
   26506             is_response_parameter_encryption_possible,
   26507             &authorization_section_bytes)) {
   26508       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26509     }
   26510     if (!authorization_section_bytes.empty()) {
   26511       tag = TPM_ST_SESSIONS;
   26512       std::string tmp;
   26513       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26514                             &authorization_size_bytes);
   26515       if (rc != TPM_RC_SUCCESS) {
   26516         return rc;
   26517       }
   26518       command_size +=
   26519           authorization_size_bytes.size() + authorization_section_bytes.size();
   26520     }
   26521   }
   26522   std::string tag_bytes;
   26523   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   26524   if (rc != TPM_RC_SUCCESS) {
   26525     return rc;
   26526   }
   26527   std::string command_size_bytes;
   26528   rc = Serialize_UINT32(command_size, &command_size_bytes);
   26529   if (rc != TPM_RC_SUCCESS) {
   26530     return rc;
   26531   }
   26532   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   26533                         handle_section_bytes + authorization_size_bytes +
   26534                         authorization_section_bytes + parameter_section_bytes;
   26535   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26536   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26537                                             serialized_command->size());
   26538   return TPM_RC_SUCCESS;
   26539 }
   26540 
   26541 TPM_RC Tpm::ParseResponse_HierarchyChangeAuth(
   26542     const std::string& response,
   26543     AuthorizationDelegate* authorization_delegate) {
   26544   VLOG(3) << __func__;
   26545   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26546   TPM_RC rc = TPM_RC_SUCCESS;
   26547   std::string buffer(response);
   26548   TPM_ST tag;
   26549   std::string tag_bytes;
   26550   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   26551   if (rc != TPM_RC_SUCCESS) {
   26552     return rc;
   26553   }
   26554   UINT32 response_size;
   26555   std::string response_size_bytes;
   26556   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   26557   if (rc != TPM_RC_SUCCESS) {
   26558     return rc;
   26559   }
   26560   TPM_RC response_code;
   26561   std::string response_code_bytes;
   26562   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   26563   if (rc != TPM_RC_SUCCESS) {
   26564     return rc;
   26565   }
   26566   if (response_size != response.size()) {
   26567     return TPM_RC_SIZE;
   26568   }
   26569   if (response_code != TPM_RC_SUCCESS) {
   26570     return response_code;
   26571   }
   26572   TPM_CC command_code = TPM_CC_HierarchyChangeAuth;
   26573   std::string command_code_bytes;
   26574   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26575   if (rc != TPM_RC_SUCCESS) {
   26576     return rc;
   26577   }
   26578   std::string authorization_section_bytes;
   26579   if (tag == TPM_ST_SESSIONS) {
   26580     UINT32 parameter_section_size = buffer.size();
   26581     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26582     if (rc != TPM_RC_SUCCESS) {
   26583       return rc;
   26584     }
   26585     if (parameter_section_size > buffer.size()) {
   26586       return TPM_RC_INSUFFICIENT;
   26587     }
   26588     authorization_section_bytes = buffer.substr(parameter_section_size);
   26589     // Keep the parameter section in |buffer|.
   26590     buffer.erase(parameter_section_size);
   26591   }
   26592   std::unique_ptr<crypto::SecureHash> hash(
   26593       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26594   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   26595   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26596   hash->Update(buffer.data(), buffer.size());
   26597   std::string response_hash(32, 0);
   26598   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   26599   if (tag == TPM_ST_SESSIONS) {
   26600     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26601     if (!authorization_delegate->CheckResponseAuthorization(
   26602             response_hash, authorization_section_bytes)) {
   26603       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26604     }
   26605   }
   26606   return TPM_RC_SUCCESS;
   26607 }
   26608 
   26609 void HierarchyChangeAuthErrorCallback(
   26610     const Tpm::HierarchyChangeAuthResponse& callback,
   26611     TPM_RC response_code) {
   26612   VLOG(1) << __func__;
   26613   callback.Run(response_code);
   26614 }
   26615 
   26616 void HierarchyChangeAuthResponseParser(
   26617     const Tpm::HierarchyChangeAuthResponse& callback,
   26618     AuthorizationDelegate* authorization_delegate,
   26619     const std::string& response) {
   26620   VLOG(1) << __func__;
   26621   base::Callback<void(TPM_RC)> error_reporter =
   26622       base::Bind(HierarchyChangeAuthErrorCallback, callback);
   26623   TPM_RC rc =
   26624       Tpm::ParseResponse_HierarchyChangeAuth(response, authorization_delegate);
   26625   if (rc != TPM_RC_SUCCESS) {
   26626     error_reporter.Run(rc);
   26627     return;
   26628   }
   26629   callback.Run(rc);
   26630 }
   26631 
   26632 void Tpm::HierarchyChangeAuth(const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   26633                               const std::string& auth_handle_name,
   26634                               const TPM2B_AUTH& new_auth,
   26635                               AuthorizationDelegate* authorization_delegate,
   26636                               const HierarchyChangeAuthResponse& callback) {
   26637   VLOG(1) << __func__;
   26638   base::Callback<void(TPM_RC)> error_reporter =
   26639       base::Bind(HierarchyChangeAuthErrorCallback, callback);
   26640   base::Callback<void(const std::string&)> parser = base::Bind(
   26641       HierarchyChangeAuthResponseParser, callback, authorization_delegate);
   26642   std::string command;
   26643   TPM_RC rc = SerializeCommand_HierarchyChangeAuth(
   26644       auth_handle, auth_handle_name, new_auth, &command,
   26645       authorization_delegate);
   26646   if (rc != TPM_RC_SUCCESS) {
   26647     error_reporter.Run(rc);
   26648     return;
   26649   }
   26650   transceiver_->SendCommand(command, parser);
   26651 }
   26652 
   26653 TPM_RC Tpm::HierarchyChangeAuthSync(
   26654     const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   26655     const std::string& auth_handle_name,
   26656     const TPM2B_AUTH& new_auth,
   26657     AuthorizationDelegate* authorization_delegate) {
   26658   VLOG(1) << __func__;
   26659   std::string command;
   26660   TPM_RC rc = SerializeCommand_HierarchyChangeAuth(
   26661       auth_handle, auth_handle_name, new_auth, &command,
   26662       authorization_delegate);
   26663   if (rc != TPM_RC_SUCCESS) {
   26664     return rc;
   26665   }
   26666   std::string response = transceiver_->SendCommandAndWait(command);
   26667   rc = ParseResponse_HierarchyChangeAuth(response, authorization_delegate);
   26668   return rc;
   26669 }
   26670 
   26671 TPM_RC Tpm::SerializeCommand_DictionaryAttackLockReset(
   26672     const TPMI_RH_LOCKOUT& lock_handle,
   26673     const std::string& lock_handle_name,
   26674     std::string* serialized_command,
   26675     AuthorizationDelegate* authorization_delegate) {
   26676   VLOG(3) << __func__;
   26677   TPM_RC rc = TPM_RC_SUCCESS;
   26678   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26679   UINT32 command_size = 10;  // Header size.
   26680   std::string handle_section_bytes;
   26681   std::string parameter_section_bytes;
   26682   TPM_CC command_code = TPM_CC_DictionaryAttackLockReset;
   26683   bool is_command_parameter_encryption_possible = false;
   26684   bool is_response_parameter_encryption_possible = false;
   26685   std::string command_code_bytes;
   26686   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26687   if (rc != TPM_RC_SUCCESS) {
   26688     return rc;
   26689   }
   26690   std::string lock_handle_bytes;
   26691   rc = Serialize_TPMI_RH_LOCKOUT(lock_handle, &lock_handle_bytes);
   26692   if (rc != TPM_RC_SUCCESS) {
   26693     return rc;
   26694   }
   26695   std::unique_ptr<crypto::SecureHash> hash(
   26696       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26697   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26698   hash->Update(lock_handle_name.data(), lock_handle_name.size());
   26699   handle_section_bytes += lock_handle_bytes;
   26700   command_size += lock_handle_bytes.size();
   26701   std::string command_hash(32, 0);
   26702   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   26703   std::string authorization_section_bytes;
   26704   std::string authorization_size_bytes;
   26705   if (authorization_delegate) {
   26706     if (!authorization_delegate->GetCommandAuthorization(
   26707             command_hash, is_command_parameter_encryption_possible,
   26708             is_response_parameter_encryption_possible,
   26709             &authorization_section_bytes)) {
   26710       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26711     }
   26712     if (!authorization_section_bytes.empty()) {
   26713       tag = TPM_ST_SESSIONS;
   26714       std::string tmp;
   26715       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26716                             &authorization_size_bytes);
   26717       if (rc != TPM_RC_SUCCESS) {
   26718         return rc;
   26719       }
   26720       command_size +=
   26721           authorization_size_bytes.size() + authorization_section_bytes.size();
   26722     }
   26723   }
   26724   std::string tag_bytes;
   26725   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   26726   if (rc != TPM_RC_SUCCESS) {
   26727     return rc;
   26728   }
   26729   std::string command_size_bytes;
   26730   rc = Serialize_UINT32(command_size, &command_size_bytes);
   26731   if (rc != TPM_RC_SUCCESS) {
   26732     return rc;
   26733   }
   26734   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   26735                         handle_section_bytes + authorization_size_bytes +
   26736                         authorization_section_bytes + parameter_section_bytes;
   26737   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26738   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26739                                             serialized_command->size());
   26740   return TPM_RC_SUCCESS;
   26741 }
   26742 
   26743 TPM_RC Tpm::ParseResponse_DictionaryAttackLockReset(
   26744     const std::string& response,
   26745     AuthorizationDelegate* authorization_delegate) {
   26746   VLOG(3) << __func__;
   26747   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26748   TPM_RC rc = TPM_RC_SUCCESS;
   26749   std::string buffer(response);
   26750   TPM_ST tag;
   26751   std::string tag_bytes;
   26752   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   26753   if (rc != TPM_RC_SUCCESS) {
   26754     return rc;
   26755   }
   26756   UINT32 response_size;
   26757   std::string response_size_bytes;
   26758   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   26759   if (rc != TPM_RC_SUCCESS) {
   26760     return rc;
   26761   }
   26762   TPM_RC response_code;
   26763   std::string response_code_bytes;
   26764   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   26765   if (rc != TPM_RC_SUCCESS) {
   26766     return rc;
   26767   }
   26768   if (response_size != response.size()) {
   26769     return TPM_RC_SIZE;
   26770   }
   26771   if (response_code != TPM_RC_SUCCESS) {
   26772     return response_code;
   26773   }
   26774   TPM_CC command_code = TPM_CC_DictionaryAttackLockReset;
   26775   std::string command_code_bytes;
   26776   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26777   if (rc != TPM_RC_SUCCESS) {
   26778     return rc;
   26779   }
   26780   std::string authorization_section_bytes;
   26781   if (tag == TPM_ST_SESSIONS) {
   26782     UINT32 parameter_section_size = buffer.size();
   26783     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26784     if (rc != TPM_RC_SUCCESS) {
   26785       return rc;
   26786     }
   26787     if (parameter_section_size > buffer.size()) {
   26788       return TPM_RC_INSUFFICIENT;
   26789     }
   26790     authorization_section_bytes = buffer.substr(parameter_section_size);
   26791     // Keep the parameter section in |buffer|.
   26792     buffer.erase(parameter_section_size);
   26793   }
   26794   std::unique_ptr<crypto::SecureHash> hash(
   26795       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26796   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   26797   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26798   hash->Update(buffer.data(), buffer.size());
   26799   std::string response_hash(32, 0);
   26800   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   26801   if (tag == TPM_ST_SESSIONS) {
   26802     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26803     if (!authorization_delegate->CheckResponseAuthorization(
   26804             response_hash, authorization_section_bytes)) {
   26805       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26806     }
   26807   }
   26808   return TPM_RC_SUCCESS;
   26809 }
   26810 
   26811 void DictionaryAttackLockResetErrorCallback(
   26812     const Tpm::DictionaryAttackLockResetResponse& callback,
   26813     TPM_RC response_code) {
   26814   VLOG(1) << __func__;
   26815   callback.Run(response_code);
   26816 }
   26817 
   26818 void DictionaryAttackLockResetResponseParser(
   26819     const Tpm::DictionaryAttackLockResetResponse& callback,
   26820     AuthorizationDelegate* authorization_delegate,
   26821     const std::string& response) {
   26822   VLOG(1) << __func__;
   26823   base::Callback<void(TPM_RC)> error_reporter =
   26824       base::Bind(DictionaryAttackLockResetErrorCallback, callback);
   26825   TPM_RC rc = Tpm::ParseResponse_DictionaryAttackLockReset(
   26826       response, authorization_delegate);
   26827   if (rc != TPM_RC_SUCCESS) {
   26828     error_reporter.Run(rc);
   26829     return;
   26830   }
   26831   callback.Run(rc);
   26832 }
   26833 
   26834 void Tpm::DictionaryAttackLockReset(
   26835     const TPMI_RH_LOCKOUT& lock_handle,
   26836     const std::string& lock_handle_name,
   26837     AuthorizationDelegate* authorization_delegate,
   26838     const DictionaryAttackLockResetResponse& callback) {
   26839   VLOG(1) << __func__;
   26840   base::Callback<void(TPM_RC)> error_reporter =
   26841       base::Bind(DictionaryAttackLockResetErrorCallback, callback);
   26842   base::Callback<void(const std::string&)> parser =
   26843       base::Bind(DictionaryAttackLockResetResponseParser, callback,
   26844                  authorization_delegate);
   26845   std::string command;
   26846   TPM_RC rc = SerializeCommand_DictionaryAttackLockReset(
   26847       lock_handle, lock_handle_name, &command, authorization_delegate);
   26848   if (rc != TPM_RC_SUCCESS) {
   26849     error_reporter.Run(rc);
   26850     return;
   26851   }
   26852   transceiver_->SendCommand(command, parser);
   26853 }
   26854 
   26855 TPM_RC Tpm::DictionaryAttackLockResetSync(
   26856     const TPMI_RH_LOCKOUT& lock_handle,
   26857     const std::string& lock_handle_name,
   26858     AuthorizationDelegate* authorization_delegate) {
   26859   VLOG(1) << __func__;
   26860   std::string command;
   26861   TPM_RC rc = SerializeCommand_DictionaryAttackLockReset(
   26862       lock_handle, lock_handle_name, &command, authorization_delegate);
   26863   if (rc != TPM_RC_SUCCESS) {
   26864     return rc;
   26865   }
   26866   std::string response = transceiver_->SendCommandAndWait(command);
   26867   rc =
   26868       ParseResponse_DictionaryAttackLockReset(response, authorization_delegate);
   26869   return rc;
   26870 }
   26871 
   26872 TPM_RC Tpm::SerializeCommand_DictionaryAttackParameters(
   26873     const TPMI_RH_LOCKOUT& lock_handle,
   26874     const std::string& lock_handle_name,
   26875     const UINT32& new_max_tries,
   26876     const UINT32& new_recovery_time,
   26877     const UINT32& lockout_recovery,
   26878     std::string* serialized_command,
   26879     AuthorizationDelegate* authorization_delegate) {
   26880   VLOG(3) << __func__;
   26881   TPM_RC rc = TPM_RC_SUCCESS;
   26882   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26883   UINT32 command_size = 10;  // Header size.
   26884   std::string handle_section_bytes;
   26885   std::string parameter_section_bytes;
   26886   TPM_CC command_code = TPM_CC_DictionaryAttackParameters;
   26887   bool is_command_parameter_encryption_possible = false;
   26888   bool is_response_parameter_encryption_possible = false;
   26889   std::string command_code_bytes;
   26890   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   26891   if (rc != TPM_RC_SUCCESS) {
   26892     return rc;
   26893   }
   26894   std::string lock_handle_bytes;
   26895   rc = Serialize_TPMI_RH_LOCKOUT(lock_handle, &lock_handle_bytes);
   26896   if (rc != TPM_RC_SUCCESS) {
   26897     return rc;
   26898   }
   26899   std::string new_max_tries_bytes;
   26900   rc = Serialize_UINT32(new_max_tries, &new_max_tries_bytes);
   26901   if (rc != TPM_RC_SUCCESS) {
   26902     return rc;
   26903   }
   26904   std::string new_recovery_time_bytes;
   26905   rc = Serialize_UINT32(new_recovery_time, &new_recovery_time_bytes);
   26906   if (rc != TPM_RC_SUCCESS) {
   26907     return rc;
   26908   }
   26909   std::string lockout_recovery_bytes;
   26910   rc = Serialize_UINT32(lockout_recovery, &lockout_recovery_bytes);
   26911   if (rc != TPM_RC_SUCCESS) {
   26912     return rc;
   26913   }
   26914   std::unique_ptr<crypto::SecureHash> hash(
   26915       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   26916   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   26917   hash->Update(lock_handle_name.data(), lock_handle_name.size());
   26918   handle_section_bytes += lock_handle_bytes;
   26919   command_size += lock_handle_bytes.size();
   26920   hash->Update(new_max_tries_bytes.data(), new_max_tries_bytes.size());
   26921   parameter_section_bytes += new_max_tries_bytes;
   26922   command_size += new_max_tries_bytes.size();
   26923   hash->Update(new_recovery_time_bytes.data(), new_recovery_time_bytes.size());
   26924   parameter_section_bytes += new_recovery_time_bytes;
   26925   command_size += new_recovery_time_bytes.size();
   26926   hash->Update(lockout_recovery_bytes.data(), lockout_recovery_bytes.size());
   26927   parameter_section_bytes += lockout_recovery_bytes;
   26928   command_size += lockout_recovery_bytes.size();
   26929   std::string command_hash(32, 0);
   26930   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   26931   std::string authorization_section_bytes;
   26932   std::string authorization_size_bytes;
   26933   if (authorization_delegate) {
   26934     if (!authorization_delegate->GetCommandAuthorization(
   26935             command_hash, is_command_parameter_encryption_possible,
   26936             is_response_parameter_encryption_possible,
   26937             &authorization_section_bytes)) {
   26938       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26939     }
   26940     if (!authorization_section_bytes.empty()) {
   26941       tag = TPM_ST_SESSIONS;
   26942       std::string tmp;
   26943       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26944                             &authorization_size_bytes);
   26945       if (rc != TPM_RC_SUCCESS) {
   26946         return rc;
   26947       }
   26948       command_size +=
   26949           authorization_size_bytes.size() + authorization_section_bytes.size();
   26950     }
   26951   }
   26952   std::string tag_bytes;
   26953   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   26954   if (rc != TPM_RC_SUCCESS) {
   26955     return rc;
   26956   }
   26957   std::string command_size_bytes;
   26958   rc = Serialize_UINT32(command_size, &command_size_bytes);
   26959   if (rc != TPM_RC_SUCCESS) {
   26960     return rc;
   26961   }
   26962   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   26963                         handle_section_bytes + authorization_size_bytes +
   26964                         authorization_section_bytes + parameter_section_bytes;
   26965   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26966   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26967                                             serialized_command->size());
   26968   return TPM_RC_SUCCESS;
   26969 }
   26970 
   26971 TPM_RC Tpm::ParseResponse_DictionaryAttackParameters(
   26972     const std::string& response,
   26973     AuthorizationDelegate* authorization_delegate) {
   26974   VLOG(3) << __func__;
   26975   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26976   TPM_RC rc = TPM_RC_SUCCESS;
   26977   std::string buffer(response);
   26978   TPM_ST tag;
   26979   std::string tag_bytes;
   26980   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   26981   if (rc != TPM_RC_SUCCESS) {
   26982     return rc;
   26983   }
   26984   UINT32 response_size;
   26985   std::string response_size_bytes;
   26986   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   26987   if (rc != TPM_RC_SUCCESS) {
   26988     return rc;
   26989   }
   26990   TPM_RC response_code;
   26991   std::string response_code_bytes;
   26992   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   26993   if (rc != TPM_RC_SUCCESS) {
   26994     return rc;
   26995   }
   26996   if (response_size != response.size()) {
   26997     return TPM_RC_SIZE;
   26998   }
   26999   if (response_code != TPM_RC_SUCCESS) {
   27000     return response_code;
   27001   }
   27002   TPM_CC command_code = TPM_CC_DictionaryAttackParameters;
   27003   std::string command_code_bytes;
   27004   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27005   if (rc != TPM_RC_SUCCESS) {
   27006     return rc;
   27007   }
   27008   std::string authorization_section_bytes;
   27009   if (tag == TPM_ST_SESSIONS) {
   27010     UINT32 parameter_section_size = buffer.size();
   27011     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27012     if (rc != TPM_RC_SUCCESS) {
   27013       return rc;
   27014     }
   27015     if (parameter_section_size > buffer.size()) {
   27016       return TPM_RC_INSUFFICIENT;
   27017     }
   27018     authorization_section_bytes = buffer.substr(parameter_section_size);
   27019     // Keep the parameter section in |buffer|.
   27020     buffer.erase(parameter_section_size);
   27021   }
   27022   std::unique_ptr<crypto::SecureHash> hash(
   27023       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27024   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   27025   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27026   hash->Update(buffer.data(), buffer.size());
   27027   std::string response_hash(32, 0);
   27028   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   27029   if (tag == TPM_ST_SESSIONS) {
   27030     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27031     if (!authorization_delegate->CheckResponseAuthorization(
   27032             response_hash, authorization_section_bytes)) {
   27033       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27034     }
   27035   }
   27036   return TPM_RC_SUCCESS;
   27037 }
   27038 
   27039 void DictionaryAttackParametersErrorCallback(
   27040     const Tpm::DictionaryAttackParametersResponse& callback,
   27041     TPM_RC response_code) {
   27042   VLOG(1) << __func__;
   27043   callback.Run(response_code);
   27044 }
   27045 
   27046 void DictionaryAttackParametersResponseParser(
   27047     const Tpm::DictionaryAttackParametersResponse& callback,
   27048     AuthorizationDelegate* authorization_delegate,
   27049     const std::string& response) {
   27050   VLOG(1) << __func__;
   27051   base::Callback<void(TPM_RC)> error_reporter =
   27052       base::Bind(DictionaryAttackParametersErrorCallback, callback);
   27053   TPM_RC rc = Tpm::ParseResponse_DictionaryAttackParameters(
   27054       response, authorization_delegate);
   27055   if (rc != TPM_RC_SUCCESS) {
   27056     error_reporter.Run(rc);
   27057     return;
   27058   }
   27059   callback.Run(rc);
   27060 }
   27061 
   27062 void Tpm::DictionaryAttackParameters(
   27063     const TPMI_RH_LOCKOUT& lock_handle,
   27064     const std::string& lock_handle_name,
   27065     const UINT32& new_max_tries,
   27066     const UINT32& new_recovery_time,
   27067     const UINT32& lockout_recovery,
   27068     AuthorizationDelegate* authorization_delegate,
   27069     const DictionaryAttackParametersResponse& callback) {
   27070   VLOG(1) << __func__;
   27071   base::Callback<void(TPM_RC)> error_reporter =
   27072       base::Bind(DictionaryAttackParametersErrorCallback, callback);
   27073   base::Callback<void(const std::string&)> parser =
   27074       base::Bind(DictionaryAttackParametersResponseParser, callback,
   27075                  authorization_delegate);
   27076   std::string command;
   27077   TPM_RC rc = SerializeCommand_DictionaryAttackParameters(
   27078       lock_handle, lock_handle_name, new_max_tries, new_recovery_time,
   27079       lockout_recovery, &command, authorization_delegate);
   27080   if (rc != TPM_RC_SUCCESS) {
   27081     error_reporter.Run(rc);
   27082     return;
   27083   }
   27084   transceiver_->SendCommand(command, parser);
   27085 }
   27086 
   27087 TPM_RC Tpm::DictionaryAttackParametersSync(
   27088     const TPMI_RH_LOCKOUT& lock_handle,
   27089     const std::string& lock_handle_name,
   27090     const UINT32& new_max_tries,
   27091     const UINT32& new_recovery_time,
   27092     const UINT32& lockout_recovery,
   27093     AuthorizationDelegate* authorization_delegate) {
   27094   VLOG(1) << __func__;
   27095   std::string command;
   27096   TPM_RC rc = SerializeCommand_DictionaryAttackParameters(
   27097       lock_handle, lock_handle_name, new_max_tries, new_recovery_time,
   27098       lockout_recovery, &command, authorization_delegate);
   27099   if (rc != TPM_RC_SUCCESS) {
   27100     return rc;
   27101   }
   27102   std::string response = transceiver_->SendCommandAndWait(command);
   27103   rc = ParseResponse_DictionaryAttackParameters(response,
   27104                                                 authorization_delegate);
   27105   return rc;
   27106 }
   27107 
   27108 TPM_RC Tpm::SerializeCommand_PP_Commands(
   27109     const TPMI_RH_PLATFORM& auth,
   27110     const std::string& auth_name,
   27111     const TPML_CC& set_list,
   27112     const TPML_CC& clear_list,
   27113     std::string* serialized_command,
   27114     AuthorizationDelegate* authorization_delegate) {
   27115   VLOG(3) << __func__;
   27116   TPM_RC rc = TPM_RC_SUCCESS;
   27117   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27118   UINT32 command_size = 10;  // Header size.
   27119   std::string handle_section_bytes;
   27120   std::string parameter_section_bytes;
   27121   TPM_CC command_code = TPM_CC_PP_Commands;
   27122   bool is_command_parameter_encryption_possible = false;
   27123   bool is_response_parameter_encryption_possible = false;
   27124   std::string command_code_bytes;
   27125   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27126   if (rc != TPM_RC_SUCCESS) {
   27127     return rc;
   27128   }
   27129   std::string auth_bytes;
   27130   rc = Serialize_TPMI_RH_PLATFORM(auth, &auth_bytes);
   27131   if (rc != TPM_RC_SUCCESS) {
   27132     return rc;
   27133   }
   27134   std::string set_list_bytes;
   27135   rc = Serialize_TPML_CC(set_list, &set_list_bytes);
   27136   if (rc != TPM_RC_SUCCESS) {
   27137     return rc;
   27138   }
   27139   std::string clear_list_bytes;
   27140   rc = Serialize_TPML_CC(clear_list, &clear_list_bytes);
   27141   if (rc != TPM_RC_SUCCESS) {
   27142     return rc;
   27143   }
   27144   std::unique_ptr<crypto::SecureHash> hash(
   27145       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27146   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27147   hash->Update(auth_name.data(), auth_name.size());
   27148   handle_section_bytes += auth_bytes;
   27149   command_size += auth_bytes.size();
   27150   hash->Update(set_list_bytes.data(), set_list_bytes.size());
   27151   parameter_section_bytes += set_list_bytes;
   27152   command_size += set_list_bytes.size();
   27153   hash->Update(clear_list_bytes.data(), clear_list_bytes.size());
   27154   parameter_section_bytes += clear_list_bytes;
   27155   command_size += clear_list_bytes.size();
   27156   std::string command_hash(32, 0);
   27157   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   27158   std::string authorization_section_bytes;
   27159   std::string authorization_size_bytes;
   27160   if (authorization_delegate) {
   27161     if (!authorization_delegate->GetCommandAuthorization(
   27162             command_hash, is_command_parameter_encryption_possible,
   27163             is_response_parameter_encryption_possible,
   27164             &authorization_section_bytes)) {
   27165       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27166     }
   27167     if (!authorization_section_bytes.empty()) {
   27168       tag = TPM_ST_SESSIONS;
   27169       std::string tmp;
   27170       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27171                             &authorization_size_bytes);
   27172       if (rc != TPM_RC_SUCCESS) {
   27173         return rc;
   27174       }
   27175       command_size +=
   27176           authorization_size_bytes.size() + authorization_section_bytes.size();
   27177     }
   27178   }
   27179   std::string tag_bytes;
   27180   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   27181   if (rc != TPM_RC_SUCCESS) {
   27182     return rc;
   27183   }
   27184   std::string command_size_bytes;
   27185   rc = Serialize_UINT32(command_size, &command_size_bytes);
   27186   if (rc != TPM_RC_SUCCESS) {
   27187     return rc;
   27188   }
   27189   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   27190                         handle_section_bytes + authorization_size_bytes +
   27191                         authorization_section_bytes + parameter_section_bytes;
   27192   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27193   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27194                                             serialized_command->size());
   27195   return TPM_RC_SUCCESS;
   27196 }
   27197 
   27198 TPM_RC Tpm::ParseResponse_PP_Commands(
   27199     const std::string& response,
   27200     AuthorizationDelegate* authorization_delegate) {
   27201   VLOG(3) << __func__;
   27202   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27203   TPM_RC rc = TPM_RC_SUCCESS;
   27204   std::string buffer(response);
   27205   TPM_ST tag;
   27206   std::string tag_bytes;
   27207   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   27208   if (rc != TPM_RC_SUCCESS) {
   27209     return rc;
   27210   }
   27211   UINT32 response_size;
   27212   std::string response_size_bytes;
   27213   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   27214   if (rc != TPM_RC_SUCCESS) {
   27215     return rc;
   27216   }
   27217   TPM_RC response_code;
   27218   std::string response_code_bytes;
   27219   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   27220   if (rc != TPM_RC_SUCCESS) {
   27221     return rc;
   27222   }
   27223   if (response_size != response.size()) {
   27224     return TPM_RC_SIZE;
   27225   }
   27226   if (response_code != TPM_RC_SUCCESS) {
   27227     return response_code;
   27228   }
   27229   TPM_CC command_code = TPM_CC_PP_Commands;
   27230   std::string command_code_bytes;
   27231   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27232   if (rc != TPM_RC_SUCCESS) {
   27233     return rc;
   27234   }
   27235   std::string authorization_section_bytes;
   27236   if (tag == TPM_ST_SESSIONS) {
   27237     UINT32 parameter_section_size = buffer.size();
   27238     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27239     if (rc != TPM_RC_SUCCESS) {
   27240       return rc;
   27241     }
   27242     if (parameter_section_size > buffer.size()) {
   27243       return TPM_RC_INSUFFICIENT;
   27244     }
   27245     authorization_section_bytes = buffer.substr(parameter_section_size);
   27246     // Keep the parameter section in |buffer|.
   27247     buffer.erase(parameter_section_size);
   27248   }
   27249   std::unique_ptr<crypto::SecureHash> hash(
   27250       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27251   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   27252   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27253   hash->Update(buffer.data(), buffer.size());
   27254   std::string response_hash(32, 0);
   27255   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   27256   if (tag == TPM_ST_SESSIONS) {
   27257     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27258     if (!authorization_delegate->CheckResponseAuthorization(
   27259             response_hash, authorization_section_bytes)) {
   27260       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27261     }
   27262   }
   27263   return TPM_RC_SUCCESS;
   27264 }
   27265 
   27266 void PP_CommandsErrorCallback(const Tpm::PP_CommandsResponse& callback,
   27267                               TPM_RC response_code) {
   27268   VLOG(1) << __func__;
   27269   callback.Run(response_code);
   27270 }
   27271 
   27272 void PP_CommandsResponseParser(const Tpm::PP_CommandsResponse& callback,
   27273                                AuthorizationDelegate* authorization_delegate,
   27274                                const std::string& response) {
   27275   VLOG(1) << __func__;
   27276   base::Callback<void(TPM_RC)> error_reporter =
   27277       base::Bind(PP_CommandsErrorCallback, callback);
   27278   TPM_RC rc = Tpm::ParseResponse_PP_Commands(response, authorization_delegate);
   27279   if (rc != TPM_RC_SUCCESS) {
   27280     error_reporter.Run(rc);
   27281     return;
   27282   }
   27283   callback.Run(rc);
   27284 }
   27285 
   27286 void Tpm::PP_Commands(const TPMI_RH_PLATFORM& auth,
   27287                       const std::string& auth_name,
   27288                       const TPML_CC& set_list,
   27289                       const TPML_CC& clear_list,
   27290                       AuthorizationDelegate* authorization_delegate,
   27291                       const PP_CommandsResponse& callback) {
   27292   VLOG(1) << __func__;
   27293   base::Callback<void(TPM_RC)> error_reporter =
   27294       base::Bind(PP_CommandsErrorCallback, callback);
   27295   base::Callback<void(const std::string&)> parser =
   27296       base::Bind(PP_CommandsResponseParser, callback, authorization_delegate);
   27297   std::string command;
   27298   TPM_RC rc = SerializeCommand_PP_Commands(
   27299       auth, auth_name, set_list, clear_list, &command, authorization_delegate);
   27300   if (rc != TPM_RC_SUCCESS) {
   27301     error_reporter.Run(rc);
   27302     return;
   27303   }
   27304   transceiver_->SendCommand(command, parser);
   27305 }
   27306 
   27307 TPM_RC Tpm::PP_CommandsSync(const TPMI_RH_PLATFORM& auth,
   27308                             const std::string& auth_name,
   27309                             const TPML_CC& set_list,
   27310                             const TPML_CC& clear_list,
   27311                             AuthorizationDelegate* authorization_delegate) {
   27312   VLOG(1) << __func__;
   27313   std::string command;
   27314   TPM_RC rc = SerializeCommand_PP_Commands(
   27315       auth, auth_name, set_list, clear_list, &command, authorization_delegate);
   27316   if (rc != TPM_RC_SUCCESS) {
   27317     return rc;
   27318   }
   27319   std::string response = transceiver_->SendCommandAndWait(command);
   27320   rc = ParseResponse_PP_Commands(response, authorization_delegate);
   27321   return rc;
   27322 }
   27323 
   27324 TPM_RC Tpm::SerializeCommand_SetAlgorithmSet(
   27325     const TPMI_RH_PLATFORM& auth_handle,
   27326     const std::string& auth_handle_name,
   27327     const UINT32& algorithm_set,
   27328     std::string* serialized_command,
   27329     AuthorizationDelegate* authorization_delegate) {
   27330   VLOG(3) << __func__;
   27331   TPM_RC rc = TPM_RC_SUCCESS;
   27332   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27333   UINT32 command_size = 10;  // Header size.
   27334   std::string handle_section_bytes;
   27335   std::string parameter_section_bytes;
   27336   TPM_CC command_code = TPM_CC_SetAlgorithmSet;
   27337   bool is_command_parameter_encryption_possible = false;
   27338   bool is_response_parameter_encryption_possible = false;
   27339   std::string command_code_bytes;
   27340   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27341   if (rc != TPM_RC_SUCCESS) {
   27342     return rc;
   27343   }
   27344   std::string auth_handle_bytes;
   27345   rc = Serialize_TPMI_RH_PLATFORM(auth_handle, &auth_handle_bytes);
   27346   if (rc != TPM_RC_SUCCESS) {
   27347     return rc;
   27348   }
   27349   std::string algorithm_set_bytes;
   27350   rc = Serialize_UINT32(algorithm_set, &algorithm_set_bytes);
   27351   if (rc != TPM_RC_SUCCESS) {
   27352     return rc;
   27353   }
   27354   std::unique_ptr<crypto::SecureHash> hash(
   27355       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27356   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27357   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   27358   handle_section_bytes += auth_handle_bytes;
   27359   command_size += auth_handle_bytes.size();
   27360   hash->Update(algorithm_set_bytes.data(), algorithm_set_bytes.size());
   27361   parameter_section_bytes += algorithm_set_bytes;
   27362   command_size += algorithm_set_bytes.size();
   27363   std::string command_hash(32, 0);
   27364   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   27365   std::string authorization_section_bytes;
   27366   std::string authorization_size_bytes;
   27367   if (authorization_delegate) {
   27368     if (!authorization_delegate->GetCommandAuthorization(
   27369             command_hash, is_command_parameter_encryption_possible,
   27370             is_response_parameter_encryption_possible,
   27371             &authorization_section_bytes)) {
   27372       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27373     }
   27374     if (!authorization_section_bytes.empty()) {
   27375       tag = TPM_ST_SESSIONS;
   27376       std::string tmp;
   27377       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27378                             &authorization_size_bytes);
   27379       if (rc != TPM_RC_SUCCESS) {
   27380         return rc;
   27381       }
   27382       command_size +=
   27383           authorization_size_bytes.size() + authorization_section_bytes.size();
   27384     }
   27385   }
   27386   std::string tag_bytes;
   27387   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   27388   if (rc != TPM_RC_SUCCESS) {
   27389     return rc;
   27390   }
   27391   std::string command_size_bytes;
   27392   rc = Serialize_UINT32(command_size, &command_size_bytes);
   27393   if (rc != TPM_RC_SUCCESS) {
   27394     return rc;
   27395   }
   27396   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   27397                         handle_section_bytes + authorization_size_bytes +
   27398                         authorization_section_bytes + parameter_section_bytes;
   27399   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27400   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27401                                             serialized_command->size());
   27402   return TPM_RC_SUCCESS;
   27403 }
   27404 
   27405 TPM_RC Tpm::ParseResponse_SetAlgorithmSet(
   27406     const std::string& response,
   27407     AuthorizationDelegate* authorization_delegate) {
   27408   VLOG(3) << __func__;
   27409   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27410   TPM_RC rc = TPM_RC_SUCCESS;
   27411   std::string buffer(response);
   27412   TPM_ST tag;
   27413   std::string tag_bytes;
   27414   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   27415   if (rc != TPM_RC_SUCCESS) {
   27416     return rc;
   27417   }
   27418   UINT32 response_size;
   27419   std::string response_size_bytes;
   27420   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   27421   if (rc != TPM_RC_SUCCESS) {
   27422     return rc;
   27423   }
   27424   TPM_RC response_code;
   27425   std::string response_code_bytes;
   27426   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   27427   if (rc != TPM_RC_SUCCESS) {
   27428     return rc;
   27429   }
   27430   if (response_size != response.size()) {
   27431     return TPM_RC_SIZE;
   27432   }
   27433   if (response_code != TPM_RC_SUCCESS) {
   27434     return response_code;
   27435   }
   27436   TPM_CC command_code = TPM_CC_SetAlgorithmSet;
   27437   std::string command_code_bytes;
   27438   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27439   if (rc != TPM_RC_SUCCESS) {
   27440     return rc;
   27441   }
   27442   std::string authorization_section_bytes;
   27443   if (tag == TPM_ST_SESSIONS) {
   27444     UINT32 parameter_section_size = buffer.size();
   27445     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27446     if (rc != TPM_RC_SUCCESS) {
   27447       return rc;
   27448     }
   27449     if (parameter_section_size > buffer.size()) {
   27450       return TPM_RC_INSUFFICIENT;
   27451     }
   27452     authorization_section_bytes = buffer.substr(parameter_section_size);
   27453     // Keep the parameter section in |buffer|.
   27454     buffer.erase(parameter_section_size);
   27455   }
   27456   std::unique_ptr<crypto::SecureHash> hash(
   27457       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27458   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   27459   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27460   hash->Update(buffer.data(), buffer.size());
   27461   std::string response_hash(32, 0);
   27462   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   27463   if (tag == TPM_ST_SESSIONS) {
   27464     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27465     if (!authorization_delegate->CheckResponseAuthorization(
   27466             response_hash, authorization_section_bytes)) {
   27467       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27468     }
   27469   }
   27470   return TPM_RC_SUCCESS;
   27471 }
   27472 
   27473 void SetAlgorithmSetErrorCallback(const Tpm::SetAlgorithmSetResponse& callback,
   27474                                   TPM_RC response_code) {
   27475   VLOG(1) << __func__;
   27476   callback.Run(response_code);
   27477 }
   27478 
   27479 void SetAlgorithmSetResponseParser(
   27480     const Tpm::SetAlgorithmSetResponse& callback,
   27481     AuthorizationDelegate* authorization_delegate,
   27482     const std::string& response) {
   27483   VLOG(1) << __func__;
   27484   base::Callback<void(TPM_RC)> error_reporter =
   27485       base::Bind(SetAlgorithmSetErrorCallback, callback);
   27486   TPM_RC rc =
   27487       Tpm::ParseResponse_SetAlgorithmSet(response, authorization_delegate);
   27488   if (rc != TPM_RC_SUCCESS) {
   27489     error_reporter.Run(rc);
   27490     return;
   27491   }
   27492   callback.Run(rc);
   27493 }
   27494 
   27495 void Tpm::SetAlgorithmSet(const TPMI_RH_PLATFORM& auth_handle,
   27496                           const std::string& auth_handle_name,
   27497                           const UINT32& algorithm_set,
   27498                           AuthorizationDelegate* authorization_delegate,
   27499                           const SetAlgorithmSetResponse& callback) {
   27500   VLOG(1) << __func__;
   27501   base::Callback<void(TPM_RC)> error_reporter =
   27502       base::Bind(SetAlgorithmSetErrorCallback, callback);
   27503   base::Callback<void(const std::string&)> parser = base::Bind(
   27504       SetAlgorithmSetResponseParser, callback, authorization_delegate);
   27505   std::string command;
   27506   TPM_RC rc = SerializeCommand_SetAlgorithmSet(auth_handle, auth_handle_name,
   27507                                                algorithm_set, &command,
   27508                                                authorization_delegate);
   27509   if (rc != TPM_RC_SUCCESS) {
   27510     error_reporter.Run(rc);
   27511     return;
   27512   }
   27513   transceiver_->SendCommand(command, parser);
   27514 }
   27515 
   27516 TPM_RC Tpm::SetAlgorithmSetSync(const TPMI_RH_PLATFORM& auth_handle,
   27517                                 const std::string& auth_handle_name,
   27518                                 const UINT32& algorithm_set,
   27519                                 AuthorizationDelegate* authorization_delegate) {
   27520   VLOG(1) << __func__;
   27521   std::string command;
   27522   TPM_RC rc = SerializeCommand_SetAlgorithmSet(auth_handle, auth_handle_name,
   27523                                                algorithm_set, &command,
   27524                                                authorization_delegate);
   27525   if (rc != TPM_RC_SUCCESS) {
   27526     return rc;
   27527   }
   27528   std::string response = transceiver_->SendCommandAndWait(command);
   27529   rc = ParseResponse_SetAlgorithmSet(response, authorization_delegate);
   27530   return rc;
   27531 }
   27532 
   27533 TPM_RC Tpm::SerializeCommand_FieldUpgradeStart(
   27534     const TPMI_RH_PLATFORM& authorization,
   27535     const std::string& authorization_name,
   27536     const TPMI_DH_OBJECT& key_handle,
   27537     const std::string& key_handle_name,
   27538     const TPM2B_DIGEST& fu_digest,
   27539     const TPMT_SIGNATURE& manifest_signature,
   27540     std::string* serialized_command,
   27541     AuthorizationDelegate* authorization_delegate) {
   27542   VLOG(3) << __func__;
   27543   TPM_RC rc = TPM_RC_SUCCESS;
   27544   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27545   UINT32 command_size = 10;  // Header size.
   27546   std::string handle_section_bytes;
   27547   std::string parameter_section_bytes;
   27548   TPM_CC command_code = TPM_CC_FieldUpgradeStart;
   27549   bool is_command_parameter_encryption_possible = true;
   27550   bool is_response_parameter_encryption_possible = false;
   27551   std::string command_code_bytes;
   27552   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27553   if (rc != TPM_RC_SUCCESS) {
   27554     return rc;
   27555   }
   27556   std::string authorization_bytes;
   27557   rc = Serialize_TPMI_RH_PLATFORM(authorization, &authorization_bytes);
   27558   if (rc != TPM_RC_SUCCESS) {
   27559     return rc;
   27560   }
   27561   std::string key_handle_bytes;
   27562   rc = Serialize_TPMI_DH_OBJECT(key_handle, &key_handle_bytes);
   27563   if (rc != TPM_RC_SUCCESS) {
   27564     return rc;
   27565   }
   27566   std::string fu_digest_bytes;
   27567   rc = Serialize_TPM2B_DIGEST(fu_digest, &fu_digest_bytes);
   27568   if (rc != TPM_RC_SUCCESS) {
   27569     return rc;
   27570   }
   27571   std::string manifest_signature_bytes;
   27572   rc = Serialize_TPMT_SIGNATURE(manifest_signature, &manifest_signature_bytes);
   27573   if (rc != TPM_RC_SUCCESS) {
   27574     return rc;
   27575   }
   27576   if (authorization_delegate) {
   27577     // Encrypt just the parameter data, not the size.
   27578     std::string tmp = fu_digest_bytes.substr(2);
   27579     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   27580       return TRUNKS_RC_ENCRYPTION_FAILED;
   27581     }
   27582     fu_digest_bytes.replace(2, std::string::npos, tmp);
   27583   }
   27584   std::unique_ptr<crypto::SecureHash> hash(
   27585       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27586   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27587   hash->Update(authorization_name.data(), authorization_name.size());
   27588   handle_section_bytes += authorization_bytes;
   27589   command_size += authorization_bytes.size();
   27590   hash->Update(key_handle_name.data(), key_handle_name.size());
   27591   handle_section_bytes += key_handle_bytes;
   27592   command_size += key_handle_bytes.size();
   27593   hash->Update(fu_digest_bytes.data(), fu_digest_bytes.size());
   27594   parameter_section_bytes += fu_digest_bytes;
   27595   command_size += fu_digest_bytes.size();
   27596   hash->Update(manifest_signature_bytes.data(),
   27597                manifest_signature_bytes.size());
   27598   parameter_section_bytes += manifest_signature_bytes;
   27599   command_size += manifest_signature_bytes.size();
   27600   std::string command_hash(32, 0);
   27601   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   27602   std::string authorization_section_bytes;
   27603   std::string authorization_size_bytes;
   27604   if (authorization_delegate) {
   27605     if (!authorization_delegate->GetCommandAuthorization(
   27606             command_hash, is_command_parameter_encryption_possible,
   27607             is_response_parameter_encryption_possible,
   27608             &authorization_section_bytes)) {
   27609       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27610     }
   27611     if (!authorization_section_bytes.empty()) {
   27612       tag = TPM_ST_SESSIONS;
   27613       std::string tmp;
   27614       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27615                             &authorization_size_bytes);
   27616       if (rc != TPM_RC_SUCCESS) {
   27617         return rc;
   27618       }
   27619       command_size +=
   27620           authorization_size_bytes.size() + authorization_section_bytes.size();
   27621     }
   27622   }
   27623   std::string tag_bytes;
   27624   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   27625   if (rc != TPM_RC_SUCCESS) {
   27626     return rc;
   27627   }
   27628   std::string command_size_bytes;
   27629   rc = Serialize_UINT32(command_size, &command_size_bytes);
   27630   if (rc != TPM_RC_SUCCESS) {
   27631     return rc;
   27632   }
   27633   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   27634                         handle_section_bytes + authorization_size_bytes +
   27635                         authorization_section_bytes + parameter_section_bytes;
   27636   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27637   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27638                                             serialized_command->size());
   27639   return TPM_RC_SUCCESS;
   27640 }
   27641 
   27642 TPM_RC Tpm::ParseResponse_FieldUpgradeStart(
   27643     const std::string& response,
   27644     AuthorizationDelegate* authorization_delegate) {
   27645   VLOG(3) << __func__;
   27646   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27647   TPM_RC rc = TPM_RC_SUCCESS;
   27648   std::string buffer(response);
   27649   TPM_ST tag;
   27650   std::string tag_bytes;
   27651   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   27652   if (rc != TPM_RC_SUCCESS) {
   27653     return rc;
   27654   }
   27655   UINT32 response_size;
   27656   std::string response_size_bytes;
   27657   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   27658   if (rc != TPM_RC_SUCCESS) {
   27659     return rc;
   27660   }
   27661   TPM_RC response_code;
   27662   std::string response_code_bytes;
   27663   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   27664   if (rc != TPM_RC_SUCCESS) {
   27665     return rc;
   27666   }
   27667   if (response_size != response.size()) {
   27668     return TPM_RC_SIZE;
   27669   }
   27670   if (response_code != TPM_RC_SUCCESS) {
   27671     return response_code;
   27672   }
   27673   TPM_CC command_code = TPM_CC_FieldUpgradeStart;
   27674   std::string command_code_bytes;
   27675   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27676   if (rc != TPM_RC_SUCCESS) {
   27677     return rc;
   27678   }
   27679   std::string authorization_section_bytes;
   27680   if (tag == TPM_ST_SESSIONS) {
   27681     UINT32 parameter_section_size = buffer.size();
   27682     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27683     if (rc != TPM_RC_SUCCESS) {
   27684       return rc;
   27685     }
   27686     if (parameter_section_size > buffer.size()) {
   27687       return TPM_RC_INSUFFICIENT;
   27688     }
   27689     authorization_section_bytes = buffer.substr(parameter_section_size);
   27690     // Keep the parameter section in |buffer|.
   27691     buffer.erase(parameter_section_size);
   27692   }
   27693   std::unique_ptr<crypto::SecureHash> hash(
   27694       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27695   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   27696   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27697   hash->Update(buffer.data(), buffer.size());
   27698   std::string response_hash(32, 0);
   27699   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   27700   if (tag == TPM_ST_SESSIONS) {
   27701     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27702     if (!authorization_delegate->CheckResponseAuthorization(
   27703             response_hash, authorization_section_bytes)) {
   27704       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27705     }
   27706   }
   27707   return TPM_RC_SUCCESS;
   27708 }
   27709 
   27710 void FieldUpgradeStartErrorCallback(
   27711     const Tpm::FieldUpgradeStartResponse& callback,
   27712     TPM_RC response_code) {
   27713   VLOG(1) << __func__;
   27714   callback.Run(response_code);
   27715 }
   27716 
   27717 void FieldUpgradeStartResponseParser(
   27718     const Tpm::FieldUpgradeStartResponse& callback,
   27719     AuthorizationDelegate* authorization_delegate,
   27720     const std::string& response) {
   27721   VLOG(1) << __func__;
   27722   base::Callback<void(TPM_RC)> error_reporter =
   27723       base::Bind(FieldUpgradeStartErrorCallback, callback);
   27724   TPM_RC rc =
   27725       Tpm::ParseResponse_FieldUpgradeStart(response, authorization_delegate);
   27726   if (rc != TPM_RC_SUCCESS) {
   27727     error_reporter.Run(rc);
   27728     return;
   27729   }
   27730   callback.Run(rc);
   27731 }
   27732 
   27733 void Tpm::FieldUpgradeStart(const TPMI_RH_PLATFORM& authorization,
   27734                             const std::string& authorization_name,
   27735                             const TPMI_DH_OBJECT& key_handle,
   27736                             const std::string& key_handle_name,
   27737                             const TPM2B_DIGEST& fu_digest,
   27738                             const TPMT_SIGNATURE& manifest_signature,
   27739                             AuthorizationDelegate* authorization_delegate,
   27740                             const FieldUpgradeStartResponse& callback) {
   27741   VLOG(1) << __func__;
   27742   base::Callback<void(TPM_RC)> error_reporter =
   27743       base::Bind(FieldUpgradeStartErrorCallback, callback);
   27744   base::Callback<void(const std::string&)> parser = base::Bind(
   27745       FieldUpgradeStartResponseParser, callback, authorization_delegate);
   27746   std::string command;
   27747   TPM_RC rc = SerializeCommand_FieldUpgradeStart(
   27748       authorization, authorization_name, key_handle, key_handle_name, fu_digest,
   27749       manifest_signature, &command, authorization_delegate);
   27750   if (rc != TPM_RC_SUCCESS) {
   27751     error_reporter.Run(rc);
   27752     return;
   27753   }
   27754   transceiver_->SendCommand(command, parser);
   27755 }
   27756 
   27757 TPM_RC Tpm::FieldUpgradeStartSync(
   27758     const TPMI_RH_PLATFORM& authorization,
   27759     const std::string& authorization_name,
   27760     const TPMI_DH_OBJECT& key_handle,
   27761     const std::string& key_handle_name,
   27762     const TPM2B_DIGEST& fu_digest,
   27763     const TPMT_SIGNATURE& manifest_signature,
   27764     AuthorizationDelegate* authorization_delegate) {
   27765   VLOG(1) << __func__;
   27766   std::string command;
   27767   TPM_RC rc = SerializeCommand_FieldUpgradeStart(
   27768       authorization, authorization_name, key_handle, key_handle_name, fu_digest,
   27769       manifest_signature, &command, authorization_delegate);
   27770   if (rc != TPM_RC_SUCCESS) {
   27771     return rc;
   27772   }
   27773   std::string response = transceiver_->SendCommandAndWait(command);
   27774   rc = ParseResponse_FieldUpgradeStart(response, authorization_delegate);
   27775   return rc;
   27776 }
   27777 
   27778 TPM_RC Tpm::SerializeCommand_FieldUpgradeData(
   27779     const TPM2B_MAX_BUFFER& fu_data,
   27780     std::string* serialized_command,
   27781     AuthorizationDelegate* authorization_delegate) {
   27782   VLOG(3) << __func__;
   27783   TPM_RC rc = TPM_RC_SUCCESS;
   27784   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27785   UINT32 command_size = 10;  // Header size.
   27786   std::string handle_section_bytes;
   27787   std::string parameter_section_bytes;
   27788   TPM_CC command_code = TPM_CC_FieldUpgradeData;
   27789   bool is_command_parameter_encryption_possible = true;
   27790   bool is_response_parameter_encryption_possible = false;
   27791   std::string command_code_bytes;
   27792   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27793   if (rc != TPM_RC_SUCCESS) {
   27794     return rc;
   27795   }
   27796   std::string fu_data_bytes;
   27797   rc = Serialize_TPM2B_MAX_BUFFER(fu_data, &fu_data_bytes);
   27798   if (rc != TPM_RC_SUCCESS) {
   27799     return rc;
   27800   }
   27801   if (authorization_delegate) {
   27802     // Encrypt just the parameter data, not the size.
   27803     std::string tmp = fu_data_bytes.substr(2);
   27804     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   27805       return TRUNKS_RC_ENCRYPTION_FAILED;
   27806     }
   27807     fu_data_bytes.replace(2, std::string::npos, tmp);
   27808   }
   27809   std::unique_ptr<crypto::SecureHash> hash(
   27810       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27811   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27812   hash->Update(fu_data_bytes.data(), fu_data_bytes.size());
   27813   parameter_section_bytes += fu_data_bytes;
   27814   command_size += fu_data_bytes.size();
   27815   std::string command_hash(32, 0);
   27816   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   27817   std::string authorization_section_bytes;
   27818   std::string authorization_size_bytes;
   27819   if (authorization_delegate) {
   27820     if (!authorization_delegate->GetCommandAuthorization(
   27821             command_hash, is_command_parameter_encryption_possible,
   27822             is_response_parameter_encryption_possible,
   27823             &authorization_section_bytes)) {
   27824       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27825     }
   27826     if (!authorization_section_bytes.empty()) {
   27827       tag = TPM_ST_SESSIONS;
   27828       std::string tmp;
   27829       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27830                             &authorization_size_bytes);
   27831       if (rc != TPM_RC_SUCCESS) {
   27832         return rc;
   27833       }
   27834       command_size +=
   27835           authorization_size_bytes.size() + authorization_section_bytes.size();
   27836     }
   27837   }
   27838   std::string tag_bytes;
   27839   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   27840   if (rc != TPM_RC_SUCCESS) {
   27841     return rc;
   27842   }
   27843   std::string command_size_bytes;
   27844   rc = Serialize_UINT32(command_size, &command_size_bytes);
   27845   if (rc != TPM_RC_SUCCESS) {
   27846     return rc;
   27847   }
   27848   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   27849                         handle_section_bytes + authorization_size_bytes +
   27850                         authorization_section_bytes + parameter_section_bytes;
   27851   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27852   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27853                                             serialized_command->size());
   27854   return TPM_RC_SUCCESS;
   27855 }
   27856 
   27857 TPM_RC Tpm::ParseResponse_FieldUpgradeData(
   27858     const std::string& response,
   27859     TPMT_HA* next_digest,
   27860     TPMT_HA* first_digest,
   27861     AuthorizationDelegate* authorization_delegate) {
   27862   VLOG(3) << __func__;
   27863   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27864   TPM_RC rc = TPM_RC_SUCCESS;
   27865   std::string buffer(response);
   27866   TPM_ST tag;
   27867   std::string tag_bytes;
   27868   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   27869   if (rc != TPM_RC_SUCCESS) {
   27870     return rc;
   27871   }
   27872   UINT32 response_size;
   27873   std::string response_size_bytes;
   27874   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   27875   if (rc != TPM_RC_SUCCESS) {
   27876     return rc;
   27877   }
   27878   TPM_RC response_code;
   27879   std::string response_code_bytes;
   27880   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   27881   if (rc != TPM_RC_SUCCESS) {
   27882     return rc;
   27883   }
   27884   if (response_size != response.size()) {
   27885     return TPM_RC_SIZE;
   27886   }
   27887   if (response_code != TPM_RC_SUCCESS) {
   27888     return response_code;
   27889   }
   27890   TPM_CC command_code = TPM_CC_FieldUpgradeData;
   27891   std::string command_code_bytes;
   27892   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   27893   if (rc != TPM_RC_SUCCESS) {
   27894     return rc;
   27895   }
   27896   std::string authorization_section_bytes;
   27897   if (tag == TPM_ST_SESSIONS) {
   27898     UINT32 parameter_section_size = buffer.size();
   27899     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27900     if (rc != TPM_RC_SUCCESS) {
   27901       return rc;
   27902     }
   27903     if (parameter_section_size > buffer.size()) {
   27904       return TPM_RC_INSUFFICIENT;
   27905     }
   27906     authorization_section_bytes = buffer.substr(parameter_section_size);
   27907     // Keep the parameter section in |buffer|.
   27908     buffer.erase(parameter_section_size);
   27909   }
   27910   std::unique_ptr<crypto::SecureHash> hash(
   27911       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   27912   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   27913   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   27914   hash->Update(buffer.data(), buffer.size());
   27915   std::string response_hash(32, 0);
   27916   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   27917   if (tag == TPM_ST_SESSIONS) {
   27918     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27919     if (!authorization_delegate->CheckResponseAuthorization(
   27920             response_hash, authorization_section_bytes)) {
   27921       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27922     }
   27923   }
   27924   std::string next_digest_bytes;
   27925   rc = Parse_TPMT_HA(&buffer, next_digest, &next_digest_bytes);
   27926   if (rc != TPM_RC_SUCCESS) {
   27927     return rc;
   27928   }
   27929   std::string first_digest_bytes;
   27930   rc = Parse_TPMT_HA(&buffer, first_digest, &first_digest_bytes);
   27931   if (rc != TPM_RC_SUCCESS) {
   27932     return rc;
   27933   }
   27934   return TPM_RC_SUCCESS;
   27935 }
   27936 
   27937 void FieldUpgradeDataErrorCallback(
   27938     const Tpm::FieldUpgradeDataResponse& callback,
   27939     TPM_RC response_code) {
   27940   VLOG(1) << __func__;
   27941   callback.Run(response_code, TPMT_HA(), TPMT_HA());
   27942 }
   27943 
   27944 void FieldUpgradeDataResponseParser(
   27945     const Tpm::FieldUpgradeDataResponse& callback,
   27946     AuthorizationDelegate* authorization_delegate,
   27947     const std::string& response) {
   27948   VLOG(1) << __func__;
   27949   base::Callback<void(TPM_RC)> error_reporter =
   27950       base::Bind(FieldUpgradeDataErrorCallback, callback);
   27951   TPMT_HA next_digest;
   27952   TPMT_HA first_digest;
   27953   TPM_RC rc = Tpm::ParseResponse_FieldUpgradeData(
   27954       response, &next_digest, &first_digest, authorization_delegate);
   27955   if (rc != TPM_RC_SUCCESS) {
   27956     error_reporter.Run(rc);
   27957     return;
   27958   }
   27959   callback.Run(rc, next_digest, first_digest);
   27960 }
   27961 
   27962 void Tpm::FieldUpgradeData(const TPM2B_MAX_BUFFER& fu_data,
   27963                            AuthorizationDelegate* authorization_delegate,
   27964                            const FieldUpgradeDataResponse& callback) {
   27965   VLOG(1) << __func__;
   27966   base::Callback<void(TPM_RC)> error_reporter =
   27967       base::Bind(FieldUpgradeDataErrorCallback, callback);
   27968   base::Callback<void(const std::string&)> parser = base::Bind(
   27969       FieldUpgradeDataResponseParser, callback, authorization_delegate);
   27970   std::string command;
   27971   TPM_RC rc = SerializeCommand_FieldUpgradeData(fu_data, &command,
   27972                                                 authorization_delegate);
   27973   if (rc != TPM_RC_SUCCESS) {
   27974     error_reporter.Run(rc);
   27975     return;
   27976   }
   27977   transceiver_->SendCommand(command, parser);
   27978 }
   27979 
   27980 TPM_RC Tpm::FieldUpgradeDataSync(
   27981     const TPM2B_MAX_BUFFER& fu_data,
   27982     TPMT_HA* next_digest,
   27983     TPMT_HA* first_digest,
   27984     AuthorizationDelegate* authorization_delegate) {
   27985   VLOG(1) << __func__;
   27986   std::string command;
   27987   TPM_RC rc = SerializeCommand_FieldUpgradeData(fu_data, &command,
   27988                                                 authorization_delegate);
   27989   if (rc != TPM_RC_SUCCESS) {
   27990     return rc;
   27991   }
   27992   std::string response = transceiver_->SendCommandAndWait(command);
   27993   rc = ParseResponse_FieldUpgradeData(response, next_digest, first_digest,
   27994                                       authorization_delegate);
   27995   return rc;
   27996 }
   27997 
   27998 TPM_RC Tpm::SerializeCommand_FirmwareRead(
   27999     const UINT32& sequence_number,
   28000     std::string* serialized_command,
   28001     AuthorizationDelegate* authorization_delegate) {
   28002   VLOG(3) << __func__;
   28003   TPM_RC rc = TPM_RC_SUCCESS;
   28004   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28005   UINT32 command_size = 10;  // Header size.
   28006   std::string handle_section_bytes;
   28007   std::string parameter_section_bytes;
   28008   TPM_CC command_code = TPM_CC_FirmwareRead;
   28009   bool is_command_parameter_encryption_possible = false;
   28010   bool is_response_parameter_encryption_possible = true;
   28011   std::string command_code_bytes;
   28012   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28013   if (rc != TPM_RC_SUCCESS) {
   28014     return rc;
   28015   }
   28016   std::string sequence_number_bytes;
   28017   rc = Serialize_UINT32(sequence_number, &sequence_number_bytes);
   28018   if (rc != TPM_RC_SUCCESS) {
   28019     return rc;
   28020   }
   28021   std::unique_ptr<crypto::SecureHash> hash(
   28022       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28023   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28024   hash->Update(sequence_number_bytes.data(), sequence_number_bytes.size());
   28025   parameter_section_bytes += sequence_number_bytes;
   28026   command_size += sequence_number_bytes.size();
   28027   std::string command_hash(32, 0);
   28028   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   28029   std::string authorization_section_bytes;
   28030   std::string authorization_size_bytes;
   28031   if (authorization_delegate) {
   28032     if (!authorization_delegate->GetCommandAuthorization(
   28033             command_hash, is_command_parameter_encryption_possible,
   28034             is_response_parameter_encryption_possible,
   28035             &authorization_section_bytes)) {
   28036       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28037     }
   28038     if (!authorization_section_bytes.empty()) {
   28039       tag = TPM_ST_SESSIONS;
   28040       std::string tmp;
   28041       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28042                             &authorization_size_bytes);
   28043       if (rc != TPM_RC_SUCCESS) {
   28044         return rc;
   28045       }
   28046       command_size +=
   28047           authorization_size_bytes.size() + authorization_section_bytes.size();
   28048     }
   28049   }
   28050   std::string tag_bytes;
   28051   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   28052   if (rc != TPM_RC_SUCCESS) {
   28053     return rc;
   28054   }
   28055   std::string command_size_bytes;
   28056   rc = Serialize_UINT32(command_size, &command_size_bytes);
   28057   if (rc != TPM_RC_SUCCESS) {
   28058     return rc;
   28059   }
   28060   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   28061                         handle_section_bytes + authorization_size_bytes +
   28062                         authorization_section_bytes + parameter_section_bytes;
   28063   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28064   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28065                                             serialized_command->size());
   28066   return TPM_RC_SUCCESS;
   28067 }
   28068 
   28069 TPM_RC Tpm::ParseResponse_FirmwareRead(
   28070     const std::string& response,
   28071     TPM2B_MAX_BUFFER* fu_data,
   28072     AuthorizationDelegate* authorization_delegate) {
   28073   VLOG(3) << __func__;
   28074   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28075   TPM_RC rc = TPM_RC_SUCCESS;
   28076   std::string buffer(response);
   28077   TPM_ST tag;
   28078   std::string tag_bytes;
   28079   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   28080   if (rc != TPM_RC_SUCCESS) {
   28081     return rc;
   28082   }
   28083   UINT32 response_size;
   28084   std::string response_size_bytes;
   28085   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   28086   if (rc != TPM_RC_SUCCESS) {
   28087     return rc;
   28088   }
   28089   TPM_RC response_code;
   28090   std::string response_code_bytes;
   28091   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   28092   if (rc != TPM_RC_SUCCESS) {
   28093     return rc;
   28094   }
   28095   if (response_size != response.size()) {
   28096     return TPM_RC_SIZE;
   28097   }
   28098   if (response_code != TPM_RC_SUCCESS) {
   28099     return response_code;
   28100   }
   28101   TPM_CC command_code = TPM_CC_FirmwareRead;
   28102   std::string command_code_bytes;
   28103   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28104   if (rc != TPM_RC_SUCCESS) {
   28105     return rc;
   28106   }
   28107   std::string authorization_section_bytes;
   28108   if (tag == TPM_ST_SESSIONS) {
   28109     UINT32 parameter_section_size = buffer.size();
   28110     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28111     if (rc != TPM_RC_SUCCESS) {
   28112       return rc;
   28113     }
   28114     if (parameter_section_size > buffer.size()) {
   28115       return TPM_RC_INSUFFICIENT;
   28116     }
   28117     authorization_section_bytes = buffer.substr(parameter_section_size);
   28118     // Keep the parameter section in |buffer|.
   28119     buffer.erase(parameter_section_size);
   28120   }
   28121   std::unique_ptr<crypto::SecureHash> hash(
   28122       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28123   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   28124   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28125   hash->Update(buffer.data(), buffer.size());
   28126   std::string response_hash(32, 0);
   28127   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   28128   if (tag == TPM_ST_SESSIONS) {
   28129     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28130     if (!authorization_delegate->CheckResponseAuthorization(
   28131             response_hash, authorization_section_bytes)) {
   28132       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28133     }
   28134   }
   28135   std::string fu_data_bytes;
   28136   rc = Parse_TPM2B_MAX_BUFFER(&buffer, fu_data, &fu_data_bytes);
   28137   if (rc != TPM_RC_SUCCESS) {
   28138     return rc;
   28139   }
   28140   if (tag == TPM_ST_SESSIONS) {
   28141     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28142     // Decrypt just the parameter data, not the size.
   28143     std::string tmp = fu_data_bytes.substr(2);
   28144     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   28145       return TRUNKS_RC_ENCRYPTION_FAILED;
   28146     }
   28147     fu_data_bytes.replace(2, std::string::npos, tmp);
   28148     rc = Parse_TPM2B_MAX_BUFFER(&fu_data_bytes, fu_data, nullptr);
   28149     if (rc != TPM_RC_SUCCESS) {
   28150       return rc;
   28151     }
   28152   }
   28153   return TPM_RC_SUCCESS;
   28154 }
   28155 
   28156 void FirmwareReadErrorCallback(const Tpm::FirmwareReadResponse& callback,
   28157                                TPM_RC response_code) {
   28158   VLOG(1) << __func__;
   28159   callback.Run(response_code, TPM2B_MAX_BUFFER());
   28160 }
   28161 
   28162 void FirmwareReadResponseParser(const Tpm::FirmwareReadResponse& callback,
   28163                                 AuthorizationDelegate* authorization_delegate,
   28164                                 const std::string& response) {
   28165   VLOG(1) << __func__;
   28166   base::Callback<void(TPM_RC)> error_reporter =
   28167       base::Bind(FirmwareReadErrorCallback, callback);
   28168   TPM2B_MAX_BUFFER fu_data;
   28169   TPM_RC rc = Tpm::ParseResponse_FirmwareRead(response, &fu_data,
   28170                                               authorization_delegate);
   28171   if (rc != TPM_RC_SUCCESS) {
   28172     error_reporter.Run(rc);
   28173     return;
   28174   }
   28175   callback.Run(rc, fu_data);
   28176 }
   28177 
   28178 void Tpm::FirmwareRead(const UINT32& sequence_number,
   28179                        AuthorizationDelegate* authorization_delegate,
   28180                        const FirmwareReadResponse& callback) {
   28181   VLOG(1) << __func__;
   28182   base::Callback<void(TPM_RC)> error_reporter =
   28183       base::Bind(FirmwareReadErrorCallback, callback);
   28184   base::Callback<void(const std::string&)> parser =
   28185       base::Bind(FirmwareReadResponseParser, callback, authorization_delegate);
   28186   std::string command;
   28187   TPM_RC rc = SerializeCommand_FirmwareRead(sequence_number, &command,
   28188                                             authorization_delegate);
   28189   if (rc != TPM_RC_SUCCESS) {
   28190     error_reporter.Run(rc);
   28191     return;
   28192   }
   28193   transceiver_->SendCommand(command, parser);
   28194 }
   28195 
   28196 TPM_RC Tpm::FirmwareReadSync(const UINT32& sequence_number,
   28197                              TPM2B_MAX_BUFFER* fu_data,
   28198                              AuthorizationDelegate* authorization_delegate) {
   28199   VLOG(1) << __func__;
   28200   std::string command;
   28201   TPM_RC rc = SerializeCommand_FirmwareRead(sequence_number, &command,
   28202                                             authorization_delegate);
   28203   if (rc != TPM_RC_SUCCESS) {
   28204     return rc;
   28205   }
   28206   std::string response = transceiver_->SendCommandAndWait(command);
   28207   rc = ParseResponse_FirmwareRead(response, fu_data, authorization_delegate);
   28208   return rc;
   28209 }
   28210 
   28211 TPM_RC Tpm::SerializeCommand_ContextSave(
   28212     const TPMI_DH_CONTEXT& save_handle,
   28213     const std::string& save_handle_name,
   28214     std::string* serialized_command,
   28215     AuthorizationDelegate* authorization_delegate) {
   28216   VLOG(3) << __func__;
   28217   TPM_RC rc = TPM_RC_SUCCESS;
   28218   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28219   UINT32 command_size = 10;  // Header size.
   28220   std::string handle_section_bytes;
   28221   std::string parameter_section_bytes;
   28222   TPM_CC command_code = TPM_CC_ContextSave;
   28223   bool is_command_parameter_encryption_possible = false;
   28224   bool is_response_parameter_encryption_possible = false;
   28225   std::string command_code_bytes;
   28226   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28227   if (rc != TPM_RC_SUCCESS) {
   28228     return rc;
   28229   }
   28230   std::string save_handle_bytes;
   28231   rc = Serialize_TPMI_DH_CONTEXT(save_handle, &save_handle_bytes);
   28232   if (rc != TPM_RC_SUCCESS) {
   28233     return rc;
   28234   }
   28235   std::unique_ptr<crypto::SecureHash> hash(
   28236       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28237   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28238   hash->Update(save_handle_name.data(), save_handle_name.size());
   28239   handle_section_bytes += save_handle_bytes;
   28240   command_size += save_handle_bytes.size();
   28241   std::string command_hash(32, 0);
   28242   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   28243   std::string authorization_section_bytes;
   28244   std::string authorization_size_bytes;
   28245   if (authorization_delegate) {
   28246     if (!authorization_delegate->GetCommandAuthorization(
   28247             command_hash, is_command_parameter_encryption_possible,
   28248             is_response_parameter_encryption_possible,
   28249             &authorization_section_bytes)) {
   28250       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28251     }
   28252     if (!authorization_section_bytes.empty()) {
   28253       tag = TPM_ST_SESSIONS;
   28254       std::string tmp;
   28255       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28256                             &authorization_size_bytes);
   28257       if (rc != TPM_RC_SUCCESS) {
   28258         return rc;
   28259       }
   28260       command_size +=
   28261           authorization_size_bytes.size() + authorization_section_bytes.size();
   28262     }
   28263   }
   28264   std::string tag_bytes;
   28265   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   28266   if (rc != TPM_RC_SUCCESS) {
   28267     return rc;
   28268   }
   28269   std::string command_size_bytes;
   28270   rc = Serialize_UINT32(command_size, &command_size_bytes);
   28271   if (rc != TPM_RC_SUCCESS) {
   28272     return rc;
   28273   }
   28274   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   28275                         handle_section_bytes + authorization_size_bytes +
   28276                         authorization_section_bytes + parameter_section_bytes;
   28277   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28278   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28279                                             serialized_command->size());
   28280   return TPM_RC_SUCCESS;
   28281 }
   28282 
   28283 TPM_RC Tpm::ParseResponse_ContextSave(
   28284     const std::string& response,
   28285     TPMS_CONTEXT* context,
   28286     AuthorizationDelegate* authorization_delegate) {
   28287   VLOG(3) << __func__;
   28288   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28289   TPM_RC rc = TPM_RC_SUCCESS;
   28290   std::string buffer(response);
   28291   TPM_ST tag;
   28292   std::string tag_bytes;
   28293   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   28294   if (rc != TPM_RC_SUCCESS) {
   28295     return rc;
   28296   }
   28297   UINT32 response_size;
   28298   std::string response_size_bytes;
   28299   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   28300   if (rc != TPM_RC_SUCCESS) {
   28301     return rc;
   28302   }
   28303   TPM_RC response_code;
   28304   std::string response_code_bytes;
   28305   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   28306   if (rc != TPM_RC_SUCCESS) {
   28307     return rc;
   28308   }
   28309   if (response_size != response.size()) {
   28310     return TPM_RC_SIZE;
   28311   }
   28312   if (response_code != TPM_RC_SUCCESS) {
   28313     return response_code;
   28314   }
   28315   TPM_CC command_code = TPM_CC_ContextSave;
   28316   std::string command_code_bytes;
   28317   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28318   if (rc != TPM_RC_SUCCESS) {
   28319     return rc;
   28320   }
   28321   std::string authorization_section_bytes;
   28322   if (tag == TPM_ST_SESSIONS) {
   28323     UINT32 parameter_section_size = buffer.size();
   28324     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28325     if (rc != TPM_RC_SUCCESS) {
   28326       return rc;
   28327     }
   28328     if (parameter_section_size > buffer.size()) {
   28329       return TPM_RC_INSUFFICIENT;
   28330     }
   28331     authorization_section_bytes = buffer.substr(parameter_section_size);
   28332     // Keep the parameter section in |buffer|.
   28333     buffer.erase(parameter_section_size);
   28334   }
   28335   std::unique_ptr<crypto::SecureHash> hash(
   28336       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28337   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   28338   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28339   hash->Update(buffer.data(), buffer.size());
   28340   std::string response_hash(32, 0);
   28341   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   28342   if (tag == TPM_ST_SESSIONS) {
   28343     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28344     if (!authorization_delegate->CheckResponseAuthorization(
   28345             response_hash, authorization_section_bytes)) {
   28346       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28347     }
   28348   }
   28349   std::string context_bytes;
   28350   rc = Parse_TPMS_CONTEXT(&buffer, context, &context_bytes);
   28351   if (rc != TPM_RC_SUCCESS) {
   28352     return rc;
   28353   }
   28354   return TPM_RC_SUCCESS;
   28355 }
   28356 
   28357 void ContextSaveErrorCallback(const Tpm::ContextSaveResponse& callback,
   28358                               TPM_RC response_code) {
   28359   VLOG(1) << __func__;
   28360   callback.Run(response_code, TPMS_CONTEXT());
   28361 }
   28362 
   28363 void ContextSaveResponseParser(const Tpm::ContextSaveResponse& callback,
   28364                                AuthorizationDelegate* authorization_delegate,
   28365                                const std::string& response) {
   28366   VLOG(1) << __func__;
   28367   base::Callback<void(TPM_RC)> error_reporter =
   28368       base::Bind(ContextSaveErrorCallback, callback);
   28369   TPMS_CONTEXT context;
   28370   TPM_RC rc = Tpm::ParseResponse_ContextSave(response, &context,
   28371                                              authorization_delegate);
   28372   if (rc != TPM_RC_SUCCESS) {
   28373     error_reporter.Run(rc);
   28374     return;
   28375   }
   28376   callback.Run(rc, context);
   28377 }
   28378 
   28379 void Tpm::ContextSave(const TPMI_DH_CONTEXT& save_handle,
   28380                       const std::string& save_handle_name,
   28381                       AuthorizationDelegate* authorization_delegate,
   28382                       const ContextSaveResponse& callback) {
   28383   VLOG(1) << __func__;
   28384   base::Callback<void(TPM_RC)> error_reporter =
   28385       base::Bind(ContextSaveErrorCallback, callback);
   28386   base::Callback<void(const std::string&)> parser =
   28387       base::Bind(ContextSaveResponseParser, callback, authorization_delegate);
   28388   std::string command;
   28389   TPM_RC rc = SerializeCommand_ContextSave(save_handle, save_handle_name,
   28390                                            &command, authorization_delegate);
   28391   if (rc != TPM_RC_SUCCESS) {
   28392     error_reporter.Run(rc);
   28393     return;
   28394   }
   28395   transceiver_->SendCommand(command, parser);
   28396 }
   28397 
   28398 TPM_RC Tpm::ContextSaveSync(const TPMI_DH_CONTEXT& save_handle,
   28399                             const std::string& save_handle_name,
   28400                             TPMS_CONTEXT* context,
   28401                             AuthorizationDelegate* authorization_delegate) {
   28402   VLOG(1) << __func__;
   28403   std::string command;
   28404   TPM_RC rc = SerializeCommand_ContextSave(save_handle, save_handle_name,
   28405                                            &command, authorization_delegate);
   28406   if (rc != TPM_RC_SUCCESS) {
   28407     return rc;
   28408   }
   28409   std::string response = transceiver_->SendCommandAndWait(command);
   28410   rc = ParseResponse_ContextSave(response, context, authorization_delegate);
   28411   return rc;
   28412 }
   28413 
   28414 TPM_RC Tpm::SerializeCommand_ContextLoad(
   28415     const TPMS_CONTEXT& context,
   28416     std::string* serialized_command,
   28417     AuthorizationDelegate* authorization_delegate) {
   28418   VLOG(3) << __func__;
   28419   TPM_RC rc = TPM_RC_SUCCESS;
   28420   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28421   UINT32 command_size = 10;  // Header size.
   28422   std::string handle_section_bytes;
   28423   std::string parameter_section_bytes;
   28424   TPM_CC command_code = TPM_CC_ContextLoad;
   28425   bool is_command_parameter_encryption_possible = false;
   28426   bool is_response_parameter_encryption_possible = false;
   28427   std::string command_code_bytes;
   28428   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28429   if (rc != TPM_RC_SUCCESS) {
   28430     return rc;
   28431   }
   28432   std::string context_bytes;
   28433   rc = Serialize_TPMS_CONTEXT(context, &context_bytes);
   28434   if (rc != TPM_RC_SUCCESS) {
   28435     return rc;
   28436   }
   28437   std::unique_ptr<crypto::SecureHash> hash(
   28438       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28439   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28440   hash->Update(context_bytes.data(), context_bytes.size());
   28441   parameter_section_bytes += context_bytes;
   28442   command_size += context_bytes.size();
   28443   std::string command_hash(32, 0);
   28444   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   28445   std::string authorization_section_bytes;
   28446   std::string authorization_size_bytes;
   28447   if (authorization_delegate) {
   28448     if (!authorization_delegate->GetCommandAuthorization(
   28449             command_hash, is_command_parameter_encryption_possible,
   28450             is_response_parameter_encryption_possible,
   28451             &authorization_section_bytes)) {
   28452       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28453     }
   28454     if (!authorization_section_bytes.empty()) {
   28455       tag = TPM_ST_SESSIONS;
   28456       std::string tmp;
   28457       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28458                             &authorization_size_bytes);
   28459       if (rc != TPM_RC_SUCCESS) {
   28460         return rc;
   28461       }
   28462       command_size +=
   28463           authorization_size_bytes.size() + authorization_section_bytes.size();
   28464     }
   28465   }
   28466   std::string tag_bytes;
   28467   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   28468   if (rc != TPM_RC_SUCCESS) {
   28469     return rc;
   28470   }
   28471   std::string command_size_bytes;
   28472   rc = Serialize_UINT32(command_size, &command_size_bytes);
   28473   if (rc != TPM_RC_SUCCESS) {
   28474     return rc;
   28475   }
   28476   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   28477                         handle_section_bytes + authorization_size_bytes +
   28478                         authorization_section_bytes + parameter_section_bytes;
   28479   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28480   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28481                                             serialized_command->size());
   28482   return TPM_RC_SUCCESS;
   28483 }
   28484 
   28485 TPM_RC Tpm::ParseResponse_ContextLoad(
   28486     const std::string& response,
   28487     TPMI_DH_CONTEXT* loaded_handle,
   28488     AuthorizationDelegate* authorization_delegate) {
   28489   VLOG(3) << __func__;
   28490   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28491   TPM_RC rc = TPM_RC_SUCCESS;
   28492   std::string buffer(response);
   28493   TPM_ST tag;
   28494   std::string tag_bytes;
   28495   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   28496   if (rc != TPM_RC_SUCCESS) {
   28497     return rc;
   28498   }
   28499   UINT32 response_size;
   28500   std::string response_size_bytes;
   28501   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   28502   if (rc != TPM_RC_SUCCESS) {
   28503     return rc;
   28504   }
   28505   TPM_RC response_code;
   28506   std::string response_code_bytes;
   28507   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   28508   if (rc != TPM_RC_SUCCESS) {
   28509     return rc;
   28510   }
   28511   if (response_size != response.size()) {
   28512     return TPM_RC_SIZE;
   28513   }
   28514   if (response_code != TPM_RC_SUCCESS) {
   28515     return response_code;
   28516   }
   28517   std::string loaded_handle_bytes;
   28518   rc = Parse_TPMI_DH_CONTEXT(&buffer, loaded_handle, &loaded_handle_bytes);
   28519   if (rc != TPM_RC_SUCCESS) {
   28520     return rc;
   28521   }
   28522   TPM_CC command_code = TPM_CC_ContextLoad;
   28523   std::string command_code_bytes;
   28524   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28525   if (rc != TPM_RC_SUCCESS) {
   28526     return rc;
   28527   }
   28528   std::string authorization_section_bytes;
   28529   if (tag == TPM_ST_SESSIONS) {
   28530     UINT32 parameter_section_size = buffer.size();
   28531     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28532     if (rc != TPM_RC_SUCCESS) {
   28533       return rc;
   28534     }
   28535     if (parameter_section_size > buffer.size()) {
   28536       return TPM_RC_INSUFFICIENT;
   28537     }
   28538     authorization_section_bytes = buffer.substr(parameter_section_size);
   28539     // Keep the parameter section in |buffer|.
   28540     buffer.erase(parameter_section_size);
   28541   }
   28542   std::unique_ptr<crypto::SecureHash> hash(
   28543       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28544   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   28545   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28546   hash->Update(buffer.data(), buffer.size());
   28547   std::string response_hash(32, 0);
   28548   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   28549   if (tag == TPM_ST_SESSIONS) {
   28550     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28551     if (!authorization_delegate->CheckResponseAuthorization(
   28552             response_hash, authorization_section_bytes)) {
   28553       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28554     }
   28555   }
   28556   return TPM_RC_SUCCESS;
   28557 }
   28558 
   28559 void ContextLoadErrorCallback(const Tpm::ContextLoadResponse& callback,
   28560                               TPM_RC response_code) {
   28561   VLOG(1) << __func__;
   28562   callback.Run(response_code, TPMI_DH_CONTEXT());
   28563 }
   28564 
   28565 void ContextLoadResponseParser(const Tpm::ContextLoadResponse& callback,
   28566                                AuthorizationDelegate* authorization_delegate,
   28567                                const std::string& response) {
   28568   VLOG(1) << __func__;
   28569   base::Callback<void(TPM_RC)> error_reporter =
   28570       base::Bind(ContextLoadErrorCallback, callback);
   28571   TPMI_DH_CONTEXT loaded_handle;
   28572   TPM_RC rc = Tpm::ParseResponse_ContextLoad(response, &loaded_handle,
   28573                                              authorization_delegate);
   28574   if (rc != TPM_RC_SUCCESS) {
   28575     error_reporter.Run(rc);
   28576     return;
   28577   }
   28578   callback.Run(rc, loaded_handle);
   28579 }
   28580 
   28581 void Tpm::ContextLoad(const TPMS_CONTEXT& context,
   28582                       AuthorizationDelegate* authorization_delegate,
   28583                       const ContextLoadResponse& callback) {
   28584   VLOG(1) << __func__;
   28585   base::Callback<void(TPM_RC)> error_reporter =
   28586       base::Bind(ContextLoadErrorCallback, callback);
   28587   base::Callback<void(const std::string&)> parser =
   28588       base::Bind(ContextLoadResponseParser, callback, authorization_delegate);
   28589   std::string command;
   28590   TPM_RC rc =
   28591       SerializeCommand_ContextLoad(context, &command, authorization_delegate);
   28592   if (rc != TPM_RC_SUCCESS) {
   28593     error_reporter.Run(rc);
   28594     return;
   28595   }
   28596   transceiver_->SendCommand(command, parser);
   28597 }
   28598 
   28599 TPM_RC Tpm::ContextLoadSync(const TPMS_CONTEXT& context,
   28600                             TPMI_DH_CONTEXT* loaded_handle,
   28601                             AuthorizationDelegate* authorization_delegate) {
   28602   VLOG(1) << __func__;
   28603   std::string command;
   28604   TPM_RC rc =
   28605       SerializeCommand_ContextLoad(context, &command, authorization_delegate);
   28606   if (rc != TPM_RC_SUCCESS) {
   28607     return rc;
   28608   }
   28609   std::string response = transceiver_->SendCommandAndWait(command);
   28610   rc = ParseResponse_ContextLoad(response, loaded_handle,
   28611                                  authorization_delegate);
   28612   return rc;
   28613 }
   28614 
   28615 TPM_RC Tpm::SerializeCommand_FlushContext(
   28616     const TPMI_DH_CONTEXT& flush_handle,
   28617     std::string* serialized_command,
   28618     AuthorizationDelegate* authorization_delegate) {
   28619   VLOG(3) << __func__;
   28620   TPM_RC rc = TPM_RC_SUCCESS;
   28621   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28622   UINT32 command_size = 10;  // Header size.
   28623   std::string handle_section_bytes;
   28624   std::string parameter_section_bytes;
   28625   TPM_CC command_code = TPM_CC_FlushContext;
   28626   bool is_command_parameter_encryption_possible = false;
   28627   bool is_response_parameter_encryption_possible = false;
   28628   std::string command_code_bytes;
   28629   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28630   if (rc != TPM_RC_SUCCESS) {
   28631     return rc;
   28632   }
   28633   std::string flush_handle_bytes;
   28634   rc = Serialize_TPMI_DH_CONTEXT(flush_handle, &flush_handle_bytes);
   28635   if (rc != TPM_RC_SUCCESS) {
   28636     return rc;
   28637   }
   28638   std::unique_ptr<crypto::SecureHash> hash(
   28639       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28640   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28641   hash->Update(flush_handle_bytes.data(), flush_handle_bytes.size());
   28642   parameter_section_bytes += flush_handle_bytes;
   28643   command_size += flush_handle_bytes.size();
   28644   std::string command_hash(32, 0);
   28645   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   28646   std::string authorization_section_bytes;
   28647   std::string authorization_size_bytes;
   28648   if (authorization_delegate) {
   28649     if (!authorization_delegate->GetCommandAuthorization(
   28650             command_hash, is_command_parameter_encryption_possible,
   28651             is_response_parameter_encryption_possible,
   28652             &authorization_section_bytes)) {
   28653       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28654     }
   28655     if (!authorization_section_bytes.empty()) {
   28656       tag = TPM_ST_SESSIONS;
   28657       std::string tmp;
   28658       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28659                             &authorization_size_bytes);
   28660       if (rc != TPM_RC_SUCCESS) {
   28661         return rc;
   28662       }
   28663       command_size +=
   28664           authorization_size_bytes.size() + authorization_section_bytes.size();
   28665     }
   28666   }
   28667   std::string tag_bytes;
   28668   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   28669   if (rc != TPM_RC_SUCCESS) {
   28670     return rc;
   28671   }
   28672   std::string command_size_bytes;
   28673   rc = Serialize_UINT32(command_size, &command_size_bytes);
   28674   if (rc != TPM_RC_SUCCESS) {
   28675     return rc;
   28676   }
   28677   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   28678                         handle_section_bytes + authorization_size_bytes +
   28679                         authorization_section_bytes + parameter_section_bytes;
   28680   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28681   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28682                                             serialized_command->size());
   28683   return TPM_RC_SUCCESS;
   28684 }
   28685 
   28686 TPM_RC Tpm::ParseResponse_FlushContext(
   28687     const std::string& response,
   28688     AuthorizationDelegate* authorization_delegate) {
   28689   VLOG(3) << __func__;
   28690   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28691   TPM_RC rc = TPM_RC_SUCCESS;
   28692   std::string buffer(response);
   28693   TPM_ST tag;
   28694   std::string tag_bytes;
   28695   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   28696   if (rc != TPM_RC_SUCCESS) {
   28697     return rc;
   28698   }
   28699   UINT32 response_size;
   28700   std::string response_size_bytes;
   28701   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   28702   if (rc != TPM_RC_SUCCESS) {
   28703     return rc;
   28704   }
   28705   TPM_RC response_code;
   28706   std::string response_code_bytes;
   28707   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   28708   if (rc != TPM_RC_SUCCESS) {
   28709     return rc;
   28710   }
   28711   if (response_size != response.size()) {
   28712     return TPM_RC_SIZE;
   28713   }
   28714   if (response_code != TPM_RC_SUCCESS) {
   28715     return response_code;
   28716   }
   28717   TPM_CC command_code = TPM_CC_FlushContext;
   28718   std::string command_code_bytes;
   28719   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28720   if (rc != TPM_RC_SUCCESS) {
   28721     return rc;
   28722   }
   28723   std::string authorization_section_bytes;
   28724   if (tag == TPM_ST_SESSIONS) {
   28725     UINT32 parameter_section_size = buffer.size();
   28726     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28727     if (rc != TPM_RC_SUCCESS) {
   28728       return rc;
   28729     }
   28730     if (parameter_section_size > buffer.size()) {
   28731       return TPM_RC_INSUFFICIENT;
   28732     }
   28733     authorization_section_bytes = buffer.substr(parameter_section_size);
   28734     // Keep the parameter section in |buffer|.
   28735     buffer.erase(parameter_section_size);
   28736   }
   28737   std::unique_ptr<crypto::SecureHash> hash(
   28738       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28739   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   28740   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28741   hash->Update(buffer.data(), buffer.size());
   28742   std::string response_hash(32, 0);
   28743   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   28744   if (tag == TPM_ST_SESSIONS) {
   28745     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28746     if (!authorization_delegate->CheckResponseAuthorization(
   28747             response_hash, authorization_section_bytes)) {
   28748       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28749     }
   28750   }
   28751   return TPM_RC_SUCCESS;
   28752 }
   28753 
   28754 void FlushContextErrorCallback(const Tpm::FlushContextResponse& callback,
   28755                                TPM_RC response_code) {
   28756   VLOG(1) << __func__;
   28757   callback.Run(response_code);
   28758 }
   28759 
   28760 void FlushContextResponseParser(const Tpm::FlushContextResponse& callback,
   28761                                 AuthorizationDelegate* authorization_delegate,
   28762                                 const std::string& response) {
   28763   VLOG(1) << __func__;
   28764   base::Callback<void(TPM_RC)> error_reporter =
   28765       base::Bind(FlushContextErrorCallback, callback);
   28766   TPM_RC rc = Tpm::ParseResponse_FlushContext(response, authorization_delegate);
   28767   if (rc != TPM_RC_SUCCESS) {
   28768     error_reporter.Run(rc);
   28769     return;
   28770   }
   28771   callback.Run(rc);
   28772 }
   28773 
   28774 void Tpm::FlushContext(const TPMI_DH_CONTEXT& flush_handle,
   28775                        AuthorizationDelegate* authorization_delegate,
   28776                        const FlushContextResponse& callback) {
   28777   VLOG(1) << __func__;
   28778   base::Callback<void(TPM_RC)> error_reporter =
   28779       base::Bind(FlushContextErrorCallback, callback);
   28780   base::Callback<void(const std::string&)> parser =
   28781       base::Bind(FlushContextResponseParser, callback, authorization_delegate);
   28782   std::string command;
   28783   TPM_RC rc = SerializeCommand_FlushContext(flush_handle, &command,
   28784                                             authorization_delegate);
   28785   if (rc != TPM_RC_SUCCESS) {
   28786     error_reporter.Run(rc);
   28787     return;
   28788   }
   28789   transceiver_->SendCommand(command, parser);
   28790 }
   28791 
   28792 TPM_RC Tpm::FlushContextSync(const TPMI_DH_CONTEXT& flush_handle,
   28793                              AuthorizationDelegate* authorization_delegate) {
   28794   VLOG(1) << __func__;
   28795   std::string command;
   28796   TPM_RC rc = SerializeCommand_FlushContext(flush_handle, &command,
   28797                                             authorization_delegate);
   28798   if (rc != TPM_RC_SUCCESS) {
   28799     return rc;
   28800   }
   28801   std::string response = transceiver_->SendCommandAndWait(command);
   28802   rc = ParseResponse_FlushContext(response, authorization_delegate);
   28803   return rc;
   28804 }
   28805 
   28806 TPM_RC Tpm::SerializeCommand_EvictControl(
   28807     const TPMI_RH_PROVISION& auth,
   28808     const std::string& auth_name,
   28809     const TPMI_DH_OBJECT& object_handle,
   28810     const std::string& object_handle_name,
   28811     const TPMI_DH_PERSISTENT& persistent_handle,
   28812     std::string* serialized_command,
   28813     AuthorizationDelegate* authorization_delegate) {
   28814   VLOG(3) << __func__;
   28815   TPM_RC rc = TPM_RC_SUCCESS;
   28816   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28817   UINT32 command_size = 10;  // Header size.
   28818   std::string handle_section_bytes;
   28819   std::string parameter_section_bytes;
   28820   TPM_CC command_code = TPM_CC_EvictControl;
   28821   bool is_command_parameter_encryption_possible = false;
   28822   bool is_response_parameter_encryption_possible = false;
   28823   std::string command_code_bytes;
   28824   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28825   if (rc != TPM_RC_SUCCESS) {
   28826     return rc;
   28827   }
   28828   std::string auth_bytes;
   28829   rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes);
   28830   if (rc != TPM_RC_SUCCESS) {
   28831     return rc;
   28832   }
   28833   std::string object_handle_bytes;
   28834   rc = Serialize_TPMI_DH_OBJECT(object_handle, &object_handle_bytes);
   28835   if (rc != TPM_RC_SUCCESS) {
   28836     return rc;
   28837   }
   28838   std::string persistent_handle_bytes;
   28839   rc =
   28840       Serialize_TPMI_DH_PERSISTENT(persistent_handle, &persistent_handle_bytes);
   28841   if (rc != TPM_RC_SUCCESS) {
   28842     return rc;
   28843   }
   28844   std::unique_ptr<crypto::SecureHash> hash(
   28845       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28846   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28847   hash->Update(auth_name.data(), auth_name.size());
   28848   handle_section_bytes += auth_bytes;
   28849   command_size += auth_bytes.size();
   28850   hash->Update(object_handle_name.data(), object_handle_name.size());
   28851   handle_section_bytes += object_handle_bytes;
   28852   command_size += object_handle_bytes.size();
   28853   hash->Update(persistent_handle_bytes.data(), persistent_handle_bytes.size());
   28854   parameter_section_bytes += persistent_handle_bytes;
   28855   command_size += persistent_handle_bytes.size();
   28856   std::string command_hash(32, 0);
   28857   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   28858   std::string authorization_section_bytes;
   28859   std::string authorization_size_bytes;
   28860   if (authorization_delegate) {
   28861     if (!authorization_delegate->GetCommandAuthorization(
   28862             command_hash, is_command_parameter_encryption_possible,
   28863             is_response_parameter_encryption_possible,
   28864             &authorization_section_bytes)) {
   28865       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28866     }
   28867     if (!authorization_section_bytes.empty()) {
   28868       tag = TPM_ST_SESSIONS;
   28869       std::string tmp;
   28870       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28871                             &authorization_size_bytes);
   28872       if (rc != TPM_RC_SUCCESS) {
   28873         return rc;
   28874       }
   28875       command_size +=
   28876           authorization_size_bytes.size() + authorization_section_bytes.size();
   28877     }
   28878   }
   28879   std::string tag_bytes;
   28880   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   28881   if (rc != TPM_RC_SUCCESS) {
   28882     return rc;
   28883   }
   28884   std::string command_size_bytes;
   28885   rc = Serialize_UINT32(command_size, &command_size_bytes);
   28886   if (rc != TPM_RC_SUCCESS) {
   28887     return rc;
   28888   }
   28889   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   28890                         handle_section_bytes + authorization_size_bytes +
   28891                         authorization_section_bytes + parameter_section_bytes;
   28892   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28893   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28894                                             serialized_command->size());
   28895   return TPM_RC_SUCCESS;
   28896 }
   28897 
   28898 TPM_RC Tpm::ParseResponse_EvictControl(
   28899     const std::string& response,
   28900     AuthorizationDelegate* authorization_delegate) {
   28901   VLOG(3) << __func__;
   28902   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28903   TPM_RC rc = TPM_RC_SUCCESS;
   28904   std::string buffer(response);
   28905   TPM_ST tag;
   28906   std::string tag_bytes;
   28907   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   28908   if (rc != TPM_RC_SUCCESS) {
   28909     return rc;
   28910   }
   28911   UINT32 response_size;
   28912   std::string response_size_bytes;
   28913   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   28914   if (rc != TPM_RC_SUCCESS) {
   28915     return rc;
   28916   }
   28917   TPM_RC response_code;
   28918   std::string response_code_bytes;
   28919   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   28920   if (rc != TPM_RC_SUCCESS) {
   28921     return rc;
   28922   }
   28923   if (response_size != response.size()) {
   28924     return TPM_RC_SIZE;
   28925   }
   28926   if (response_code != TPM_RC_SUCCESS) {
   28927     return response_code;
   28928   }
   28929   TPM_CC command_code = TPM_CC_EvictControl;
   28930   std::string command_code_bytes;
   28931   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   28932   if (rc != TPM_RC_SUCCESS) {
   28933     return rc;
   28934   }
   28935   std::string authorization_section_bytes;
   28936   if (tag == TPM_ST_SESSIONS) {
   28937     UINT32 parameter_section_size = buffer.size();
   28938     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28939     if (rc != TPM_RC_SUCCESS) {
   28940       return rc;
   28941     }
   28942     if (parameter_section_size > buffer.size()) {
   28943       return TPM_RC_INSUFFICIENT;
   28944     }
   28945     authorization_section_bytes = buffer.substr(parameter_section_size);
   28946     // Keep the parameter section in |buffer|.
   28947     buffer.erase(parameter_section_size);
   28948   }
   28949   std::unique_ptr<crypto::SecureHash> hash(
   28950       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   28951   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   28952   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   28953   hash->Update(buffer.data(), buffer.size());
   28954   std::string response_hash(32, 0);
   28955   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   28956   if (tag == TPM_ST_SESSIONS) {
   28957     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28958     if (!authorization_delegate->CheckResponseAuthorization(
   28959             response_hash, authorization_section_bytes)) {
   28960       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28961     }
   28962   }
   28963   return TPM_RC_SUCCESS;
   28964 }
   28965 
   28966 void EvictControlErrorCallback(const Tpm::EvictControlResponse& callback,
   28967                                TPM_RC response_code) {
   28968   VLOG(1) << __func__;
   28969   callback.Run(response_code);
   28970 }
   28971 
   28972 void EvictControlResponseParser(const Tpm::EvictControlResponse& callback,
   28973                                 AuthorizationDelegate* authorization_delegate,
   28974                                 const std::string& response) {
   28975   VLOG(1) << __func__;
   28976   base::Callback<void(TPM_RC)> error_reporter =
   28977       base::Bind(EvictControlErrorCallback, callback);
   28978   TPM_RC rc = Tpm::ParseResponse_EvictControl(response, authorization_delegate);
   28979   if (rc != TPM_RC_SUCCESS) {
   28980     error_reporter.Run(rc);
   28981     return;
   28982   }
   28983   callback.Run(rc);
   28984 }
   28985 
   28986 void Tpm::EvictControl(const TPMI_RH_PROVISION& auth,
   28987                        const std::string& auth_name,
   28988                        const TPMI_DH_OBJECT& object_handle,
   28989                        const std::string& object_handle_name,
   28990                        const TPMI_DH_PERSISTENT& persistent_handle,
   28991                        AuthorizationDelegate* authorization_delegate,
   28992                        const EvictControlResponse& callback) {
   28993   VLOG(1) << __func__;
   28994   base::Callback<void(TPM_RC)> error_reporter =
   28995       base::Bind(EvictControlErrorCallback, callback);
   28996   base::Callback<void(const std::string&)> parser =
   28997       base::Bind(EvictControlResponseParser, callback, authorization_delegate);
   28998   std::string command;
   28999   TPM_RC rc = SerializeCommand_EvictControl(
   29000       auth, auth_name, object_handle, object_handle_name, persistent_handle,
   29001       &command, authorization_delegate);
   29002   if (rc != TPM_RC_SUCCESS) {
   29003     error_reporter.Run(rc);
   29004     return;
   29005   }
   29006   transceiver_->SendCommand(command, parser);
   29007 }
   29008 
   29009 TPM_RC Tpm::EvictControlSync(const TPMI_RH_PROVISION& auth,
   29010                              const std::string& auth_name,
   29011                              const TPMI_DH_OBJECT& object_handle,
   29012                              const std::string& object_handle_name,
   29013                              const TPMI_DH_PERSISTENT& persistent_handle,
   29014                              AuthorizationDelegate* authorization_delegate) {
   29015   VLOG(1) << __func__;
   29016   std::string command;
   29017   TPM_RC rc = SerializeCommand_EvictControl(
   29018       auth, auth_name, object_handle, object_handle_name, persistent_handle,
   29019       &command, authorization_delegate);
   29020   if (rc != TPM_RC_SUCCESS) {
   29021     return rc;
   29022   }
   29023   std::string response = transceiver_->SendCommandAndWait(command);
   29024   rc = ParseResponse_EvictControl(response, authorization_delegate);
   29025   return rc;
   29026 }
   29027 
   29028 TPM_RC Tpm::SerializeCommand_ReadClock(
   29029     std::string* serialized_command,
   29030     AuthorizationDelegate* authorization_delegate) {
   29031   VLOG(3) << __func__;
   29032   TPM_RC rc = TPM_RC_SUCCESS;
   29033   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29034   UINT32 command_size = 10;  // Header size.
   29035   std::string handle_section_bytes;
   29036   std::string parameter_section_bytes;
   29037   TPM_CC command_code = TPM_CC_ReadClock;
   29038   bool is_command_parameter_encryption_possible = false;
   29039   bool is_response_parameter_encryption_possible = false;
   29040   std::string command_code_bytes;
   29041   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29042   if (rc != TPM_RC_SUCCESS) {
   29043     return rc;
   29044   }
   29045   std::unique_ptr<crypto::SecureHash> hash(
   29046       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29047   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29048   std::string command_hash(32, 0);
   29049   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   29050   std::string authorization_section_bytes;
   29051   std::string authorization_size_bytes;
   29052   if (authorization_delegate) {
   29053     if (!authorization_delegate->GetCommandAuthorization(
   29054             command_hash, is_command_parameter_encryption_possible,
   29055             is_response_parameter_encryption_possible,
   29056             &authorization_section_bytes)) {
   29057       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29058     }
   29059     if (!authorization_section_bytes.empty()) {
   29060       tag = TPM_ST_SESSIONS;
   29061       std::string tmp;
   29062       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29063                             &authorization_size_bytes);
   29064       if (rc != TPM_RC_SUCCESS) {
   29065         return rc;
   29066       }
   29067       command_size +=
   29068           authorization_size_bytes.size() + authorization_section_bytes.size();
   29069     }
   29070   }
   29071   std::string tag_bytes;
   29072   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   29073   if (rc != TPM_RC_SUCCESS) {
   29074     return rc;
   29075   }
   29076   std::string command_size_bytes;
   29077   rc = Serialize_UINT32(command_size, &command_size_bytes);
   29078   if (rc != TPM_RC_SUCCESS) {
   29079     return rc;
   29080   }
   29081   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   29082                         handle_section_bytes + authorization_size_bytes +
   29083                         authorization_section_bytes + parameter_section_bytes;
   29084   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29085   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29086                                             serialized_command->size());
   29087   return TPM_RC_SUCCESS;
   29088 }
   29089 
   29090 TPM_RC Tpm::ParseResponse_ReadClock(
   29091     const std::string& response,
   29092     TPMS_TIME_INFO* current_time,
   29093     AuthorizationDelegate* authorization_delegate) {
   29094   VLOG(3) << __func__;
   29095   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29096   TPM_RC rc = TPM_RC_SUCCESS;
   29097   std::string buffer(response);
   29098   TPM_ST tag;
   29099   std::string tag_bytes;
   29100   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   29101   if (rc != TPM_RC_SUCCESS) {
   29102     return rc;
   29103   }
   29104   UINT32 response_size;
   29105   std::string response_size_bytes;
   29106   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   29107   if (rc != TPM_RC_SUCCESS) {
   29108     return rc;
   29109   }
   29110   TPM_RC response_code;
   29111   std::string response_code_bytes;
   29112   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   29113   if (rc != TPM_RC_SUCCESS) {
   29114     return rc;
   29115   }
   29116   if (response_size != response.size()) {
   29117     return TPM_RC_SIZE;
   29118   }
   29119   if (response_code != TPM_RC_SUCCESS) {
   29120     return response_code;
   29121   }
   29122   TPM_CC command_code = TPM_CC_ReadClock;
   29123   std::string command_code_bytes;
   29124   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29125   if (rc != TPM_RC_SUCCESS) {
   29126     return rc;
   29127   }
   29128   std::string authorization_section_bytes;
   29129   if (tag == TPM_ST_SESSIONS) {
   29130     UINT32 parameter_section_size = buffer.size();
   29131     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29132     if (rc != TPM_RC_SUCCESS) {
   29133       return rc;
   29134     }
   29135     if (parameter_section_size > buffer.size()) {
   29136       return TPM_RC_INSUFFICIENT;
   29137     }
   29138     authorization_section_bytes = buffer.substr(parameter_section_size);
   29139     // Keep the parameter section in |buffer|.
   29140     buffer.erase(parameter_section_size);
   29141   }
   29142   std::unique_ptr<crypto::SecureHash> hash(
   29143       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29144   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   29145   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29146   hash->Update(buffer.data(), buffer.size());
   29147   std::string response_hash(32, 0);
   29148   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   29149   if (tag == TPM_ST_SESSIONS) {
   29150     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29151     if (!authorization_delegate->CheckResponseAuthorization(
   29152             response_hash, authorization_section_bytes)) {
   29153       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29154     }
   29155   }
   29156   std::string current_time_bytes;
   29157   rc = Parse_TPMS_TIME_INFO(&buffer, current_time, &current_time_bytes);
   29158   if (rc != TPM_RC_SUCCESS) {
   29159     return rc;
   29160   }
   29161   return TPM_RC_SUCCESS;
   29162 }
   29163 
   29164 void ReadClockErrorCallback(const Tpm::ReadClockResponse& callback,
   29165                             TPM_RC response_code) {
   29166   VLOG(1) << __func__;
   29167   callback.Run(response_code, TPMS_TIME_INFO());
   29168 }
   29169 
   29170 void ReadClockResponseParser(const Tpm::ReadClockResponse& callback,
   29171                              AuthorizationDelegate* authorization_delegate,
   29172                              const std::string& response) {
   29173   VLOG(1) << __func__;
   29174   base::Callback<void(TPM_RC)> error_reporter =
   29175       base::Bind(ReadClockErrorCallback, callback);
   29176   TPMS_TIME_INFO current_time;
   29177   TPM_RC rc = Tpm::ParseResponse_ReadClock(response, &current_time,
   29178                                            authorization_delegate);
   29179   if (rc != TPM_RC_SUCCESS) {
   29180     error_reporter.Run(rc);
   29181     return;
   29182   }
   29183   callback.Run(rc, current_time);
   29184 }
   29185 
   29186 void Tpm::ReadClock(AuthorizationDelegate* authorization_delegate,
   29187                     const ReadClockResponse& callback) {
   29188   VLOG(1) << __func__;
   29189   base::Callback<void(TPM_RC)> error_reporter =
   29190       base::Bind(ReadClockErrorCallback, callback);
   29191   base::Callback<void(const std::string&)> parser =
   29192       base::Bind(ReadClockResponseParser, callback, authorization_delegate);
   29193   std::string command;
   29194   TPM_RC rc = SerializeCommand_ReadClock(&command, authorization_delegate);
   29195   if (rc != TPM_RC_SUCCESS) {
   29196     error_reporter.Run(rc);
   29197     return;
   29198   }
   29199   transceiver_->SendCommand(command, parser);
   29200 }
   29201 
   29202 TPM_RC Tpm::ReadClockSync(TPMS_TIME_INFO* current_time,
   29203                           AuthorizationDelegate* authorization_delegate) {
   29204   VLOG(1) << __func__;
   29205   std::string command;
   29206   TPM_RC rc = SerializeCommand_ReadClock(&command, authorization_delegate);
   29207   if (rc != TPM_RC_SUCCESS) {
   29208     return rc;
   29209   }
   29210   std::string response = transceiver_->SendCommandAndWait(command);
   29211   rc = ParseResponse_ReadClock(response, current_time, authorization_delegate);
   29212   return rc;
   29213 }
   29214 
   29215 TPM_RC Tpm::SerializeCommand_ClockSet(
   29216     const TPMI_RH_PROVISION& auth,
   29217     const std::string& auth_name,
   29218     const UINT64& new_time,
   29219     std::string* serialized_command,
   29220     AuthorizationDelegate* authorization_delegate) {
   29221   VLOG(3) << __func__;
   29222   TPM_RC rc = TPM_RC_SUCCESS;
   29223   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29224   UINT32 command_size = 10;  // Header size.
   29225   std::string handle_section_bytes;
   29226   std::string parameter_section_bytes;
   29227   TPM_CC command_code = TPM_CC_ClockSet;
   29228   bool is_command_parameter_encryption_possible = false;
   29229   bool is_response_parameter_encryption_possible = false;
   29230   std::string command_code_bytes;
   29231   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29232   if (rc != TPM_RC_SUCCESS) {
   29233     return rc;
   29234   }
   29235   std::string auth_bytes;
   29236   rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes);
   29237   if (rc != TPM_RC_SUCCESS) {
   29238     return rc;
   29239   }
   29240   std::string new_time_bytes;
   29241   rc = Serialize_UINT64(new_time, &new_time_bytes);
   29242   if (rc != TPM_RC_SUCCESS) {
   29243     return rc;
   29244   }
   29245   std::unique_ptr<crypto::SecureHash> hash(
   29246       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29247   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29248   hash->Update(auth_name.data(), auth_name.size());
   29249   handle_section_bytes += auth_bytes;
   29250   command_size += auth_bytes.size();
   29251   hash->Update(new_time_bytes.data(), new_time_bytes.size());
   29252   parameter_section_bytes += new_time_bytes;
   29253   command_size += new_time_bytes.size();
   29254   std::string command_hash(32, 0);
   29255   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   29256   std::string authorization_section_bytes;
   29257   std::string authorization_size_bytes;
   29258   if (authorization_delegate) {
   29259     if (!authorization_delegate->GetCommandAuthorization(
   29260             command_hash, is_command_parameter_encryption_possible,
   29261             is_response_parameter_encryption_possible,
   29262             &authorization_section_bytes)) {
   29263       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29264     }
   29265     if (!authorization_section_bytes.empty()) {
   29266       tag = TPM_ST_SESSIONS;
   29267       std::string tmp;
   29268       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29269                             &authorization_size_bytes);
   29270       if (rc != TPM_RC_SUCCESS) {
   29271         return rc;
   29272       }
   29273       command_size +=
   29274           authorization_size_bytes.size() + authorization_section_bytes.size();
   29275     }
   29276   }
   29277   std::string tag_bytes;
   29278   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   29279   if (rc != TPM_RC_SUCCESS) {
   29280     return rc;
   29281   }
   29282   std::string command_size_bytes;
   29283   rc = Serialize_UINT32(command_size, &command_size_bytes);
   29284   if (rc != TPM_RC_SUCCESS) {
   29285     return rc;
   29286   }
   29287   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   29288                         handle_section_bytes + authorization_size_bytes +
   29289                         authorization_section_bytes + parameter_section_bytes;
   29290   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29291   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29292                                             serialized_command->size());
   29293   return TPM_RC_SUCCESS;
   29294 }
   29295 
   29296 TPM_RC Tpm::ParseResponse_ClockSet(
   29297     const std::string& response,
   29298     AuthorizationDelegate* authorization_delegate) {
   29299   VLOG(3) << __func__;
   29300   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29301   TPM_RC rc = TPM_RC_SUCCESS;
   29302   std::string buffer(response);
   29303   TPM_ST tag;
   29304   std::string tag_bytes;
   29305   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   29306   if (rc != TPM_RC_SUCCESS) {
   29307     return rc;
   29308   }
   29309   UINT32 response_size;
   29310   std::string response_size_bytes;
   29311   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   29312   if (rc != TPM_RC_SUCCESS) {
   29313     return rc;
   29314   }
   29315   TPM_RC response_code;
   29316   std::string response_code_bytes;
   29317   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   29318   if (rc != TPM_RC_SUCCESS) {
   29319     return rc;
   29320   }
   29321   if (response_size != response.size()) {
   29322     return TPM_RC_SIZE;
   29323   }
   29324   if (response_code != TPM_RC_SUCCESS) {
   29325     return response_code;
   29326   }
   29327   TPM_CC command_code = TPM_CC_ClockSet;
   29328   std::string command_code_bytes;
   29329   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29330   if (rc != TPM_RC_SUCCESS) {
   29331     return rc;
   29332   }
   29333   std::string authorization_section_bytes;
   29334   if (tag == TPM_ST_SESSIONS) {
   29335     UINT32 parameter_section_size = buffer.size();
   29336     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29337     if (rc != TPM_RC_SUCCESS) {
   29338       return rc;
   29339     }
   29340     if (parameter_section_size > buffer.size()) {
   29341       return TPM_RC_INSUFFICIENT;
   29342     }
   29343     authorization_section_bytes = buffer.substr(parameter_section_size);
   29344     // Keep the parameter section in |buffer|.
   29345     buffer.erase(parameter_section_size);
   29346   }
   29347   std::unique_ptr<crypto::SecureHash> hash(
   29348       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29349   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   29350   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29351   hash->Update(buffer.data(), buffer.size());
   29352   std::string response_hash(32, 0);
   29353   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   29354   if (tag == TPM_ST_SESSIONS) {
   29355     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29356     if (!authorization_delegate->CheckResponseAuthorization(
   29357             response_hash, authorization_section_bytes)) {
   29358       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29359     }
   29360   }
   29361   return TPM_RC_SUCCESS;
   29362 }
   29363 
   29364 void ClockSetErrorCallback(const Tpm::ClockSetResponse& callback,
   29365                            TPM_RC response_code) {
   29366   VLOG(1) << __func__;
   29367   callback.Run(response_code);
   29368 }
   29369 
   29370 void ClockSetResponseParser(const Tpm::ClockSetResponse& callback,
   29371                             AuthorizationDelegate* authorization_delegate,
   29372                             const std::string& response) {
   29373   VLOG(1) << __func__;
   29374   base::Callback<void(TPM_RC)> error_reporter =
   29375       base::Bind(ClockSetErrorCallback, callback);
   29376   TPM_RC rc = Tpm::ParseResponse_ClockSet(response, authorization_delegate);
   29377   if (rc != TPM_RC_SUCCESS) {
   29378     error_reporter.Run(rc);
   29379     return;
   29380   }
   29381   callback.Run(rc);
   29382 }
   29383 
   29384 void Tpm::ClockSet(const TPMI_RH_PROVISION& auth,
   29385                    const std::string& auth_name,
   29386                    const UINT64& new_time,
   29387                    AuthorizationDelegate* authorization_delegate,
   29388                    const ClockSetResponse& callback) {
   29389   VLOG(1) << __func__;
   29390   base::Callback<void(TPM_RC)> error_reporter =
   29391       base::Bind(ClockSetErrorCallback, callback);
   29392   base::Callback<void(const std::string&)> parser =
   29393       base::Bind(ClockSetResponseParser, callback, authorization_delegate);
   29394   std::string command;
   29395   TPM_RC rc = SerializeCommand_ClockSet(auth, auth_name, new_time, &command,
   29396                                         authorization_delegate);
   29397   if (rc != TPM_RC_SUCCESS) {
   29398     error_reporter.Run(rc);
   29399     return;
   29400   }
   29401   transceiver_->SendCommand(command, parser);
   29402 }
   29403 
   29404 TPM_RC Tpm::ClockSetSync(const TPMI_RH_PROVISION& auth,
   29405                          const std::string& auth_name,
   29406                          const UINT64& new_time,
   29407                          AuthorizationDelegate* authorization_delegate) {
   29408   VLOG(1) << __func__;
   29409   std::string command;
   29410   TPM_RC rc = SerializeCommand_ClockSet(auth, auth_name, new_time, &command,
   29411                                         authorization_delegate);
   29412   if (rc != TPM_RC_SUCCESS) {
   29413     return rc;
   29414   }
   29415   std::string response = transceiver_->SendCommandAndWait(command);
   29416   rc = ParseResponse_ClockSet(response, authorization_delegate);
   29417   return rc;
   29418 }
   29419 
   29420 TPM_RC Tpm::SerializeCommand_ClockRateAdjust(
   29421     const TPMI_RH_PROVISION& auth,
   29422     const std::string& auth_name,
   29423     const TPM_CLOCK_ADJUST& rate_adjust,
   29424     std::string* serialized_command,
   29425     AuthorizationDelegate* authorization_delegate) {
   29426   VLOG(3) << __func__;
   29427   TPM_RC rc = TPM_RC_SUCCESS;
   29428   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29429   UINT32 command_size = 10;  // Header size.
   29430   std::string handle_section_bytes;
   29431   std::string parameter_section_bytes;
   29432   TPM_CC command_code = TPM_CC_ClockRateAdjust;
   29433   bool is_command_parameter_encryption_possible = false;
   29434   bool is_response_parameter_encryption_possible = false;
   29435   std::string command_code_bytes;
   29436   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29437   if (rc != TPM_RC_SUCCESS) {
   29438     return rc;
   29439   }
   29440   std::string auth_bytes;
   29441   rc = Serialize_TPMI_RH_PROVISION(auth, &auth_bytes);
   29442   if (rc != TPM_RC_SUCCESS) {
   29443     return rc;
   29444   }
   29445   std::string rate_adjust_bytes;
   29446   rc = Serialize_TPM_CLOCK_ADJUST(rate_adjust, &rate_adjust_bytes);
   29447   if (rc != TPM_RC_SUCCESS) {
   29448     return rc;
   29449   }
   29450   std::unique_ptr<crypto::SecureHash> hash(
   29451       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29452   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29453   hash->Update(auth_name.data(), auth_name.size());
   29454   handle_section_bytes += auth_bytes;
   29455   command_size += auth_bytes.size();
   29456   hash->Update(rate_adjust_bytes.data(), rate_adjust_bytes.size());
   29457   parameter_section_bytes += rate_adjust_bytes;
   29458   command_size += rate_adjust_bytes.size();
   29459   std::string command_hash(32, 0);
   29460   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   29461   std::string authorization_section_bytes;
   29462   std::string authorization_size_bytes;
   29463   if (authorization_delegate) {
   29464     if (!authorization_delegate->GetCommandAuthorization(
   29465             command_hash, is_command_parameter_encryption_possible,
   29466             is_response_parameter_encryption_possible,
   29467             &authorization_section_bytes)) {
   29468       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29469     }
   29470     if (!authorization_section_bytes.empty()) {
   29471       tag = TPM_ST_SESSIONS;
   29472       std::string tmp;
   29473       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29474                             &authorization_size_bytes);
   29475       if (rc != TPM_RC_SUCCESS) {
   29476         return rc;
   29477       }
   29478       command_size +=
   29479           authorization_size_bytes.size() + authorization_section_bytes.size();
   29480     }
   29481   }
   29482   std::string tag_bytes;
   29483   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   29484   if (rc != TPM_RC_SUCCESS) {
   29485     return rc;
   29486   }
   29487   std::string command_size_bytes;
   29488   rc = Serialize_UINT32(command_size, &command_size_bytes);
   29489   if (rc != TPM_RC_SUCCESS) {
   29490     return rc;
   29491   }
   29492   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   29493                         handle_section_bytes + authorization_size_bytes +
   29494                         authorization_section_bytes + parameter_section_bytes;
   29495   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29496   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29497                                             serialized_command->size());
   29498   return TPM_RC_SUCCESS;
   29499 }
   29500 
   29501 TPM_RC Tpm::ParseResponse_ClockRateAdjust(
   29502     const std::string& response,
   29503     AuthorizationDelegate* authorization_delegate) {
   29504   VLOG(3) << __func__;
   29505   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29506   TPM_RC rc = TPM_RC_SUCCESS;
   29507   std::string buffer(response);
   29508   TPM_ST tag;
   29509   std::string tag_bytes;
   29510   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   29511   if (rc != TPM_RC_SUCCESS) {
   29512     return rc;
   29513   }
   29514   UINT32 response_size;
   29515   std::string response_size_bytes;
   29516   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   29517   if (rc != TPM_RC_SUCCESS) {
   29518     return rc;
   29519   }
   29520   TPM_RC response_code;
   29521   std::string response_code_bytes;
   29522   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   29523   if (rc != TPM_RC_SUCCESS) {
   29524     return rc;
   29525   }
   29526   if (response_size != response.size()) {
   29527     return TPM_RC_SIZE;
   29528   }
   29529   if (response_code != TPM_RC_SUCCESS) {
   29530     return response_code;
   29531   }
   29532   TPM_CC command_code = TPM_CC_ClockRateAdjust;
   29533   std::string command_code_bytes;
   29534   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29535   if (rc != TPM_RC_SUCCESS) {
   29536     return rc;
   29537   }
   29538   std::string authorization_section_bytes;
   29539   if (tag == TPM_ST_SESSIONS) {
   29540     UINT32 parameter_section_size = buffer.size();
   29541     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29542     if (rc != TPM_RC_SUCCESS) {
   29543       return rc;
   29544     }
   29545     if (parameter_section_size > buffer.size()) {
   29546       return TPM_RC_INSUFFICIENT;
   29547     }
   29548     authorization_section_bytes = buffer.substr(parameter_section_size);
   29549     // Keep the parameter section in |buffer|.
   29550     buffer.erase(parameter_section_size);
   29551   }
   29552   std::unique_ptr<crypto::SecureHash> hash(
   29553       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29554   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   29555   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29556   hash->Update(buffer.data(), buffer.size());
   29557   std::string response_hash(32, 0);
   29558   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   29559   if (tag == TPM_ST_SESSIONS) {
   29560     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29561     if (!authorization_delegate->CheckResponseAuthorization(
   29562             response_hash, authorization_section_bytes)) {
   29563       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29564     }
   29565   }
   29566   return TPM_RC_SUCCESS;
   29567 }
   29568 
   29569 void ClockRateAdjustErrorCallback(const Tpm::ClockRateAdjustResponse& callback,
   29570                                   TPM_RC response_code) {
   29571   VLOG(1) << __func__;
   29572   callback.Run(response_code);
   29573 }
   29574 
   29575 void ClockRateAdjustResponseParser(
   29576     const Tpm::ClockRateAdjustResponse& callback,
   29577     AuthorizationDelegate* authorization_delegate,
   29578     const std::string& response) {
   29579   VLOG(1) << __func__;
   29580   base::Callback<void(TPM_RC)> error_reporter =
   29581       base::Bind(ClockRateAdjustErrorCallback, callback);
   29582   TPM_RC rc =
   29583       Tpm::ParseResponse_ClockRateAdjust(response, authorization_delegate);
   29584   if (rc != TPM_RC_SUCCESS) {
   29585     error_reporter.Run(rc);
   29586     return;
   29587   }
   29588   callback.Run(rc);
   29589 }
   29590 
   29591 void Tpm::ClockRateAdjust(const TPMI_RH_PROVISION& auth,
   29592                           const std::string& auth_name,
   29593                           const TPM_CLOCK_ADJUST& rate_adjust,
   29594                           AuthorizationDelegate* authorization_delegate,
   29595                           const ClockRateAdjustResponse& callback) {
   29596   VLOG(1) << __func__;
   29597   base::Callback<void(TPM_RC)> error_reporter =
   29598       base::Bind(ClockRateAdjustErrorCallback, callback);
   29599   base::Callback<void(const std::string&)> parser = base::Bind(
   29600       ClockRateAdjustResponseParser, callback, authorization_delegate);
   29601   std::string command;
   29602   TPM_RC rc = SerializeCommand_ClockRateAdjust(
   29603       auth, auth_name, rate_adjust, &command, authorization_delegate);
   29604   if (rc != TPM_RC_SUCCESS) {
   29605     error_reporter.Run(rc);
   29606     return;
   29607   }
   29608   transceiver_->SendCommand(command, parser);
   29609 }
   29610 
   29611 TPM_RC Tpm::ClockRateAdjustSync(const TPMI_RH_PROVISION& auth,
   29612                                 const std::string& auth_name,
   29613                                 const TPM_CLOCK_ADJUST& rate_adjust,
   29614                                 AuthorizationDelegate* authorization_delegate) {
   29615   VLOG(1) << __func__;
   29616   std::string command;
   29617   TPM_RC rc = SerializeCommand_ClockRateAdjust(
   29618       auth, auth_name, rate_adjust, &command, authorization_delegate);
   29619   if (rc != TPM_RC_SUCCESS) {
   29620     return rc;
   29621   }
   29622   std::string response = transceiver_->SendCommandAndWait(command);
   29623   rc = ParseResponse_ClockRateAdjust(response, authorization_delegate);
   29624   return rc;
   29625 }
   29626 
   29627 TPM_RC Tpm::SerializeCommand_GetCapability(
   29628     const TPM_CAP& capability,
   29629     const UINT32& property,
   29630     const UINT32& property_count,
   29631     std::string* serialized_command,
   29632     AuthorizationDelegate* authorization_delegate) {
   29633   VLOG(3) << __func__;
   29634   TPM_RC rc = TPM_RC_SUCCESS;
   29635   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29636   UINT32 command_size = 10;  // Header size.
   29637   std::string handle_section_bytes;
   29638   std::string parameter_section_bytes;
   29639   TPM_CC command_code = TPM_CC_GetCapability;
   29640   bool is_command_parameter_encryption_possible = false;
   29641   bool is_response_parameter_encryption_possible = false;
   29642   std::string command_code_bytes;
   29643   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29644   if (rc != TPM_RC_SUCCESS) {
   29645     return rc;
   29646   }
   29647   std::string capability_bytes;
   29648   rc = Serialize_TPM_CAP(capability, &capability_bytes);
   29649   if (rc != TPM_RC_SUCCESS) {
   29650     return rc;
   29651   }
   29652   std::string property_bytes;
   29653   rc = Serialize_UINT32(property, &property_bytes);
   29654   if (rc != TPM_RC_SUCCESS) {
   29655     return rc;
   29656   }
   29657   std::string property_count_bytes;
   29658   rc = Serialize_UINT32(property_count, &property_count_bytes);
   29659   if (rc != TPM_RC_SUCCESS) {
   29660     return rc;
   29661   }
   29662   std::unique_ptr<crypto::SecureHash> hash(
   29663       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29664   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29665   hash->Update(capability_bytes.data(), capability_bytes.size());
   29666   parameter_section_bytes += capability_bytes;
   29667   command_size += capability_bytes.size();
   29668   hash->Update(property_bytes.data(), property_bytes.size());
   29669   parameter_section_bytes += property_bytes;
   29670   command_size += property_bytes.size();
   29671   hash->Update(property_count_bytes.data(), property_count_bytes.size());
   29672   parameter_section_bytes += property_count_bytes;
   29673   command_size += property_count_bytes.size();
   29674   std::string command_hash(32, 0);
   29675   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   29676   std::string authorization_section_bytes;
   29677   std::string authorization_size_bytes;
   29678   if (authorization_delegate) {
   29679     if (!authorization_delegate->GetCommandAuthorization(
   29680             command_hash, is_command_parameter_encryption_possible,
   29681             is_response_parameter_encryption_possible,
   29682             &authorization_section_bytes)) {
   29683       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29684     }
   29685     if (!authorization_section_bytes.empty()) {
   29686       tag = TPM_ST_SESSIONS;
   29687       std::string tmp;
   29688       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29689                             &authorization_size_bytes);
   29690       if (rc != TPM_RC_SUCCESS) {
   29691         return rc;
   29692       }
   29693       command_size +=
   29694           authorization_size_bytes.size() + authorization_section_bytes.size();
   29695     }
   29696   }
   29697   std::string tag_bytes;
   29698   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   29699   if (rc != TPM_RC_SUCCESS) {
   29700     return rc;
   29701   }
   29702   std::string command_size_bytes;
   29703   rc = Serialize_UINT32(command_size, &command_size_bytes);
   29704   if (rc != TPM_RC_SUCCESS) {
   29705     return rc;
   29706   }
   29707   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   29708                         handle_section_bytes + authorization_size_bytes +
   29709                         authorization_section_bytes + parameter_section_bytes;
   29710   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29711   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29712                                             serialized_command->size());
   29713   return TPM_RC_SUCCESS;
   29714 }
   29715 
   29716 TPM_RC Tpm::ParseResponse_GetCapability(
   29717     const std::string& response,
   29718     TPMI_YES_NO* more_data,
   29719     TPMS_CAPABILITY_DATA* capability_data,
   29720     AuthorizationDelegate* authorization_delegate) {
   29721   VLOG(3) << __func__;
   29722   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29723   TPM_RC rc = TPM_RC_SUCCESS;
   29724   std::string buffer(response);
   29725   TPM_ST tag;
   29726   std::string tag_bytes;
   29727   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   29728   if (rc != TPM_RC_SUCCESS) {
   29729     return rc;
   29730   }
   29731   UINT32 response_size;
   29732   std::string response_size_bytes;
   29733   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   29734   if (rc != TPM_RC_SUCCESS) {
   29735     return rc;
   29736   }
   29737   TPM_RC response_code;
   29738   std::string response_code_bytes;
   29739   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   29740   if (rc != TPM_RC_SUCCESS) {
   29741     return rc;
   29742   }
   29743   if (response_size != response.size()) {
   29744     return TPM_RC_SIZE;
   29745   }
   29746   if (response_code != TPM_RC_SUCCESS) {
   29747     return response_code;
   29748   }
   29749   TPM_CC command_code = TPM_CC_GetCapability;
   29750   std::string command_code_bytes;
   29751   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29752   if (rc != TPM_RC_SUCCESS) {
   29753     return rc;
   29754   }
   29755   std::string authorization_section_bytes;
   29756   if (tag == TPM_ST_SESSIONS) {
   29757     UINT32 parameter_section_size = buffer.size();
   29758     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29759     if (rc != TPM_RC_SUCCESS) {
   29760       return rc;
   29761     }
   29762     if (parameter_section_size > buffer.size()) {
   29763       return TPM_RC_INSUFFICIENT;
   29764     }
   29765     authorization_section_bytes = buffer.substr(parameter_section_size);
   29766     // Keep the parameter section in |buffer|.
   29767     buffer.erase(parameter_section_size);
   29768   }
   29769   std::unique_ptr<crypto::SecureHash> hash(
   29770       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29771   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   29772   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29773   hash->Update(buffer.data(), buffer.size());
   29774   std::string response_hash(32, 0);
   29775   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   29776   if (tag == TPM_ST_SESSIONS) {
   29777     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29778     if (!authorization_delegate->CheckResponseAuthorization(
   29779             response_hash, authorization_section_bytes)) {
   29780       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29781     }
   29782   }
   29783   std::string more_data_bytes;
   29784   rc = Parse_TPMI_YES_NO(&buffer, more_data, &more_data_bytes);
   29785   if (rc != TPM_RC_SUCCESS) {
   29786     return rc;
   29787   }
   29788   std::string capability_data_bytes;
   29789   rc = Parse_TPMS_CAPABILITY_DATA(&buffer, capability_data,
   29790                                   &capability_data_bytes);
   29791   if (rc != TPM_RC_SUCCESS) {
   29792     return rc;
   29793   }
   29794   return TPM_RC_SUCCESS;
   29795 }
   29796 
   29797 void GetCapabilityErrorCallback(const Tpm::GetCapabilityResponse& callback,
   29798                                 TPM_RC response_code) {
   29799   VLOG(1) << __func__;
   29800   callback.Run(response_code, TPMI_YES_NO(), TPMS_CAPABILITY_DATA());
   29801 }
   29802 
   29803 void GetCapabilityResponseParser(const Tpm::GetCapabilityResponse& callback,
   29804                                  AuthorizationDelegate* authorization_delegate,
   29805                                  const std::string& response) {
   29806   VLOG(1) << __func__;
   29807   base::Callback<void(TPM_RC)> error_reporter =
   29808       base::Bind(GetCapabilityErrorCallback, callback);
   29809   TPMI_YES_NO more_data;
   29810   TPMS_CAPABILITY_DATA capability_data;
   29811   TPM_RC rc = Tpm::ParseResponse_GetCapability(
   29812       response, &more_data, &capability_data, authorization_delegate);
   29813   if (rc != TPM_RC_SUCCESS) {
   29814     error_reporter.Run(rc);
   29815     return;
   29816   }
   29817   callback.Run(rc, more_data, capability_data);
   29818 }
   29819 
   29820 void Tpm::GetCapability(const TPM_CAP& capability,
   29821                         const UINT32& property,
   29822                         const UINT32& property_count,
   29823                         AuthorizationDelegate* authorization_delegate,
   29824                         const GetCapabilityResponse& callback) {
   29825   VLOG(1) << __func__;
   29826   base::Callback<void(TPM_RC)> error_reporter =
   29827       base::Bind(GetCapabilityErrorCallback, callback);
   29828   base::Callback<void(const std::string&)> parser =
   29829       base::Bind(GetCapabilityResponseParser, callback, authorization_delegate);
   29830   std::string command;
   29831   TPM_RC rc = SerializeCommand_GetCapability(
   29832       capability, property, property_count, &command, authorization_delegate);
   29833   if (rc != TPM_RC_SUCCESS) {
   29834     error_reporter.Run(rc);
   29835     return;
   29836   }
   29837   transceiver_->SendCommand(command, parser);
   29838 }
   29839 
   29840 TPM_RC Tpm::GetCapabilitySync(const TPM_CAP& capability,
   29841                               const UINT32& property,
   29842                               const UINT32& property_count,
   29843                               TPMI_YES_NO* more_data,
   29844                               TPMS_CAPABILITY_DATA* capability_data,
   29845                               AuthorizationDelegate* authorization_delegate) {
   29846   VLOG(1) << __func__;
   29847   std::string command;
   29848   TPM_RC rc = SerializeCommand_GetCapability(
   29849       capability, property, property_count, &command, authorization_delegate);
   29850   if (rc != TPM_RC_SUCCESS) {
   29851     return rc;
   29852   }
   29853   std::string response = transceiver_->SendCommandAndWait(command);
   29854   rc = ParseResponse_GetCapability(response, more_data, capability_data,
   29855                                    authorization_delegate);
   29856   return rc;
   29857 }
   29858 
   29859 TPM_RC Tpm::SerializeCommand_TestParms(
   29860     const TPMT_PUBLIC_PARMS& parameters,
   29861     std::string* serialized_command,
   29862     AuthorizationDelegate* authorization_delegate) {
   29863   VLOG(3) << __func__;
   29864   TPM_RC rc = TPM_RC_SUCCESS;
   29865   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29866   UINT32 command_size = 10;  // Header size.
   29867   std::string handle_section_bytes;
   29868   std::string parameter_section_bytes;
   29869   TPM_CC command_code = TPM_CC_TestParms;
   29870   bool is_command_parameter_encryption_possible = false;
   29871   bool is_response_parameter_encryption_possible = false;
   29872   std::string command_code_bytes;
   29873   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29874   if (rc != TPM_RC_SUCCESS) {
   29875     return rc;
   29876   }
   29877   std::string parameters_bytes;
   29878   rc = Serialize_TPMT_PUBLIC_PARMS(parameters, &parameters_bytes);
   29879   if (rc != TPM_RC_SUCCESS) {
   29880     return rc;
   29881   }
   29882   std::unique_ptr<crypto::SecureHash> hash(
   29883       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29884   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29885   hash->Update(parameters_bytes.data(), parameters_bytes.size());
   29886   parameter_section_bytes += parameters_bytes;
   29887   command_size += parameters_bytes.size();
   29888   std::string command_hash(32, 0);
   29889   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   29890   std::string authorization_section_bytes;
   29891   std::string authorization_size_bytes;
   29892   if (authorization_delegate) {
   29893     if (!authorization_delegate->GetCommandAuthorization(
   29894             command_hash, is_command_parameter_encryption_possible,
   29895             is_response_parameter_encryption_possible,
   29896             &authorization_section_bytes)) {
   29897       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29898     }
   29899     if (!authorization_section_bytes.empty()) {
   29900       tag = TPM_ST_SESSIONS;
   29901       std::string tmp;
   29902       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29903                             &authorization_size_bytes);
   29904       if (rc != TPM_RC_SUCCESS) {
   29905         return rc;
   29906       }
   29907       command_size +=
   29908           authorization_size_bytes.size() + authorization_section_bytes.size();
   29909     }
   29910   }
   29911   std::string tag_bytes;
   29912   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   29913   if (rc != TPM_RC_SUCCESS) {
   29914     return rc;
   29915   }
   29916   std::string command_size_bytes;
   29917   rc = Serialize_UINT32(command_size, &command_size_bytes);
   29918   if (rc != TPM_RC_SUCCESS) {
   29919     return rc;
   29920   }
   29921   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   29922                         handle_section_bytes + authorization_size_bytes +
   29923                         authorization_section_bytes + parameter_section_bytes;
   29924   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29925   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29926                                             serialized_command->size());
   29927   return TPM_RC_SUCCESS;
   29928 }
   29929 
   29930 TPM_RC Tpm::ParseResponse_TestParms(
   29931     const std::string& response,
   29932     AuthorizationDelegate* authorization_delegate) {
   29933   VLOG(3) << __func__;
   29934   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29935   TPM_RC rc = TPM_RC_SUCCESS;
   29936   std::string buffer(response);
   29937   TPM_ST tag;
   29938   std::string tag_bytes;
   29939   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   29940   if (rc != TPM_RC_SUCCESS) {
   29941     return rc;
   29942   }
   29943   UINT32 response_size;
   29944   std::string response_size_bytes;
   29945   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   29946   if (rc != TPM_RC_SUCCESS) {
   29947     return rc;
   29948   }
   29949   TPM_RC response_code;
   29950   std::string response_code_bytes;
   29951   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   29952   if (rc != TPM_RC_SUCCESS) {
   29953     return rc;
   29954   }
   29955   if (response_size != response.size()) {
   29956     return TPM_RC_SIZE;
   29957   }
   29958   if (response_code != TPM_RC_SUCCESS) {
   29959     return response_code;
   29960   }
   29961   TPM_CC command_code = TPM_CC_TestParms;
   29962   std::string command_code_bytes;
   29963   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   29964   if (rc != TPM_RC_SUCCESS) {
   29965     return rc;
   29966   }
   29967   std::string authorization_section_bytes;
   29968   if (tag == TPM_ST_SESSIONS) {
   29969     UINT32 parameter_section_size = buffer.size();
   29970     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29971     if (rc != TPM_RC_SUCCESS) {
   29972       return rc;
   29973     }
   29974     if (parameter_section_size > buffer.size()) {
   29975       return TPM_RC_INSUFFICIENT;
   29976     }
   29977     authorization_section_bytes = buffer.substr(parameter_section_size);
   29978     // Keep the parameter section in |buffer|.
   29979     buffer.erase(parameter_section_size);
   29980   }
   29981   std::unique_ptr<crypto::SecureHash> hash(
   29982       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   29983   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   29984   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   29985   hash->Update(buffer.data(), buffer.size());
   29986   std::string response_hash(32, 0);
   29987   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   29988   if (tag == TPM_ST_SESSIONS) {
   29989     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29990     if (!authorization_delegate->CheckResponseAuthorization(
   29991             response_hash, authorization_section_bytes)) {
   29992       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29993     }
   29994   }
   29995   return TPM_RC_SUCCESS;
   29996 }
   29997 
   29998 void TestParmsErrorCallback(const Tpm::TestParmsResponse& callback,
   29999                             TPM_RC response_code) {
   30000   VLOG(1) << __func__;
   30001   callback.Run(response_code);
   30002 }
   30003 
   30004 void TestParmsResponseParser(const Tpm::TestParmsResponse& callback,
   30005                              AuthorizationDelegate* authorization_delegate,
   30006                              const std::string& response) {
   30007   VLOG(1) << __func__;
   30008   base::Callback<void(TPM_RC)> error_reporter =
   30009       base::Bind(TestParmsErrorCallback, callback);
   30010   TPM_RC rc = Tpm::ParseResponse_TestParms(response, authorization_delegate);
   30011   if (rc != TPM_RC_SUCCESS) {
   30012     error_reporter.Run(rc);
   30013     return;
   30014   }
   30015   callback.Run(rc);
   30016 }
   30017 
   30018 void Tpm::TestParms(const TPMT_PUBLIC_PARMS& parameters,
   30019                     AuthorizationDelegate* authorization_delegate,
   30020                     const TestParmsResponse& callback) {
   30021   VLOG(1) << __func__;
   30022   base::Callback<void(TPM_RC)> error_reporter =
   30023       base::Bind(TestParmsErrorCallback, callback);
   30024   base::Callback<void(const std::string&)> parser =
   30025       base::Bind(TestParmsResponseParser, callback, authorization_delegate);
   30026   std::string command;
   30027   TPM_RC rc =
   30028       SerializeCommand_TestParms(parameters, &command, authorization_delegate);
   30029   if (rc != TPM_RC_SUCCESS) {
   30030     error_reporter.Run(rc);
   30031     return;
   30032   }
   30033   transceiver_->SendCommand(command, parser);
   30034 }
   30035 
   30036 TPM_RC Tpm::TestParmsSync(const TPMT_PUBLIC_PARMS& parameters,
   30037                           AuthorizationDelegate* authorization_delegate) {
   30038   VLOG(1) << __func__;
   30039   std::string command;
   30040   TPM_RC rc =
   30041       SerializeCommand_TestParms(parameters, &command, authorization_delegate);
   30042   if (rc != TPM_RC_SUCCESS) {
   30043     return rc;
   30044   }
   30045   std::string response = transceiver_->SendCommandAndWait(command);
   30046   rc = ParseResponse_TestParms(response, authorization_delegate);
   30047   return rc;
   30048 }
   30049 
   30050 TPM_RC Tpm::SerializeCommand_NV_DefineSpace(
   30051     const TPMI_RH_PROVISION& auth_handle,
   30052     const std::string& auth_handle_name,
   30053     const TPM2B_AUTH& auth,
   30054     const TPM2B_NV_PUBLIC& public_info,
   30055     std::string* serialized_command,
   30056     AuthorizationDelegate* authorization_delegate) {
   30057   VLOG(3) << __func__;
   30058   TPM_RC rc = TPM_RC_SUCCESS;
   30059   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30060   UINT32 command_size = 10;  // Header size.
   30061   std::string handle_section_bytes;
   30062   std::string parameter_section_bytes;
   30063   TPM_CC command_code = TPM_CC_NV_DefineSpace;
   30064   bool is_command_parameter_encryption_possible = true;
   30065   bool is_response_parameter_encryption_possible = false;
   30066   std::string command_code_bytes;
   30067   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30068   if (rc != TPM_RC_SUCCESS) {
   30069     return rc;
   30070   }
   30071   std::string auth_handle_bytes;
   30072   rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes);
   30073   if (rc != TPM_RC_SUCCESS) {
   30074     return rc;
   30075   }
   30076   std::string auth_bytes;
   30077   rc = Serialize_TPM2B_AUTH(auth, &auth_bytes);
   30078   if (rc != TPM_RC_SUCCESS) {
   30079     return rc;
   30080   }
   30081   std::string public_info_bytes;
   30082   rc = Serialize_TPM2B_NV_PUBLIC(public_info, &public_info_bytes);
   30083   if (rc != TPM_RC_SUCCESS) {
   30084     return rc;
   30085   }
   30086   if (authorization_delegate) {
   30087     // Encrypt just the parameter data, not the size.
   30088     std::string tmp = auth_bytes.substr(2);
   30089     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   30090       return TRUNKS_RC_ENCRYPTION_FAILED;
   30091     }
   30092     auth_bytes.replace(2, std::string::npos, tmp);
   30093   }
   30094   std::unique_ptr<crypto::SecureHash> hash(
   30095       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30096   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30097   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   30098   handle_section_bytes += auth_handle_bytes;
   30099   command_size += auth_handle_bytes.size();
   30100   hash->Update(auth_bytes.data(), auth_bytes.size());
   30101   parameter_section_bytes += auth_bytes;
   30102   command_size += auth_bytes.size();
   30103   hash->Update(public_info_bytes.data(), public_info_bytes.size());
   30104   parameter_section_bytes += public_info_bytes;
   30105   command_size += public_info_bytes.size();
   30106   std::string command_hash(32, 0);
   30107   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   30108   std::string authorization_section_bytes;
   30109   std::string authorization_size_bytes;
   30110   if (authorization_delegate) {
   30111     if (!authorization_delegate->GetCommandAuthorization(
   30112             command_hash, is_command_parameter_encryption_possible,
   30113             is_response_parameter_encryption_possible,
   30114             &authorization_section_bytes)) {
   30115       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30116     }
   30117     if (!authorization_section_bytes.empty()) {
   30118       tag = TPM_ST_SESSIONS;
   30119       std::string tmp;
   30120       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30121                             &authorization_size_bytes);
   30122       if (rc != TPM_RC_SUCCESS) {
   30123         return rc;
   30124       }
   30125       command_size +=
   30126           authorization_size_bytes.size() + authorization_section_bytes.size();
   30127     }
   30128   }
   30129   std::string tag_bytes;
   30130   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   30131   if (rc != TPM_RC_SUCCESS) {
   30132     return rc;
   30133   }
   30134   std::string command_size_bytes;
   30135   rc = Serialize_UINT32(command_size, &command_size_bytes);
   30136   if (rc != TPM_RC_SUCCESS) {
   30137     return rc;
   30138   }
   30139   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   30140                         handle_section_bytes + authorization_size_bytes +
   30141                         authorization_section_bytes + parameter_section_bytes;
   30142   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30143   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30144                                             serialized_command->size());
   30145   return TPM_RC_SUCCESS;
   30146 }
   30147 
   30148 TPM_RC Tpm::ParseResponse_NV_DefineSpace(
   30149     const std::string& response,
   30150     AuthorizationDelegate* authorization_delegate) {
   30151   VLOG(3) << __func__;
   30152   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30153   TPM_RC rc = TPM_RC_SUCCESS;
   30154   std::string buffer(response);
   30155   TPM_ST tag;
   30156   std::string tag_bytes;
   30157   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   30158   if (rc != TPM_RC_SUCCESS) {
   30159     return rc;
   30160   }
   30161   UINT32 response_size;
   30162   std::string response_size_bytes;
   30163   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   30164   if (rc != TPM_RC_SUCCESS) {
   30165     return rc;
   30166   }
   30167   TPM_RC response_code;
   30168   std::string response_code_bytes;
   30169   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   30170   if (rc != TPM_RC_SUCCESS) {
   30171     return rc;
   30172   }
   30173   if (response_size != response.size()) {
   30174     return TPM_RC_SIZE;
   30175   }
   30176   if (response_code != TPM_RC_SUCCESS) {
   30177     return response_code;
   30178   }
   30179   TPM_CC command_code = TPM_CC_NV_DefineSpace;
   30180   std::string command_code_bytes;
   30181   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30182   if (rc != TPM_RC_SUCCESS) {
   30183     return rc;
   30184   }
   30185   std::string authorization_section_bytes;
   30186   if (tag == TPM_ST_SESSIONS) {
   30187     UINT32 parameter_section_size = buffer.size();
   30188     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30189     if (rc != TPM_RC_SUCCESS) {
   30190       return rc;
   30191     }
   30192     if (parameter_section_size > buffer.size()) {
   30193       return TPM_RC_INSUFFICIENT;
   30194     }
   30195     authorization_section_bytes = buffer.substr(parameter_section_size);
   30196     // Keep the parameter section in |buffer|.
   30197     buffer.erase(parameter_section_size);
   30198   }
   30199   std::unique_ptr<crypto::SecureHash> hash(
   30200       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30201   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   30202   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30203   hash->Update(buffer.data(), buffer.size());
   30204   std::string response_hash(32, 0);
   30205   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   30206   if (tag == TPM_ST_SESSIONS) {
   30207     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30208     if (!authorization_delegate->CheckResponseAuthorization(
   30209             response_hash, authorization_section_bytes)) {
   30210       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30211     }
   30212   }
   30213   return TPM_RC_SUCCESS;
   30214 }
   30215 
   30216 void NV_DefineSpaceErrorCallback(const Tpm::NV_DefineSpaceResponse& callback,
   30217                                  TPM_RC response_code) {
   30218   VLOG(1) << __func__;
   30219   callback.Run(response_code);
   30220 }
   30221 
   30222 void NV_DefineSpaceResponseParser(const Tpm::NV_DefineSpaceResponse& callback,
   30223                                   AuthorizationDelegate* authorization_delegate,
   30224                                   const std::string& response) {
   30225   VLOG(1) << __func__;
   30226   base::Callback<void(TPM_RC)> error_reporter =
   30227       base::Bind(NV_DefineSpaceErrorCallback, callback);
   30228   TPM_RC rc =
   30229       Tpm::ParseResponse_NV_DefineSpace(response, authorization_delegate);
   30230   if (rc != TPM_RC_SUCCESS) {
   30231     error_reporter.Run(rc);
   30232     return;
   30233   }
   30234   callback.Run(rc);
   30235 }
   30236 
   30237 void Tpm::NV_DefineSpace(const TPMI_RH_PROVISION& auth_handle,
   30238                          const std::string& auth_handle_name,
   30239                          const TPM2B_AUTH& auth,
   30240                          const TPM2B_NV_PUBLIC& public_info,
   30241                          AuthorizationDelegate* authorization_delegate,
   30242                          const NV_DefineSpaceResponse& callback) {
   30243   VLOG(1) << __func__;
   30244   base::Callback<void(TPM_RC)> error_reporter =
   30245       base::Bind(NV_DefineSpaceErrorCallback, callback);
   30246   base::Callback<void(const std::string&)> parser = base::Bind(
   30247       NV_DefineSpaceResponseParser, callback, authorization_delegate);
   30248   std::string command;
   30249   TPM_RC rc = SerializeCommand_NV_DefineSpace(auth_handle, auth_handle_name,
   30250                                               auth, public_info, &command,
   30251                                               authorization_delegate);
   30252   if (rc != TPM_RC_SUCCESS) {
   30253     error_reporter.Run(rc);
   30254     return;
   30255   }
   30256   transceiver_->SendCommand(command, parser);
   30257 }
   30258 
   30259 TPM_RC Tpm::NV_DefineSpaceSync(const TPMI_RH_PROVISION& auth_handle,
   30260                                const std::string& auth_handle_name,
   30261                                const TPM2B_AUTH& auth,
   30262                                const TPM2B_NV_PUBLIC& public_info,
   30263                                AuthorizationDelegate* authorization_delegate) {
   30264   VLOG(1) << __func__;
   30265   std::string command;
   30266   TPM_RC rc = SerializeCommand_NV_DefineSpace(auth_handle, auth_handle_name,
   30267                                               auth, public_info, &command,
   30268                                               authorization_delegate);
   30269   if (rc != TPM_RC_SUCCESS) {
   30270     return rc;
   30271   }
   30272   std::string response = transceiver_->SendCommandAndWait(command);
   30273   rc = ParseResponse_NV_DefineSpace(response, authorization_delegate);
   30274   return rc;
   30275 }
   30276 
   30277 TPM_RC Tpm::SerializeCommand_NV_UndefineSpace(
   30278     const TPMI_RH_PROVISION& auth_handle,
   30279     const std::string& auth_handle_name,
   30280     const TPMI_RH_NV_INDEX& nv_index,
   30281     const std::string& nv_index_name,
   30282     std::string* serialized_command,
   30283     AuthorizationDelegate* authorization_delegate) {
   30284   VLOG(3) << __func__;
   30285   TPM_RC rc = TPM_RC_SUCCESS;
   30286   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30287   UINT32 command_size = 10;  // Header size.
   30288   std::string handle_section_bytes;
   30289   std::string parameter_section_bytes;
   30290   TPM_CC command_code = TPM_CC_NV_UndefineSpace;
   30291   bool is_command_parameter_encryption_possible = false;
   30292   bool is_response_parameter_encryption_possible = false;
   30293   std::string command_code_bytes;
   30294   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30295   if (rc != TPM_RC_SUCCESS) {
   30296     return rc;
   30297   }
   30298   std::string auth_handle_bytes;
   30299   rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes);
   30300   if (rc != TPM_RC_SUCCESS) {
   30301     return rc;
   30302   }
   30303   std::string nv_index_bytes;
   30304   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   30305   if (rc != TPM_RC_SUCCESS) {
   30306     return rc;
   30307   }
   30308   std::unique_ptr<crypto::SecureHash> hash(
   30309       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30310   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30311   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   30312   handle_section_bytes += auth_handle_bytes;
   30313   command_size += auth_handle_bytes.size();
   30314   hash->Update(nv_index_name.data(), nv_index_name.size());
   30315   handle_section_bytes += nv_index_bytes;
   30316   command_size += nv_index_bytes.size();
   30317   std::string command_hash(32, 0);
   30318   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   30319   std::string authorization_section_bytes;
   30320   std::string authorization_size_bytes;
   30321   if (authorization_delegate) {
   30322     if (!authorization_delegate->GetCommandAuthorization(
   30323             command_hash, is_command_parameter_encryption_possible,
   30324             is_response_parameter_encryption_possible,
   30325             &authorization_section_bytes)) {
   30326       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30327     }
   30328     if (!authorization_section_bytes.empty()) {
   30329       tag = TPM_ST_SESSIONS;
   30330       std::string tmp;
   30331       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30332                             &authorization_size_bytes);
   30333       if (rc != TPM_RC_SUCCESS) {
   30334         return rc;
   30335       }
   30336       command_size +=
   30337           authorization_size_bytes.size() + authorization_section_bytes.size();
   30338     }
   30339   }
   30340   std::string tag_bytes;
   30341   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   30342   if (rc != TPM_RC_SUCCESS) {
   30343     return rc;
   30344   }
   30345   std::string command_size_bytes;
   30346   rc = Serialize_UINT32(command_size, &command_size_bytes);
   30347   if (rc != TPM_RC_SUCCESS) {
   30348     return rc;
   30349   }
   30350   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   30351                         handle_section_bytes + authorization_size_bytes +
   30352                         authorization_section_bytes + parameter_section_bytes;
   30353   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30354   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30355                                             serialized_command->size());
   30356   return TPM_RC_SUCCESS;
   30357 }
   30358 
   30359 TPM_RC Tpm::ParseResponse_NV_UndefineSpace(
   30360     const std::string& response,
   30361     AuthorizationDelegate* authorization_delegate) {
   30362   VLOG(3) << __func__;
   30363   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30364   TPM_RC rc = TPM_RC_SUCCESS;
   30365   std::string buffer(response);
   30366   TPM_ST tag;
   30367   std::string tag_bytes;
   30368   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   30369   if (rc != TPM_RC_SUCCESS) {
   30370     return rc;
   30371   }
   30372   UINT32 response_size;
   30373   std::string response_size_bytes;
   30374   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   30375   if (rc != TPM_RC_SUCCESS) {
   30376     return rc;
   30377   }
   30378   TPM_RC response_code;
   30379   std::string response_code_bytes;
   30380   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   30381   if (rc != TPM_RC_SUCCESS) {
   30382     return rc;
   30383   }
   30384   if (response_size != response.size()) {
   30385     return TPM_RC_SIZE;
   30386   }
   30387   if (response_code != TPM_RC_SUCCESS) {
   30388     return response_code;
   30389   }
   30390   TPM_CC command_code = TPM_CC_NV_UndefineSpace;
   30391   std::string command_code_bytes;
   30392   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30393   if (rc != TPM_RC_SUCCESS) {
   30394     return rc;
   30395   }
   30396   std::string authorization_section_bytes;
   30397   if (tag == TPM_ST_SESSIONS) {
   30398     UINT32 parameter_section_size = buffer.size();
   30399     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30400     if (rc != TPM_RC_SUCCESS) {
   30401       return rc;
   30402     }
   30403     if (parameter_section_size > buffer.size()) {
   30404       return TPM_RC_INSUFFICIENT;
   30405     }
   30406     authorization_section_bytes = buffer.substr(parameter_section_size);
   30407     // Keep the parameter section in |buffer|.
   30408     buffer.erase(parameter_section_size);
   30409   }
   30410   std::unique_ptr<crypto::SecureHash> hash(
   30411       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30412   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   30413   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30414   hash->Update(buffer.data(), buffer.size());
   30415   std::string response_hash(32, 0);
   30416   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   30417   if (tag == TPM_ST_SESSIONS) {
   30418     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30419     if (!authorization_delegate->CheckResponseAuthorization(
   30420             response_hash, authorization_section_bytes)) {
   30421       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30422     }
   30423   }
   30424   return TPM_RC_SUCCESS;
   30425 }
   30426 
   30427 void NV_UndefineSpaceErrorCallback(
   30428     const Tpm::NV_UndefineSpaceResponse& callback,
   30429     TPM_RC response_code) {
   30430   VLOG(1) << __func__;
   30431   callback.Run(response_code);
   30432 }
   30433 
   30434 void NV_UndefineSpaceResponseParser(
   30435     const Tpm::NV_UndefineSpaceResponse& callback,
   30436     AuthorizationDelegate* authorization_delegate,
   30437     const std::string& response) {
   30438   VLOG(1) << __func__;
   30439   base::Callback<void(TPM_RC)> error_reporter =
   30440       base::Bind(NV_UndefineSpaceErrorCallback, callback);
   30441   TPM_RC rc =
   30442       Tpm::ParseResponse_NV_UndefineSpace(response, authorization_delegate);
   30443   if (rc != TPM_RC_SUCCESS) {
   30444     error_reporter.Run(rc);
   30445     return;
   30446   }
   30447   callback.Run(rc);
   30448 }
   30449 
   30450 void Tpm::NV_UndefineSpace(const TPMI_RH_PROVISION& auth_handle,
   30451                            const std::string& auth_handle_name,
   30452                            const TPMI_RH_NV_INDEX& nv_index,
   30453                            const std::string& nv_index_name,
   30454                            AuthorizationDelegate* authorization_delegate,
   30455                            const NV_UndefineSpaceResponse& callback) {
   30456   VLOG(1) << __func__;
   30457   base::Callback<void(TPM_RC)> error_reporter =
   30458       base::Bind(NV_UndefineSpaceErrorCallback, callback);
   30459   base::Callback<void(const std::string&)> parser = base::Bind(
   30460       NV_UndefineSpaceResponseParser, callback, authorization_delegate);
   30461   std::string command;
   30462   TPM_RC rc = SerializeCommand_NV_UndefineSpace(
   30463       auth_handle, auth_handle_name, nv_index, nv_index_name, &command,
   30464       authorization_delegate);
   30465   if (rc != TPM_RC_SUCCESS) {
   30466     error_reporter.Run(rc);
   30467     return;
   30468   }
   30469   transceiver_->SendCommand(command, parser);
   30470 }
   30471 
   30472 TPM_RC Tpm::NV_UndefineSpaceSync(
   30473     const TPMI_RH_PROVISION& auth_handle,
   30474     const std::string& auth_handle_name,
   30475     const TPMI_RH_NV_INDEX& nv_index,
   30476     const std::string& nv_index_name,
   30477     AuthorizationDelegate* authorization_delegate) {
   30478   VLOG(1) << __func__;
   30479   std::string command;
   30480   TPM_RC rc = SerializeCommand_NV_UndefineSpace(
   30481       auth_handle, auth_handle_name, nv_index, nv_index_name, &command,
   30482       authorization_delegate);
   30483   if (rc != TPM_RC_SUCCESS) {
   30484     return rc;
   30485   }
   30486   std::string response = transceiver_->SendCommandAndWait(command);
   30487   rc = ParseResponse_NV_UndefineSpace(response, authorization_delegate);
   30488   return rc;
   30489 }
   30490 
   30491 TPM_RC Tpm::SerializeCommand_NV_UndefineSpaceSpecial(
   30492     const TPMI_RH_NV_INDEX& nv_index,
   30493     const std::string& nv_index_name,
   30494     const TPMI_RH_PLATFORM& platform,
   30495     const std::string& platform_name,
   30496     std::string* serialized_command,
   30497     AuthorizationDelegate* authorization_delegate) {
   30498   VLOG(3) << __func__;
   30499   TPM_RC rc = TPM_RC_SUCCESS;
   30500   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30501   UINT32 command_size = 10;  // Header size.
   30502   std::string handle_section_bytes;
   30503   std::string parameter_section_bytes;
   30504   TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial;
   30505   bool is_command_parameter_encryption_possible = false;
   30506   bool is_response_parameter_encryption_possible = false;
   30507   std::string command_code_bytes;
   30508   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30509   if (rc != TPM_RC_SUCCESS) {
   30510     return rc;
   30511   }
   30512   std::string nv_index_bytes;
   30513   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   30514   if (rc != TPM_RC_SUCCESS) {
   30515     return rc;
   30516   }
   30517   std::string platform_bytes;
   30518   rc = Serialize_TPMI_RH_PLATFORM(platform, &platform_bytes);
   30519   if (rc != TPM_RC_SUCCESS) {
   30520     return rc;
   30521   }
   30522   std::unique_ptr<crypto::SecureHash> hash(
   30523       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30524   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30525   hash->Update(nv_index_name.data(), nv_index_name.size());
   30526   handle_section_bytes += nv_index_bytes;
   30527   command_size += nv_index_bytes.size();
   30528   hash->Update(platform_name.data(), platform_name.size());
   30529   handle_section_bytes += platform_bytes;
   30530   command_size += platform_bytes.size();
   30531   std::string command_hash(32, 0);
   30532   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   30533   std::string authorization_section_bytes;
   30534   std::string authorization_size_bytes;
   30535   if (authorization_delegate) {
   30536     if (!authorization_delegate->GetCommandAuthorization(
   30537             command_hash, is_command_parameter_encryption_possible,
   30538             is_response_parameter_encryption_possible,
   30539             &authorization_section_bytes)) {
   30540       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30541     }
   30542     if (!authorization_section_bytes.empty()) {
   30543       tag = TPM_ST_SESSIONS;
   30544       std::string tmp;
   30545       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30546                             &authorization_size_bytes);
   30547       if (rc != TPM_RC_SUCCESS) {
   30548         return rc;
   30549       }
   30550       command_size +=
   30551           authorization_size_bytes.size() + authorization_section_bytes.size();
   30552     }
   30553   }
   30554   std::string tag_bytes;
   30555   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   30556   if (rc != TPM_RC_SUCCESS) {
   30557     return rc;
   30558   }
   30559   std::string command_size_bytes;
   30560   rc = Serialize_UINT32(command_size, &command_size_bytes);
   30561   if (rc != TPM_RC_SUCCESS) {
   30562     return rc;
   30563   }
   30564   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   30565                         handle_section_bytes + authorization_size_bytes +
   30566                         authorization_section_bytes + parameter_section_bytes;
   30567   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30568   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30569                                             serialized_command->size());
   30570   return TPM_RC_SUCCESS;
   30571 }
   30572 
   30573 TPM_RC Tpm::ParseResponse_NV_UndefineSpaceSpecial(
   30574     const std::string& response,
   30575     AuthorizationDelegate* authorization_delegate) {
   30576   VLOG(3) << __func__;
   30577   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30578   TPM_RC rc = TPM_RC_SUCCESS;
   30579   std::string buffer(response);
   30580   TPM_ST tag;
   30581   std::string tag_bytes;
   30582   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   30583   if (rc != TPM_RC_SUCCESS) {
   30584     return rc;
   30585   }
   30586   UINT32 response_size;
   30587   std::string response_size_bytes;
   30588   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   30589   if (rc != TPM_RC_SUCCESS) {
   30590     return rc;
   30591   }
   30592   TPM_RC response_code;
   30593   std::string response_code_bytes;
   30594   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   30595   if (rc != TPM_RC_SUCCESS) {
   30596     return rc;
   30597   }
   30598   if (response_size != response.size()) {
   30599     return TPM_RC_SIZE;
   30600   }
   30601   if (response_code != TPM_RC_SUCCESS) {
   30602     return response_code;
   30603   }
   30604   TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial;
   30605   std::string command_code_bytes;
   30606   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30607   if (rc != TPM_RC_SUCCESS) {
   30608     return rc;
   30609   }
   30610   std::string authorization_section_bytes;
   30611   if (tag == TPM_ST_SESSIONS) {
   30612     UINT32 parameter_section_size = buffer.size();
   30613     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30614     if (rc != TPM_RC_SUCCESS) {
   30615       return rc;
   30616     }
   30617     if (parameter_section_size > buffer.size()) {
   30618       return TPM_RC_INSUFFICIENT;
   30619     }
   30620     authorization_section_bytes = buffer.substr(parameter_section_size);
   30621     // Keep the parameter section in |buffer|.
   30622     buffer.erase(parameter_section_size);
   30623   }
   30624   std::unique_ptr<crypto::SecureHash> hash(
   30625       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30626   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   30627   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30628   hash->Update(buffer.data(), buffer.size());
   30629   std::string response_hash(32, 0);
   30630   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   30631   if (tag == TPM_ST_SESSIONS) {
   30632     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30633     if (!authorization_delegate->CheckResponseAuthorization(
   30634             response_hash, authorization_section_bytes)) {
   30635       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30636     }
   30637   }
   30638   return TPM_RC_SUCCESS;
   30639 }
   30640 
   30641 void NV_UndefineSpaceSpecialErrorCallback(
   30642     const Tpm::NV_UndefineSpaceSpecialResponse& callback,
   30643     TPM_RC response_code) {
   30644   VLOG(1) << __func__;
   30645   callback.Run(response_code);
   30646 }
   30647 
   30648 void NV_UndefineSpaceSpecialResponseParser(
   30649     const Tpm::NV_UndefineSpaceSpecialResponse& callback,
   30650     AuthorizationDelegate* authorization_delegate,
   30651     const std::string& response) {
   30652   VLOG(1) << __func__;
   30653   base::Callback<void(TPM_RC)> error_reporter =
   30654       base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback);
   30655   TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpaceSpecial(
   30656       response, authorization_delegate);
   30657   if (rc != TPM_RC_SUCCESS) {
   30658     error_reporter.Run(rc);
   30659     return;
   30660   }
   30661   callback.Run(rc);
   30662 }
   30663 
   30664 void Tpm::NV_UndefineSpaceSpecial(
   30665     const TPMI_RH_NV_INDEX& nv_index,
   30666     const std::string& nv_index_name,
   30667     const TPMI_RH_PLATFORM& platform,
   30668     const std::string& platform_name,
   30669     AuthorizationDelegate* authorization_delegate,
   30670     const NV_UndefineSpaceSpecialResponse& callback) {
   30671   VLOG(1) << __func__;
   30672   base::Callback<void(TPM_RC)> error_reporter =
   30673       base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback);
   30674   base::Callback<void(const std::string&)> parser = base::Bind(
   30675       NV_UndefineSpaceSpecialResponseParser, callback, authorization_delegate);
   30676   std::string command;
   30677   TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial(
   30678       nv_index, nv_index_name, platform, platform_name, &command,
   30679       authorization_delegate);
   30680   if (rc != TPM_RC_SUCCESS) {
   30681     error_reporter.Run(rc);
   30682     return;
   30683   }
   30684   transceiver_->SendCommand(command, parser);
   30685 }
   30686 
   30687 TPM_RC Tpm::NV_UndefineSpaceSpecialSync(
   30688     const TPMI_RH_NV_INDEX& nv_index,
   30689     const std::string& nv_index_name,
   30690     const TPMI_RH_PLATFORM& platform,
   30691     const std::string& platform_name,
   30692     AuthorizationDelegate* authorization_delegate) {
   30693   VLOG(1) << __func__;
   30694   std::string command;
   30695   TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial(
   30696       nv_index, nv_index_name, platform, platform_name, &command,
   30697       authorization_delegate);
   30698   if (rc != TPM_RC_SUCCESS) {
   30699     return rc;
   30700   }
   30701   std::string response = transceiver_->SendCommandAndWait(command);
   30702   rc = ParseResponse_NV_UndefineSpaceSpecial(response, authorization_delegate);
   30703   return rc;
   30704 }
   30705 
   30706 TPM_RC Tpm::SerializeCommand_NV_ReadPublic(
   30707     const TPMI_RH_NV_INDEX& nv_index,
   30708     const std::string& nv_index_name,
   30709     std::string* serialized_command,
   30710     AuthorizationDelegate* authorization_delegate) {
   30711   VLOG(3) << __func__;
   30712   TPM_RC rc = TPM_RC_SUCCESS;
   30713   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30714   UINT32 command_size = 10;  // Header size.
   30715   std::string handle_section_bytes;
   30716   std::string parameter_section_bytes;
   30717   TPM_CC command_code = TPM_CC_NV_ReadPublic;
   30718   bool is_command_parameter_encryption_possible = false;
   30719   bool is_response_parameter_encryption_possible = true;
   30720   std::string command_code_bytes;
   30721   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30722   if (rc != TPM_RC_SUCCESS) {
   30723     return rc;
   30724   }
   30725   std::string nv_index_bytes;
   30726   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   30727   if (rc != TPM_RC_SUCCESS) {
   30728     return rc;
   30729   }
   30730   std::unique_ptr<crypto::SecureHash> hash(
   30731       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30732   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30733   hash->Update(nv_index_name.data(), nv_index_name.size());
   30734   handle_section_bytes += nv_index_bytes;
   30735   command_size += nv_index_bytes.size();
   30736   std::string command_hash(32, 0);
   30737   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   30738   std::string authorization_section_bytes;
   30739   std::string authorization_size_bytes;
   30740   if (authorization_delegate) {
   30741     if (!authorization_delegate->GetCommandAuthorization(
   30742             command_hash, is_command_parameter_encryption_possible,
   30743             is_response_parameter_encryption_possible,
   30744             &authorization_section_bytes)) {
   30745       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30746     }
   30747     if (!authorization_section_bytes.empty()) {
   30748       tag = TPM_ST_SESSIONS;
   30749       std::string tmp;
   30750       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30751                             &authorization_size_bytes);
   30752       if (rc != TPM_RC_SUCCESS) {
   30753         return rc;
   30754       }
   30755       command_size +=
   30756           authorization_size_bytes.size() + authorization_section_bytes.size();
   30757     }
   30758   }
   30759   std::string tag_bytes;
   30760   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   30761   if (rc != TPM_RC_SUCCESS) {
   30762     return rc;
   30763   }
   30764   std::string command_size_bytes;
   30765   rc = Serialize_UINT32(command_size, &command_size_bytes);
   30766   if (rc != TPM_RC_SUCCESS) {
   30767     return rc;
   30768   }
   30769   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   30770                         handle_section_bytes + authorization_size_bytes +
   30771                         authorization_section_bytes + parameter_section_bytes;
   30772   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30773   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30774                                             serialized_command->size());
   30775   return TPM_RC_SUCCESS;
   30776 }
   30777 
   30778 TPM_RC Tpm::ParseResponse_NV_ReadPublic(
   30779     const std::string& response,
   30780     TPM2B_NV_PUBLIC* nv_public,
   30781     TPM2B_NAME* nv_name,
   30782     AuthorizationDelegate* authorization_delegate) {
   30783   VLOG(3) << __func__;
   30784   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30785   TPM_RC rc = TPM_RC_SUCCESS;
   30786   std::string buffer(response);
   30787   TPM_ST tag;
   30788   std::string tag_bytes;
   30789   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   30790   if (rc != TPM_RC_SUCCESS) {
   30791     return rc;
   30792   }
   30793   UINT32 response_size;
   30794   std::string response_size_bytes;
   30795   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   30796   if (rc != TPM_RC_SUCCESS) {
   30797     return rc;
   30798   }
   30799   TPM_RC response_code;
   30800   std::string response_code_bytes;
   30801   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   30802   if (rc != TPM_RC_SUCCESS) {
   30803     return rc;
   30804   }
   30805   if (response_size != response.size()) {
   30806     return TPM_RC_SIZE;
   30807   }
   30808   if (response_code != TPM_RC_SUCCESS) {
   30809     return response_code;
   30810   }
   30811   TPM_CC command_code = TPM_CC_NV_ReadPublic;
   30812   std::string command_code_bytes;
   30813   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30814   if (rc != TPM_RC_SUCCESS) {
   30815     return rc;
   30816   }
   30817   std::string authorization_section_bytes;
   30818   if (tag == TPM_ST_SESSIONS) {
   30819     UINT32 parameter_section_size = buffer.size();
   30820     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30821     if (rc != TPM_RC_SUCCESS) {
   30822       return rc;
   30823     }
   30824     if (parameter_section_size > buffer.size()) {
   30825       return TPM_RC_INSUFFICIENT;
   30826     }
   30827     authorization_section_bytes = buffer.substr(parameter_section_size);
   30828     // Keep the parameter section in |buffer|.
   30829     buffer.erase(parameter_section_size);
   30830   }
   30831   std::unique_ptr<crypto::SecureHash> hash(
   30832       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30833   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   30834   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30835   hash->Update(buffer.data(), buffer.size());
   30836   std::string response_hash(32, 0);
   30837   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   30838   if (tag == TPM_ST_SESSIONS) {
   30839     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30840     if (!authorization_delegate->CheckResponseAuthorization(
   30841             response_hash, authorization_section_bytes)) {
   30842       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30843     }
   30844   }
   30845   std::string nv_public_bytes;
   30846   rc = Parse_TPM2B_NV_PUBLIC(&buffer, nv_public, &nv_public_bytes);
   30847   if (rc != TPM_RC_SUCCESS) {
   30848     return rc;
   30849   }
   30850   std::string nv_name_bytes;
   30851   rc = Parse_TPM2B_NAME(&buffer, nv_name, &nv_name_bytes);
   30852   if (rc != TPM_RC_SUCCESS) {
   30853     return rc;
   30854   }
   30855   if (tag == TPM_ST_SESSIONS) {
   30856     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30857     // Decrypt just the parameter data, not the size.
   30858     std::string tmp = nv_public_bytes.substr(2);
   30859     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   30860       return TRUNKS_RC_ENCRYPTION_FAILED;
   30861     }
   30862     nv_public_bytes.replace(2, std::string::npos, tmp);
   30863     rc = Parse_TPM2B_NV_PUBLIC(&nv_public_bytes, nv_public, nullptr);
   30864     if (rc != TPM_RC_SUCCESS) {
   30865       return rc;
   30866     }
   30867   }
   30868   return TPM_RC_SUCCESS;
   30869 }
   30870 
   30871 void NV_ReadPublicErrorCallback(const Tpm::NV_ReadPublicResponse& callback,
   30872                                 TPM_RC response_code) {
   30873   VLOG(1) << __func__;
   30874   callback.Run(response_code, TPM2B_NV_PUBLIC(), TPM2B_NAME());
   30875 }
   30876 
   30877 void NV_ReadPublicResponseParser(const Tpm::NV_ReadPublicResponse& callback,
   30878                                  AuthorizationDelegate* authorization_delegate,
   30879                                  const std::string& response) {
   30880   VLOG(1) << __func__;
   30881   base::Callback<void(TPM_RC)> error_reporter =
   30882       base::Bind(NV_ReadPublicErrorCallback, callback);
   30883   TPM2B_NV_PUBLIC nv_public;
   30884   TPM2B_NAME nv_name;
   30885   TPM_RC rc = Tpm::ParseResponse_NV_ReadPublic(response, &nv_public, &nv_name,
   30886                                                authorization_delegate);
   30887   if (rc != TPM_RC_SUCCESS) {
   30888     error_reporter.Run(rc);
   30889     return;
   30890   }
   30891   callback.Run(rc, nv_public, nv_name);
   30892 }
   30893 
   30894 void Tpm::NV_ReadPublic(const TPMI_RH_NV_INDEX& nv_index,
   30895                         const std::string& nv_index_name,
   30896                         AuthorizationDelegate* authorization_delegate,
   30897                         const NV_ReadPublicResponse& callback) {
   30898   VLOG(1) << __func__;
   30899   base::Callback<void(TPM_RC)> error_reporter =
   30900       base::Bind(NV_ReadPublicErrorCallback, callback);
   30901   base::Callback<void(const std::string&)> parser =
   30902       base::Bind(NV_ReadPublicResponseParser, callback, authorization_delegate);
   30903   std::string command;
   30904   TPM_RC rc = SerializeCommand_NV_ReadPublic(nv_index, nv_index_name, &command,
   30905                                              authorization_delegate);
   30906   if (rc != TPM_RC_SUCCESS) {
   30907     error_reporter.Run(rc);
   30908     return;
   30909   }
   30910   transceiver_->SendCommand(command, parser);
   30911 }
   30912 
   30913 TPM_RC Tpm::NV_ReadPublicSync(const TPMI_RH_NV_INDEX& nv_index,
   30914                               const std::string& nv_index_name,
   30915                               TPM2B_NV_PUBLIC* nv_public,
   30916                               TPM2B_NAME* nv_name,
   30917                               AuthorizationDelegate* authorization_delegate) {
   30918   VLOG(1) << __func__;
   30919   std::string command;
   30920   TPM_RC rc = SerializeCommand_NV_ReadPublic(nv_index, nv_index_name, &command,
   30921                                              authorization_delegate);
   30922   if (rc != TPM_RC_SUCCESS) {
   30923     return rc;
   30924   }
   30925   std::string response = transceiver_->SendCommandAndWait(command);
   30926   rc = ParseResponse_NV_ReadPublic(response, nv_public, nv_name,
   30927                                    authorization_delegate);
   30928   return rc;
   30929 }
   30930 
   30931 TPM_RC Tpm::SerializeCommand_NV_Write(
   30932     const TPMI_RH_NV_AUTH& auth_handle,
   30933     const std::string& auth_handle_name,
   30934     const TPMI_RH_NV_INDEX& nv_index,
   30935     const std::string& nv_index_name,
   30936     const TPM2B_MAX_NV_BUFFER& data,
   30937     const UINT16& offset,
   30938     std::string* serialized_command,
   30939     AuthorizationDelegate* authorization_delegate) {
   30940   VLOG(3) << __func__;
   30941   TPM_RC rc = TPM_RC_SUCCESS;
   30942   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30943   UINT32 command_size = 10;  // Header size.
   30944   std::string handle_section_bytes;
   30945   std::string parameter_section_bytes;
   30946   TPM_CC command_code = TPM_CC_NV_Write;
   30947   bool is_command_parameter_encryption_possible = true;
   30948   bool is_response_parameter_encryption_possible = false;
   30949   std::string command_code_bytes;
   30950   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   30951   if (rc != TPM_RC_SUCCESS) {
   30952     return rc;
   30953   }
   30954   std::string auth_handle_bytes;
   30955   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   30956   if (rc != TPM_RC_SUCCESS) {
   30957     return rc;
   30958   }
   30959   std::string nv_index_bytes;
   30960   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   30961   if (rc != TPM_RC_SUCCESS) {
   30962     return rc;
   30963   }
   30964   std::string data_bytes;
   30965   rc = Serialize_TPM2B_MAX_NV_BUFFER(data, &data_bytes);
   30966   if (rc != TPM_RC_SUCCESS) {
   30967     return rc;
   30968   }
   30969   std::string offset_bytes;
   30970   rc = Serialize_UINT16(offset, &offset_bytes);
   30971   if (rc != TPM_RC_SUCCESS) {
   30972     return rc;
   30973   }
   30974   if (authorization_delegate) {
   30975     // Encrypt just the parameter data, not the size.
   30976     std::string tmp = data_bytes.substr(2);
   30977     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   30978       return TRUNKS_RC_ENCRYPTION_FAILED;
   30979     }
   30980     data_bytes.replace(2, std::string::npos, tmp);
   30981   }
   30982   std::unique_ptr<crypto::SecureHash> hash(
   30983       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   30984   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   30985   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   30986   handle_section_bytes += auth_handle_bytes;
   30987   command_size += auth_handle_bytes.size();
   30988   hash->Update(nv_index_name.data(), nv_index_name.size());
   30989   handle_section_bytes += nv_index_bytes;
   30990   command_size += nv_index_bytes.size();
   30991   hash->Update(data_bytes.data(), data_bytes.size());
   30992   parameter_section_bytes += data_bytes;
   30993   command_size += data_bytes.size();
   30994   hash->Update(offset_bytes.data(), offset_bytes.size());
   30995   parameter_section_bytes += offset_bytes;
   30996   command_size += offset_bytes.size();
   30997   std::string command_hash(32, 0);
   30998   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   30999   std::string authorization_section_bytes;
   31000   std::string authorization_size_bytes;
   31001   if (authorization_delegate) {
   31002     if (!authorization_delegate->GetCommandAuthorization(
   31003             command_hash, is_command_parameter_encryption_possible,
   31004             is_response_parameter_encryption_possible,
   31005             &authorization_section_bytes)) {
   31006       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31007     }
   31008     if (!authorization_section_bytes.empty()) {
   31009       tag = TPM_ST_SESSIONS;
   31010       std::string tmp;
   31011       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31012                             &authorization_size_bytes);
   31013       if (rc != TPM_RC_SUCCESS) {
   31014         return rc;
   31015       }
   31016       command_size +=
   31017           authorization_size_bytes.size() + authorization_section_bytes.size();
   31018     }
   31019   }
   31020   std::string tag_bytes;
   31021   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   31022   if (rc != TPM_RC_SUCCESS) {
   31023     return rc;
   31024   }
   31025   std::string command_size_bytes;
   31026   rc = Serialize_UINT32(command_size, &command_size_bytes);
   31027   if (rc != TPM_RC_SUCCESS) {
   31028     return rc;
   31029   }
   31030   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   31031                         handle_section_bytes + authorization_size_bytes +
   31032                         authorization_section_bytes + parameter_section_bytes;
   31033   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31034   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31035                                             serialized_command->size());
   31036   return TPM_RC_SUCCESS;
   31037 }
   31038 
   31039 TPM_RC Tpm::ParseResponse_NV_Write(
   31040     const std::string& response,
   31041     AuthorizationDelegate* authorization_delegate) {
   31042   VLOG(3) << __func__;
   31043   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31044   TPM_RC rc = TPM_RC_SUCCESS;
   31045   std::string buffer(response);
   31046   TPM_ST tag;
   31047   std::string tag_bytes;
   31048   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   31049   if (rc != TPM_RC_SUCCESS) {
   31050     return rc;
   31051   }
   31052   UINT32 response_size;
   31053   std::string response_size_bytes;
   31054   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   31055   if (rc != TPM_RC_SUCCESS) {
   31056     return rc;
   31057   }
   31058   TPM_RC response_code;
   31059   std::string response_code_bytes;
   31060   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   31061   if (rc != TPM_RC_SUCCESS) {
   31062     return rc;
   31063   }
   31064   if (response_size != response.size()) {
   31065     return TPM_RC_SIZE;
   31066   }
   31067   if (response_code != TPM_RC_SUCCESS) {
   31068     return response_code;
   31069   }
   31070   TPM_CC command_code = TPM_CC_NV_Write;
   31071   std::string command_code_bytes;
   31072   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31073   if (rc != TPM_RC_SUCCESS) {
   31074     return rc;
   31075   }
   31076   std::string authorization_section_bytes;
   31077   if (tag == TPM_ST_SESSIONS) {
   31078     UINT32 parameter_section_size = buffer.size();
   31079     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31080     if (rc != TPM_RC_SUCCESS) {
   31081       return rc;
   31082     }
   31083     if (parameter_section_size > buffer.size()) {
   31084       return TPM_RC_INSUFFICIENT;
   31085     }
   31086     authorization_section_bytes = buffer.substr(parameter_section_size);
   31087     // Keep the parameter section in |buffer|.
   31088     buffer.erase(parameter_section_size);
   31089   }
   31090   std::unique_ptr<crypto::SecureHash> hash(
   31091       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31092   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   31093   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31094   hash->Update(buffer.data(), buffer.size());
   31095   std::string response_hash(32, 0);
   31096   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   31097   if (tag == TPM_ST_SESSIONS) {
   31098     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31099     if (!authorization_delegate->CheckResponseAuthorization(
   31100             response_hash, authorization_section_bytes)) {
   31101       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31102     }
   31103   }
   31104   return TPM_RC_SUCCESS;
   31105 }
   31106 
   31107 void NV_WriteErrorCallback(const Tpm::NV_WriteResponse& callback,
   31108                            TPM_RC response_code) {
   31109   VLOG(1) << __func__;
   31110   callback.Run(response_code);
   31111 }
   31112 
   31113 void NV_WriteResponseParser(const Tpm::NV_WriteResponse& callback,
   31114                             AuthorizationDelegate* authorization_delegate,
   31115                             const std::string& response) {
   31116   VLOG(1) << __func__;
   31117   base::Callback<void(TPM_RC)> error_reporter =
   31118       base::Bind(NV_WriteErrorCallback, callback);
   31119   TPM_RC rc = Tpm::ParseResponse_NV_Write(response, authorization_delegate);
   31120   if (rc != TPM_RC_SUCCESS) {
   31121     error_reporter.Run(rc);
   31122     return;
   31123   }
   31124   callback.Run(rc);
   31125 }
   31126 
   31127 void Tpm::NV_Write(const TPMI_RH_NV_AUTH& auth_handle,
   31128                    const std::string& auth_handle_name,
   31129                    const TPMI_RH_NV_INDEX& nv_index,
   31130                    const std::string& nv_index_name,
   31131                    const TPM2B_MAX_NV_BUFFER& data,
   31132                    const UINT16& offset,
   31133                    AuthorizationDelegate* authorization_delegate,
   31134                    const NV_WriteResponse& callback) {
   31135   VLOG(1) << __func__;
   31136   base::Callback<void(TPM_RC)> error_reporter =
   31137       base::Bind(NV_WriteErrorCallback, callback);
   31138   base::Callback<void(const std::string&)> parser =
   31139       base::Bind(NV_WriteResponseParser, callback, authorization_delegate);
   31140   std::string command;
   31141   TPM_RC rc = SerializeCommand_NV_Write(auth_handle, auth_handle_name, nv_index,
   31142                                         nv_index_name, data, offset, &command,
   31143                                         authorization_delegate);
   31144   if (rc != TPM_RC_SUCCESS) {
   31145     error_reporter.Run(rc);
   31146     return;
   31147   }
   31148   transceiver_->SendCommand(command, parser);
   31149 }
   31150 
   31151 TPM_RC Tpm::NV_WriteSync(const TPMI_RH_NV_AUTH& auth_handle,
   31152                          const std::string& auth_handle_name,
   31153                          const TPMI_RH_NV_INDEX& nv_index,
   31154                          const std::string& nv_index_name,
   31155                          const TPM2B_MAX_NV_BUFFER& data,
   31156                          const UINT16& offset,
   31157                          AuthorizationDelegate* authorization_delegate) {
   31158   VLOG(1) << __func__;
   31159   std::string command;
   31160   TPM_RC rc = SerializeCommand_NV_Write(auth_handle, auth_handle_name, nv_index,
   31161                                         nv_index_name, data, offset, &command,
   31162                                         authorization_delegate);
   31163   if (rc != TPM_RC_SUCCESS) {
   31164     return rc;
   31165   }
   31166   std::string response = transceiver_->SendCommandAndWait(command);
   31167   rc = ParseResponse_NV_Write(response, authorization_delegate);
   31168   return rc;
   31169 }
   31170 
   31171 TPM_RC Tpm::SerializeCommand_NV_Increment(
   31172     const TPMI_RH_NV_AUTH& auth_handle,
   31173     const std::string& auth_handle_name,
   31174     const TPMI_RH_NV_INDEX& nv_index,
   31175     const std::string& nv_index_name,
   31176     std::string* serialized_command,
   31177     AuthorizationDelegate* authorization_delegate) {
   31178   VLOG(3) << __func__;
   31179   TPM_RC rc = TPM_RC_SUCCESS;
   31180   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31181   UINT32 command_size = 10;  // Header size.
   31182   std::string handle_section_bytes;
   31183   std::string parameter_section_bytes;
   31184   TPM_CC command_code = TPM_CC_NV_Increment;
   31185   bool is_command_parameter_encryption_possible = false;
   31186   bool is_response_parameter_encryption_possible = false;
   31187   std::string command_code_bytes;
   31188   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31189   if (rc != TPM_RC_SUCCESS) {
   31190     return rc;
   31191   }
   31192   std::string auth_handle_bytes;
   31193   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   31194   if (rc != TPM_RC_SUCCESS) {
   31195     return rc;
   31196   }
   31197   std::string nv_index_bytes;
   31198   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   31199   if (rc != TPM_RC_SUCCESS) {
   31200     return rc;
   31201   }
   31202   std::unique_ptr<crypto::SecureHash> hash(
   31203       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31204   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31205   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   31206   handle_section_bytes += auth_handle_bytes;
   31207   command_size += auth_handle_bytes.size();
   31208   hash->Update(nv_index_name.data(), nv_index_name.size());
   31209   handle_section_bytes += nv_index_bytes;
   31210   command_size += nv_index_bytes.size();
   31211   std::string command_hash(32, 0);
   31212   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   31213   std::string authorization_section_bytes;
   31214   std::string authorization_size_bytes;
   31215   if (authorization_delegate) {
   31216     if (!authorization_delegate->GetCommandAuthorization(
   31217             command_hash, is_command_parameter_encryption_possible,
   31218             is_response_parameter_encryption_possible,
   31219             &authorization_section_bytes)) {
   31220       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31221     }
   31222     if (!authorization_section_bytes.empty()) {
   31223       tag = TPM_ST_SESSIONS;
   31224       std::string tmp;
   31225       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31226                             &authorization_size_bytes);
   31227       if (rc != TPM_RC_SUCCESS) {
   31228         return rc;
   31229       }
   31230       command_size +=
   31231           authorization_size_bytes.size() + authorization_section_bytes.size();
   31232     }
   31233   }
   31234   std::string tag_bytes;
   31235   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   31236   if (rc != TPM_RC_SUCCESS) {
   31237     return rc;
   31238   }
   31239   std::string command_size_bytes;
   31240   rc = Serialize_UINT32(command_size, &command_size_bytes);
   31241   if (rc != TPM_RC_SUCCESS) {
   31242     return rc;
   31243   }
   31244   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   31245                         handle_section_bytes + authorization_size_bytes +
   31246                         authorization_section_bytes + parameter_section_bytes;
   31247   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31248   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31249                                             serialized_command->size());
   31250   return TPM_RC_SUCCESS;
   31251 }
   31252 
   31253 TPM_RC Tpm::ParseResponse_NV_Increment(
   31254     const std::string& response,
   31255     AuthorizationDelegate* authorization_delegate) {
   31256   VLOG(3) << __func__;
   31257   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31258   TPM_RC rc = TPM_RC_SUCCESS;
   31259   std::string buffer(response);
   31260   TPM_ST tag;
   31261   std::string tag_bytes;
   31262   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   31263   if (rc != TPM_RC_SUCCESS) {
   31264     return rc;
   31265   }
   31266   UINT32 response_size;
   31267   std::string response_size_bytes;
   31268   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   31269   if (rc != TPM_RC_SUCCESS) {
   31270     return rc;
   31271   }
   31272   TPM_RC response_code;
   31273   std::string response_code_bytes;
   31274   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   31275   if (rc != TPM_RC_SUCCESS) {
   31276     return rc;
   31277   }
   31278   if (response_size != response.size()) {
   31279     return TPM_RC_SIZE;
   31280   }
   31281   if (response_code != TPM_RC_SUCCESS) {
   31282     return response_code;
   31283   }
   31284   TPM_CC command_code = TPM_CC_NV_Increment;
   31285   std::string command_code_bytes;
   31286   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31287   if (rc != TPM_RC_SUCCESS) {
   31288     return rc;
   31289   }
   31290   std::string authorization_section_bytes;
   31291   if (tag == TPM_ST_SESSIONS) {
   31292     UINT32 parameter_section_size = buffer.size();
   31293     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31294     if (rc != TPM_RC_SUCCESS) {
   31295       return rc;
   31296     }
   31297     if (parameter_section_size > buffer.size()) {
   31298       return TPM_RC_INSUFFICIENT;
   31299     }
   31300     authorization_section_bytes = buffer.substr(parameter_section_size);
   31301     // Keep the parameter section in |buffer|.
   31302     buffer.erase(parameter_section_size);
   31303   }
   31304   std::unique_ptr<crypto::SecureHash> hash(
   31305       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31306   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   31307   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31308   hash->Update(buffer.data(), buffer.size());
   31309   std::string response_hash(32, 0);
   31310   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   31311   if (tag == TPM_ST_SESSIONS) {
   31312     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31313     if (!authorization_delegate->CheckResponseAuthorization(
   31314             response_hash, authorization_section_bytes)) {
   31315       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31316     }
   31317   }
   31318   return TPM_RC_SUCCESS;
   31319 }
   31320 
   31321 void NV_IncrementErrorCallback(const Tpm::NV_IncrementResponse& callback,
   31322                                TPM_RC response_code) {
   31323   VLOG(1) << __func__;
   31324   callback.Run(response_code);
   31325 }
   31326 
   31327 void NV_IncrementResponseParser(const Tpm::NV_IncrementResponse& callback,
   31328                                 AuthorizationDelegate* authorization_delegate,
   31329                                 const std::string& response) {
   31330   VLOG(1) << __func__;
   31331   base::Callback<void(TPM_RC)> error_reporter =
   31332       base::Bind(NV_IncrementErrorCallback, callback);
   31333   TPM_RC rc = Tpm::ParseResponse_NV_Increment(response, authorization_delegate);
   31334   if (rc != TPM_RC_SUCCESS) {
   31335     error_reporter.Run(rc);
   31336     return;
   31337   }
   31338   callback.Run(rc);
   31339 }
   31340 
   31341 void Tpm::NV_Increment(const TPMI_RH_NV_AUTH& auth_handle,
   31342                        const std::string& auth_handle_name,
   31343                        const TPMI_RH_NV_INDEX& nv_index,
   31344                        const std::string& nv_index_name,
   31345                        AuthorizationDelegate* authorization_delegate,
   31346                        const NV_IncrementResponse& callback) {
   31347   VLOG(1) << __func__;
   31348   base::Callback<void(TPM_RC)> error_reporter =
   31349       base::Bind(NV_IncrementErrorCallback, callback);
   31350   base::Callback<void(const std::string&)> parser =
   31351       base::Bind(NV_IncrementResponseParser, callback, authorization_delegate);
   31352   std::string command;
   31353   TPM_RC rc = SerializeCommand_NV_Increment(auth_handle, auth_handle_name,
   31354                                             nv_index, nv_index_name, &command,
   31355                                             authorization_delegate);
   31356   if (rc != TPM_RC_SUCCESS) {
   31357     error_reporter.Run(rc);
   31358     return;
   31359   }
   31360   transceiver_->SendCommand(command, parser);
   31361 }
   31362 
   31363 TPM_RC Tpm::NV_IncrementSync(const TPMI_RH_NV_AUTH& auth_handle,
   31364                              const std::string& auth_handle_name,
   31365                              const TPMI_RH_NV_INDEX& nv_index,
   31366                              const std::string& nv_index_name,
   31367                              AuthorizationDelegate* authorization_delegate) {
   31368   VLOG(1) << __func__;
   31369   std::string command;
   31370   TPM_RC rc = SerializeCommand_NV_Increment(auth_handle, auth_handle_name,
   31371                                             nv_index, nv_index_name, &command,
   31372                                             authorization_delegate);
   31373   if (rc != TPM_RC_SUCCESS) {
   31374     return rc;
   31375   }
   31376   std::string response = transceiver_->SendCommandAndWait(command);
   31377   rc = ParseResponse_NV_Increment(response, authorization_delegate);
   31378   return rc;
   31379 }
   31380 
   31381 TPM_RC Tpm::SerializeCommand_NV_Extend(
   31382     const TPMI_RH_NV_AUTH& auth_handle,
   31383     const std::string& auth_handle_name,
   31384     const TPMI_RH_NV_INDEX& nv_index,
   31385     const std::string& nv_index_name,
   31386     const TPM2B_MAX_NV_BUFFER& data,
   31387     std::string* serialized_command,
   31388     AuthorizationDelegate* authorization_delegate) {
   31389   VLOG(3) << __func__;
   31390   TPM_RC rc = TPM_RC_SUCCESS;
   31391   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31392   UINT32 command_size = 10;  // Header size.
   31393   std::string handle_section_bytes;
   31394   std::string parameter_section_bytes;
   31395   TPM_CC command_code = TPM_CC_NV_Extend;
   31396   bool is_command_parameter_encryption_possible = true;
   31397   bool is_response_parameter_encryption_possible = false;
   31398   std::string command_code_bytes;
   31399   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31400   if (rc != TPM_RC_SUCCESS) {
   31401     return rc;
   31402   }
   31403   std::string auth_handle_bytes;
   31404   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   31405   if (rc != TPM_RC_SUCCESS) {
   31406     return rc;
   31407   }
   31408   std::string nv_index_bytes;
   31409   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   31410   if (rc != TPM_RC_SUCCESS) {
   31411     return rc;
   31412   }
   31413   std::string data_bytes;
   31414   rc = Serialize_TPM2B_MAX_NV_BUFFER(data, &data_bytes);
   31415   if (rc != TPM_RC_SUCCESS) {
   31416     return rc;
   31417   }
   31418   if (authorization_delegate) {
   31419     // Encrypt just the parameter data, not the size.
   31420     std::string tmp = data_bytes.substr(2);
   31421     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   31422       return TRUNKS_RC_ENCRYPTION_FAILED;
   31423     }
   31424     data_bytes.replace(2, std::string::npos, tmp);
   31425   }
   31426   std::unique_ptr<crypto::SecureHash> hash(
   31427       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31428   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31429   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   31430   handle_section_bytes += auth_handle_bytes;
   31431   command_size += auth_handle_bytes.size();
   31432   hash->Update(nv_index_name.data(), nv_index_name.size());
   31433   handle_section_bytes += nv_index_bytes;
   31434   command_size += nv_index_bytes.size();
   31435   hash->Update(data_bytes.data(), data_bytes.size());
   31436   parameter_section_bytes += data_bytes;
   31437   command_size += data_bytes.size();
   31438   std::string command_hash(32, 0);
   31439   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   31440   std::string authorization_section_bytes;
   31441   std::string authorization_size_bytes;
   31442   if (authorization_delegate) {
   31443     if (!authorization_delegate->GetCommandAuthorization(
   31444             command_hash, is_command_parameter_encryption_possible,
   31445             is_response_parameter_encryption_possible,
   31446             &authorization_section_bytes)) {
   31447       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31448     }
   31449     if (!authorization_section_bytes.empty()) {
   31450       tag = TPM_ST_SESSIONS;
   31451       std::string tmp;
   31452       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31453                             &authorization_size_bytes);
   31454       if (rc != TPM_RC_SUCCESS) {
   31455         return rc;
   31456       }
   31457       command_size +=
   31458           authorization_size_bytes.size() + authorization_section_bytes.size();
   31459     }
   31460   }
   31461   std::string tag_bytes;
   31462   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   31463   if (rc != TPM_RC_SUCCESS) {
   31464     return rc;
   31465   }
   31466   std::string command_size_bytes;
   31467   rc = Serialize_UINT32(command_size, &command_size_bytes);
   31468   if (rc != TPM_RC_SUCCESS) {
   31469     return rc;
   31470   }
   31471   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   31472                         handle_section_bytes + authorization_size_bytes +
   31473                         authorization_section_bytes + parameter_section_bytes;
   31474   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31475   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31476                                             serialized_command->size());
   31477   return TPM_RC_SUCCESS;
   31478 }
   31479 
   31480 TPM_RC Tpm::ParseResponse_NV_Extend(
   31481     const std::string& response,
   31482     AuthorizationDelegate* authorization_delegate) {
   31483   VLOG(3) << __func__;
   31484   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31485   TPM_RC rc = TPM_RC_SUCCESS;
   31486   std::string buffer(response);
   31487   TPM_ST tag;
   31488   std::string tag_bytes;
   31489   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   31490   if (rc != TPM_RC_SUCCESS) {
   31491     return rc;
   31492   }
   31493   UINT32 response_size;
   31494   std::string response_size_bytes;
   31495   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   31496   if (rc != TPM_RC_SUCCESS) {
   31497     return rc;
   31498   }
   31499   TPM_RC response_code;
   31500   std::string response_code_bytes;
   31501   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   31502   if (rc != TPM_RC_SUCCESS) {
   31503     return rc;
   31504   }
   31505   if (response_size != response.size()) {
   31506     return TPM_RC_SIZE;
   31507   }
   31508   if (response_code != TPM_RC_SUCCESS) {
   31509     return response_code;
   31510   }
   31511   TPM_CC command_code = TPM_CC_NV_Extend;
   31512   std::string command_code_bytes;
   31513   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31514   if (rc != TPM_RC_SUCCESS) {
   31515     return rc;
   31516   }
   31517   std::string authorization_section_bytes;
   31518   if (tag == TPM_ST_SESSIONS) {
   31519     UINT32 parameter_section_size = buffer.size();
   31520     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31521     if (rc != TPM_RC_SUCCESS) {
   31522       return rc;
   31523     }
   31524     if (parameter_section_size > buffer.size()) {
   31525       return TPM_RC_INSUFFICIENT;
   31526     }
   31527     authorization_section_bytes = buffer.substr(parameter_section_size);
   31528     // Keep the parameter section in |buffer|.
   31529     buffer.erase(parameter_section_size);
   31530   }
   31531   std::unique_ptr<crypto::SecureHash> hash(
   31532       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31533   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   31534   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31535   hash->Update(buffer.data(), buffer.size());
   31536   std::string response_hash(32, 0);
   31537   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   31538   if (tag == TPM_ST_SESSIONS) {
   31539     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31540     if (!authorization_delegate->CheckResponseAuthorization(
   31541             response_hash, authorization_section_bytes)) {
   31542       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31543     }
   31544   }
   31545   return TPM_RC_SUCCESS;
   31546 }
   31547 
   31548 void NV_ExtendErrorCallback(const Tpm::NV_ExtendResponse& callback,
   31549                             TPM_RC response_code) {
   31550   VLOG(1) << __func__;
   31551   callback.Run(response_code);
   31552 }
   31553 
   31554 void NV_ExtendResponseParser(const Tpm::NV_ExtendResponse& callback,
   31555                              AuthorizationDelegate* authorization_delegate,
   31556                              const std::string& response) {
   31557   VLOG(1) << __func__;
   31558   base::Callback<void(TPM_RC)> error_reporter =
   31559       base::Bind(NV_ExtendErrorCallback, callback);
   31560   TPM_RC rc = Tpm::ParseResponse_NV_Extend(response, authorization_delegate);
   31561   if (rc != TPM_RC_SUCCESS) {
   31562     error_reporter.Run(rc);
   31563     return;
   31564   }
   31565   callback.Run(rc);
   31566 }
   31567 
   31568 void Tpm::NV_Extend(const TPMI_RH_NV_AUTH& auth_handle,
   31569                     const std::string& auth_handle_name,
   31570                     const TPMI_RH_NV_INDEX& nv_index,
   31571                     const std::string& nv_index_name,
   31572                     const TPM2B_MAX_NV_BUFFER& data,
   31573                     AuthorizationDelegate* authorization_delegate,
   31574                     const NV_ExtendResponse& callback) {
   31575   VLOG(1) << __func__;
   31576   base::Callback<void(TPM_RC)> error_reporter =
   31577       base::Bind(NV_ExtendErrorCallback, callback);
   31578   base::Callback<void(const std::string&)> parser =
   31579       base::Bind(NV_ExtendResponseParser, callback, authorization_delegate);
   31580   std::string command;
   31581   TPM_RC rc = SerializeCommand_NV_Extend(auth_handle, auth_handle_name,
   31582                                          nv_index, nv_index_name, data,
   31583                                          &command, authorization_delegate);
   31584   if (rc != TPM_RC_SUCCESS) {
   31585     error_reporter.Run(rc);
   31586     return;
   31587   }
   31588   transceiver_->SendCommand(command, parser);
   31589 }
   31590 
   31591 TPM_RC Tpm::NV_ExtendSync(const TPMI_RH_NV_AUTH& auth_handle,
   31592                           const std::string& auth_handle_name,
   31593                           const TPMI_RH_NV_INDEX& nv_index,
   31594                           const std::string& nv_index_name,
   31595                           const TPM2B_MAX_NV_BUFFER& data,
   31596                           AuthorizationDelegate* authorization_delegate) {
   31597   VLOG(1) << __func__;
   31598   std::string command;
   31599   TPM_RC rc = SerializeCommand_NV_Extend(auth_handle, auth_handle_name,
   31600                                          nv_index, nv_index_name, data,
   31601                                          &command, authorization_delegate);
   31602   if (rc != TPM_RC_SUCCESS) {
   31603     return rc;
   31604   }
   31605   std::string response = transceiver_->SendCommandAndWait(command);
   31606   rc = ParseResponse_NV_Extend(response, authorization_delegate);
   31607   return rc;
   31608 }
   31609 
   31610 TPM_RC Tpm::SerializeCommand_NV_SetBits(
   31611     const TPMI_RH_NV_AUTH& auth_handle,
   31612     const std::string& auth_handle_name,
   31613     const TPMI_RH_NV_INDEX& nv_index,
   31614     const std::string& nv_index_name,
   31615     const UINT64& bits,
   31616     std::string* serialized_command,
   31617     AuthorizationDelegate* authorization_delegate) {
   31618   VLOG(3) << __func__;
   31619   TPM_RC rc = TPM_RC_SUCCESS;
   31620   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31621   UINT32 command_size = 10;  // Header size.
   31622   std::string handle_section_bytes;
   31623   std::string parameter_section_bytes;
   31624   TPM_CC command_code = TPM_CC_NV_SetBits;
   31625   bool is_command_parameter_encryption_possible = false;
   31626   bool is_response_parameter_encryption_possible = false;
   31627   std::string command_code_bytes;
   31628   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31629   if (rc != TPM_RC_SUCCESS) {
   31630     return rc;
   31631   }
   31632   std::string auth_handle_bytes;
   31633   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   31634   if (rc != TPM_RC_SUCCESS) {
   31635     return rc;
   31636   }
   31637   std::string nv_index_bytes;
   31638   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   31639   if (rc != TPM_RC_SUCCESS) {
   31640     return rc;
   31641   }
   31642   std::string bits_bytes;
   31643   rc = Serialize_UINT64(bits, &bits_bytes);
   31644   if (rc != TPM_RC_SUCCESS) {
   31645     return rc;
   31646   }
   31647   std::unique_ptr<crypto::SecureHash> hash(
   31648       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31649   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31650   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   31651   handle_section_bytes += auth_handle_bytes;
   31652   command_size += auth_handle_bytes.size();
   31653   hash->Update(nv_index_name.data(), nv_index_name.size());
   31654   handle_section_bytes += nv_index_bytes;
   31655   command_size += nv_index_bytes.size();
   31656   hash->Update(bits_bytes.data(), bits_bytes.size());
   31657   parameter_section_bytes += bits_bytes;
   31658   command_size += bits_bytes.size();
   31659   std::string command_hash(32, 0);
   31660   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   31661   std::string authorization_section_bytes;
   31662   std::string authorization_size_bytes;
   31663   if (authorization_delegate) {
   31664     if (!authorization_delegate->GetCommandAuthorization(
   31665             command_hash, is_command_parameter_encryption_possible,
   31666             is_response_parameter_encryption_possible,
   31667             &authorization_section_bytes)) {
   31668       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31669     }
   31670     if (!authorization_section_bytes.empty()) {
   31671       tag = TPM_ST_SESSIONS;
   31672       std::string tmp;
   31673       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31674                             &authorization_size_bytes);
   31675       if (rc != TPM_RC_SUCCESS) {
   31676         return rc;
   31677       }
   31678       command_size +=
   31679           authorization_size_bytes.size() + authorization_section_bytes.size();
   31680     }
   31681   }
   31682   std::string tag_bytes;
   31683   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   31684   if (rc != TPM_RC_SUCCESS) {
   31685     return rc;
   31686   }
   31687   std::string command_size_bytes;
   31688   rc = Serialize_UINT32(command_size, &command_size_bytes);
   31689   if (rc != TPM_RC_SUCCESS) {
   31690     return rc;
   31691   }
   31692   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   31693                         handle_section_bytes + authorization_size_bytes +
   31694                         authorization_section_bytes + parameter_section_bytes;
   31695   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31696   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31697                                             serialized_command->size());
   31698   return TPM_RC_SUCCESS;
   31699 }
   31700 
   31701 TPM_RC Tpm::ParseResponse_NV_SetBits(
   31702     const std::string& response,
   31703     AuthorizationDelegate* authorization_delegate) {
   31704   VLOG(3) << __func__;
   31705   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31706   TPM_RC rc = TPM_RC_SUCCESS;
   31707   std::string buffer(response);
   31708   TPM_ST tag;
   31709   std::string tag_bytes;
   31710   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   31711   if (rc != TPM_RC_SUCCESS) {
   31712     return rc;
   31713   }
   31714   UINT32 response_size;
   31715   std::string response_size_bytes;
   31716   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   31717   if (rc != TPM_RC_SUCCESS) {
   31718     return rc;
   31719   }
   31720   TPM_RC response_code;
   31721   std::string response_code_bytes;
   31722   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   31723   if (rc != TPM_RC_SUCCESS) {
   31724     return rc;
   31725   }
   31726   if (response_size != response.size()) {
   31727     return TPM_RC_SIZE;
   31728   }
   31729   if (response_code != TPM_RC_SUCCESS) {
   31730     return response_code;
   31731   }
   31732   TPM_CC command_code = TPM_CC_NV_SetBits;
   31733   std::string command_code_bytes;
   31734   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31735   if (rc != TPM_RC_SUCCESS) {
   31736     return rc;
   31737   }
   31738   std::string authorization_section_bytes;
   31739   if (tag == TPM_ST_SESSIONS) {
   31740     UINT32 parameter_section_size = buffer.size();
   31741     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31742     if (rc != TPM_RC_SUCCESS) {
   31743       return rc;
   31744     }
   31745     if (parameter_section_size > buffer.size()) {
   31746       return TPM_RC_INSUFFICIENT;
   31747     }
   31748     authorization_section_bytes = buffer.substr(parameter_section_size);
   31749     // Keep the parameter section in |buffer|.
   31750     buffer.erase(parameter_section_size);
   31751   }
   31752   std::unique_ptr<crypto::SecureHash> hash(
   31753       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31754   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   31755   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31756   hash->Update(buffer.data(), buffer.size());
   31757   std::string response_hash(32, 0);
   31758   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   31759   if (tag == TPM_ST_SESSIONS) {
   31760     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31761     if (!authorization_delegate->CheckResponseAuthorization(
   31762             response_hash, authorization_section_bytes)) {
   31763       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31764     }
   31765   }
   31766   return TPM_RC_SUCCESS;
   31767 }
   31768 
   31769 void NV_SetBitsErrorCallback(const Tpm::NV_SetBitsResponse& callback,
   31770                              TPM_RC response_code) {
   31771   VLOG(1) << __func__;
   31772   callback.Run(response_code);
   31773 }
   31774 
   31775 void NV_SetBitsResponseParser(const Tpm::NV_SetBitsResponse& callback,
   31776                               AuthorizationDelegate* authorization_delegate,
   31777                               const std::string& response) {
   31778   VLOG(1) << __func__;
   31779   base::Callback<void(TPM_RC)> error_reporter =
   31780       base::Bind(NV_SetBitsErrorCallback, callback);
   31781   TPM_RC rc = Tpm::ParseResponse_NV_SetBits(response, authorization_delegate);
   31782   if (rc != TPM_RC_SUCCESS) {
   31783     error_reporter.Run(rc);
   31784     return;
   31785   }
   31786   callback.Run(rc);
   31787 }
   31788 
   31789 void Tpm::NV_SetBits(const TPMI_RH_NV_AUTH& auth_handle,
   31790                      const std::string& auth_handle_name,
   31791                      const TPMI_RH_NV_INDEX& nv_index,
   31792                      const std::string& nv_index_name,
   31793                      const UINT64& bits,
   31794                      AuthorizationDelegate* authorization_delegate,
   31795                      const NV_SetBitsResponse& callback) {
   31796   VLOG(1) << __func__;
   31797   base::Callback<void(TPM_RC)> error_reporter =
   31798       base::Bind(NV_SetBitsErrorCallback, callback);
   31799   base::Callback<void(const std::string&)> parser =
   31800       base::Bind(NV_SetBitsResponseParser, callback, authorization_delegate);
   31801   std::string command;
   31802   TPM_RC rc = SerializeCommand_NV_SetBits(auth_handle, auth_handle_name,
   31803                                           nv_index, nv_index_name, bits,
   31804                                           &command, authorization_delegate);
   31805   if (rc != TPM_RC_SUCCESS) {
   31806     error_reporter.Run(rc);
   31807     return;
   31808   }
   31809   transceiver_->SendCommand(command, parser);
   31810 }
   31811 
   31812 TPM_RC Tpm::NV_SetBitsSync(const TPMI_RH_NV_AUTH& auth_handle,
   31813                            const std::string& auth_handle_name,
   31814                            const TPMI_RH_NV_INDEX& nv_index,
   31815                            const std::string& nv_index_name,
   31816                            const UINT64& bits,
   31817                            AuthorizationDelegate* authorization_delegate) {
   31818   VLOG(1) << __func__;
   31819   std::string command;
   31820   TPM_RC rc = SerializeCommand_NV_SetBits(auth_handle, auth_handle_name,
   31821                                           nv_index, nv_index_name, bits,
   31822                                           &command, authorization_delegate);
   31823   if (rc != TPM_RC_SUCCESS) {
   31824     return rc;
   31825   }
   31826   std::string response = transceiver_->SendCommandAndWait(command);
   31827   rc = ParseResponse_NV_SetBits(response, authorization_delegate);
   31828   return rc;
   31829 }
   31830 
   31831 TPM_RC Tpm::SerializeCommand_NV_WriteLock(
   31832     const TPMI_RH_NV_AUTH& auth_handle,
   31833     const std::string& auth_handle_name,
   31834     const TPMI_RH_NV_INDEX& nv_index,
   31835     const std::string& nv_index_name,
   31836     std::string* serialized_command,
   31837     AuthorizationDelegate* authorization_delegate) {
   31838   VLOG(3) << __func__;
   31839   TPM_RC rc = TPM_RC_SUCCESS;
   31840   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31841   UINT32 command_size = 10;  // Header size.
   31842   std::string handle_section_bytes;
   31843   std::string parameter_section_bytes;
   31844   TPM_CC command_code = TPM_CC_NV_WriteLock;
   31845   bool is_command_parameter_encryption_possible = false;
   31846   bool is_response_parameter_encryption_possible = false;
   31847   std::string command_code_bytes;
   31848   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31849   if (rc != TPM_RC_SUCCESS) {
   31850     return rc;
   31851   }
   31852   std::string auth_handle_bytes;
   31853   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   31854   if (rc != TPM_RC_SUCCESS) {
   31855     return rc;
   31856   }
   31857   std::string nv_index_bytes;
   31858   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   31859   if (rc != TPM_RC_SUCCESS) {
   31860     return rc;
   31861   }
   31862   std::unique_ptr<crypto::SecureHash> hash(
   31863       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31864   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31865   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   31866   handle_section_bytes += auth_handle_bytes;
   31867   command_size += auth_handle_bytes.size();
   31868   hash->Update(nv_index_name.data(), nv_index_name.size());
   31869   handle_section_bytes += nv_index_bytes;
   31870   command_size += nv_index_bytes.size();
   31871   std::string command_hash(32, 0);
   31872   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   31873   std::string authorization_section_bytes;
   31874   std::string authorization_size_bytes;
   31875   if (authorization_delegate) {
   31876     if (!authorization_delegate->GetCommandAuthorization(
   31877             command_hash, is_command_parameter_encryption_possible,
   31878             is_response_parameter_encryption_possible,
   31879             &authorization_section_bytes)) {
   31880       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31881     }
   31882     if (!authorization_section_bytes.empty()) {
   31883       tag = TPM_ST_SESSIONS;
   31884       std::string tmp;
   31885       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31886                             &authorization_size_bytes);
   31887       if (rc != TPM_RC_SUCCESS) {
   31888         return rc;
   31889       }
   31890       command_size +=
   31891           authorization_size_bytes.size() + authorization_section_bytes.size();
   31892     }
   31893   }
   31894   std::string tag_bytes;
   31895   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   31896   if (rc != TPM_RC_SUCCESS) {
   31897     return rc;
   31898   }
   31899   std::string command_size_bytes;
   31900   rc = Serialize_UINT32(command_size, &command_size_bytes);
   31901   if (rc != TPM_RC_SUCCESS) {
   31902     return rc;
   31903   }
   31904   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   31905                         handle_section_bytes + authorization_size_bytes +
   31906                         authorization_section_bytes + parameter_section_bytes;
   31907   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31908   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31909                                             serialized_command->size());
   31910   return TPM_RC_SUCCESS;
   31911 }
   31912 
   31913 TPM_RC Tpm::ParseResponse_NV_WriteLock(
   31914     const std::string& response,
   31915     AuthorizationDelegate* authorization_delegate) {
   31916   VLOG(3) << __func__;
   31917   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31918   TPM_RC rc = TPM_RC_SUCCESS;
   31919   std::string buffer(response);
   31920   TPM_ST tag;
   31921   std::string tag_bytes;
   31922   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   31923   if (rc != TPM_RC_SUCCESS) {
   31924     return rc;
   31925   }
   31926   UINT32 response_size;
   31927   std::string response_size_bytes;
   31928   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   31929   if (rc != TPM_RC_SUCCESS) {
   31930     return rc;
   31931   }
   31932   TPM_RC response_code;
   31933   std::string response_code_bytes;
   31934   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   31935   if (rc != TPM_RC_SUCCESS) {
   31936     return rc;
   31937   }
   31938   if (response_size != response.size()) {
   31939     return TPM_RC_SIZE;
   31940   }
   31941   if (response_code != TPM_RC_SUCCESS) {
   31942     return response_code;
   31943   }
   31944   TPM_CC command_code = TPM_CC_NV_WriteLock;
   31945   std::string command_code_bytes;
   31946   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   31947   if (rc != TPM_RC_SUCCESS) {
   31948     return rc;
   31949   }
   31950   std::string authorization_section_bytes;
   31951   if (tag == TPM_ST_SESSIONS) {
   31952     UINT32 parameter_section_size = buffer.size();
   31953     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31954     if (rc != TPM_RC_SUCCESS) {
   31955       return rc;
   31956     }
   31957     if (parameter_section_size > buffer.size()) {
   31958       return TPM_RC_INSUFFICIENT;
   31959     }
   31960     authorization_section_bytes = buffer.substr(parameter_section_size);
   31961     // Keep the parameter section in |buffer|.
   31962     buffer.erase(parameter_section_size);
   31963   }
   31964   std::unique_ptr<crypto::SecureHash> hash(
   31965       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   31966   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   31967   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   31968   hash->Update(buffer.data(), buffer.size());
   31969   std::string response_hash(32, 0);
   31970   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   31971   if (tag == TPM_ST_SESSIONS) {
   31972     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31973     if (!authorization_delegate->CheckResponseAuthorization(
   31974             response_hash, authorization_section_bytes)) {
   31975       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31976     }
   31977   }
   31978   return TPM_RC_SUCCESS;
   31979 }
   31980 
   31981 void NV_WriteLockErrorCallback(const Tpm::NV_WriteLockResponse& callback,
   31982                                TPM_RC response_code) {
   31983   VLOG(1) << __func__;
   31984   callback.Run(response_code);
   31985 }
   31986 
   31987 void NV_WriteLockResponseParser(const Tpm::NV_WriteLockResponse& callback,
   31988                                 AuthorizationDelegate* authorization_delegate,
   31989                                 const std::string& response) {
   31990   VLOG(1) << __func__;
   31991   base::Callback<void(TPM_RC)> error_reporter =
   31992       base::Bind(NV_WriteLockErrorCallback, callback);
   31993   TPM_RC rc = Tpm::ParseResponse_NV_WriteLock(response, authorization_delegate);
   31994   if (rc != TPM_RC_SUCCESS) {
   31995     error_reporter.Run(rc);
   31996     return;
   31997   }
   31998   callback.Run(rc);
   31999 }
   32000 
   32001 void Tpm::NV_WriteLock(const TPMI_RH_NV_AUTH& auth_handle,
   32002                        const std::string& auth_handle_name,
   32003                        const TPMI_RH_NV_INDEX& nv_index,
   32004                        const std::string& nv_index_name,
   32005                        AuthorizationDelegate* authorization_delegate,
   32006                        const NV_WriteLockResponse& callback) {
   32007   VLOG(1) << __func__;
   32008   base::Callback<void(TPM_RC)> error_reporter =
   32009       base::Bind(NV_WriteLockErrorCallback, callback);
   32010   base::Callback<void(const std::string&)> parser =
   32011       base::Bind(NV_WriteLockResponseParser, callback, authorization_delegate);
   32012   std::string command;
   32013   TPM_RC rc = SerializeCommand_NV_WriteLock(auth_handle, auth_handle_name,
   32014                                             nv_index, nv_index_name, &command,
   32015                                             authorization_delegate);
   32016   if (rc != TPM_RC_SUCCESS) {
   32017     error_reporter.Run(rc);
   32018     return;
   32019   }
   32020   transceiver_->SendCommand(command, parser);
   32021 }
   32022 
   32023 TPM_RC Tpm::NV_WriteLockSync(const TPMI_RH_NV_AUTH& auth_handle,
   32024                              const std::string& auth_handle_name,
   32025                              const TPMI_RH_NV_INDEX& nv_index,
   32026                              const std::string& nv_index_name,
   32027                              AuthorizationDelegate* authorization_delegate) {
   32028   VLOG(1) << __func__;
   32029   std::string command;
   32030   TPM_RC rc = SerializeCommand_NV_WriteLock(auth_handle, auth_handle_name,
   32031                                             nv_index, nv_index_name, &command,
   32032                                             authorization_delegate);
   32033   if (rc != TPM_RC_SUCCESS) {
   32034     return rc;
   32035   }
   32036   std::string response = transceiver_->SendCommandAndWait(command);
   32037   rc = ParseResponse_NV_WriteLock(response, authorization_delegate);
   32038   return rc;
   32039 }
   32040 
   32041 TPM_RC Tpm::SerializeCommand_NV_GlobalWriteLock(
   32042     const TPMI_RH_PROVISION& auth_handle,
   32043     const std::string& auth_handle_name,
   32044     std::string* serialized_command,
   32045     AuthorizationDelegate* authorization_delegate) {
   32046   VLOG(3) << __func__;
   32047   TPM_RC rc = TPM_RC_SUCCESS;
   32048   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32049   UINT32 command_size = 10;  // Header size.
   32050   std::string handle_section_bytes;
   32051   std::string parameter_section_bytes;
   32052   TPM_CC command_code = TPM_CC_NV_GlobalWriteLock;
   32053   bool is_command_parameter_encryption_possible = false;
   32054   bool is_response_parameter_encryption_possible = false;
   32055   std::string command_code_bytes;
   32056   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32057   if (rc != TPM_RC_SUCCESS) {
   32058     return rc;
   32059   }
   32060   std::string auth_handle_bytes;
   32061   rc = Serialize_TPMI_RH_PROVISION(auth_handle, &auth_handle_bytes);
   32062   if (rc != TPM_RC_SUCCESS) {
   32063     return rc;
   32064   }
   32065   std::unique_ptr<crypto::SecureHash> hash(
   32066       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32067   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32068   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   32069   handle_section_bytes += auth_handle_bytes;
   32070   command_size += auth_handle_bytes.size();
   32071   std::string command_hash(32, 0);
   32072   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   32073   std::string authorization_section_bytes;
   32074   std::string authorization_size_bytes;
   32075   if (authorization_delegate) {
   32076     if (!authorization_delegate->GetCommandAuthorization(
   32077             command_hash, is_command_parameter_encryption_possible,
   32078             is_response_parameter_encryption_possible,
   32079             &authorization_section_bytes)) {
   32080       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32081     }
   32082     if (!authorization_section_bytes.empty()) {
   32083       tag = TPM_ST_SESSIONS;
   32084       std::string tmp;
   32085       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32086                             &authorization_size_bytes);
   32087       if (rc != TPM_RC_SUCCESS) {
   32088         return rc;
   32089       }
   32090       command_size +=
   32091           authorization_size_bytes.size() + authorization_section_bytes.size();
   32092     }
   32093   }
   32094   std::string tag_bytes;
   32095   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   32096   if (rc != TPM_RC_SUCCESS) {
   32097     return rc;
   32098   }
   32099   std::string command_size_bytes;
   32100   rc = Serialize_UINT32(command_size, &command_size_bytes);
   32101   if (rc != TPM_RC_SUCCESS) {
   32102     return rc;
   32103   }
   32104   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   32105                         handle_section_bytes + authorization_size_bytes +
   32106                         authorization_section_bytes + parameter_section_bytes;
   32107   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32108   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32109                                             serialized_command->size());
   32110   return TPM_RC_SUCCESS;
   32111 }
   32112 
   32113 TPM_RC Tpm::ParseResponse_NV_GlobalWriteLock(
   32114     const std::string& response,
   32115     AuthorizationDelegate* authorization_delegate) {
   32116   VLOG(3) << __func__;
   32117   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32118   TPM_RC rc = TPM_RC_SUCCESS;
   32119   std::string buffer(response);
   32120   TPM_ST tag;
   32121   std::string tag_bytes;
   32122   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   32123   if (rc != TPM_RC_SUCCESS) {
   32124     return rc;
   32125   }
   32126   UINT32 response_size;
   32127   std::string response_size_bytes;
   32128   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   32129   if (rc != TPM_RC_SUCCESS) {
   32130     return rc;
   32131   }
   32132   TPM_RC response_code;
   32133   std::string response_code_bytes;
   32134   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   32135   if (rc != TPM_RC_SUCCESS) {
   32136     return rc;
   32137   }
   32138   if (response_size != response.size()) {
   32139     return TPM_RC_SIZE;
   32140   }
   32141   if (response_code != TPM_RC_SUCCESS) {
   32142     return response_code;
   32143   }
   32144   TPM_CC command_code = TPM_CC_NV_GlobalWriteLock;
   32145   std::string command_code_bytes;
   32146   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32147   if (rc != TPM_RC_SUCCESS) {
   32148     return rc;
   32149   }
   32150   std::string authorization_section_bytes;
   32151   if (tag == TPM_ST_SESSIONS) {
   32152     UINT32 parameter_section_size = buffer.size();
   32153     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32154     if (rc != TPM_RC_SUCCESS) {
   32155       return rc;
   32156     }
   32157     if (parameter_section_size > buffer.size()) {
   32158       return TPM_RC_INSUFFICIENT;
   32159     }
   32160     authorization_section_bytes = buffer.substr(parameter_section_size);
   32161     // Keep the parameter section in |buffer|.
   32162     buffer.erase(parameter_section_size);
   32163   }
   32164   std::unique_ptr<crypto::SecureHash> hash(
   32165       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32166   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   32167   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32168   hash->Update(buffer.data(), buffer.size());
   32169   std::string response_hash(32, 0);
   32170   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   32171   if (tag == TPM_ST_SESSIONS) {
   32172     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32173     if (!authorization_delegate->CheckResponseAuthorization(
   32174             response_hash, authorization_section_bytes)) {
   32175       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32176     }
   32177   }
   32178   return TPM_RC_SUCCESS;
   32179 }
   32180 
   32181 void NV_GlobalWriteLockErrorCallback(
   32182     const Tpm::NV_GlobalWriteLockResponse& callback,
   32183     TPM_RC response_code) {
   32184   VLOG(1) << __func__;
   32185   callback.Run(response_code);
   32186 }
   32187 
   32188 void NV_GlobalWriteLockResponseParser(
   32189     const Tpm::NV_GlobalWriteLockResponse& callback,
   32190     AuthorizationDelegate* authorization_delegate,
   32191     const std::string& response) {
   32192   VLOG(1) << __func__;
   32193   base::Callback<void(TPM_RC)> error_reporter =
   32194       base::Bind(NV_GlobalWriteLockErrorCallback, callback);
   32195   TPM_RC rc =
   32196       Tpm::ParseResponse_NV_GlobalWriteLock(response, authorization_delegate);
   32197   if (rc != TPM_RC_SUCCESS) {
   32198     error_reporter.Run(rc);
   32199     return;
   32200   }
   32201   callback.Run(rc);
   32202 }
   32203 
   32204 void Tpm::NV_GlobalWriteLock(const TPMI_RH_PROVISION& auth_handle,
   32205                              const std::string& auth_handle_name,
   32206                              AuthorizationDelegate* authorization_delegate,
   32207                              const NV_GlobalWriteLockResponse& callback) {
   32208   VLOG(1) << __func__;
   32209   base::Callback<void(TPM_RC)> error_reporter =
   32210       base::Bind(NV_GlobalWriteLockErrorCallback, callback);
   32211   base::Callback<void(const std::string&)> parser = base::Bind(
   32212       NV_GlobalWriteLockResponseParser, callback, authorization_delegate);
   32213   std::string command;
   32214   TPM_RC rc = SerializeCommand_NV_GlobalWriteLock(
   32215       auth_handle, auth_handle_name, &command, authorization_delegate);
   32216   if (rc != TPM_RC_SUCCESS) {
   32217     error_reporter.Run(rc);
   32218     return;
   32219   }
   32220   transceiver_->SendCommand(command, parser);
   32221 }
   32222 
   32223 TPM_RC Tpm::NV_GlobalWriteLockSync(
   32224     const TPMI_RH_PROVISION& auth_handle,
   32225     const std::string& auth_handle_name,
   32226     AuthorizationDelegate* authorization_delegate) {
   32227   VLOG(1) << __func__;
   32228   std::string command;
   32229   TPM_RC rc = SerializeCommand_NV_GlobalWriteLock(
   32230       auth_handle, auth_handle_name, &command, authorization_delegate);
   32231   if (rc != TPM_RC_SUCCESS) {
   32232     return rc;
   32233   }
   32234   std::string response = transceiver_->SendCommandAndWait(command);
   32235   rc = ParseResponse_NV_GlobalWriteLock(response, authorization_delegate);
   32236   return rc;
   32237 }
   32238 
   32239 TPM_RC Tpm::SerializeCommand_NV_Read(
   32240     const TPMI_RH_NV_AUTH& auth_handle,
   32241     const std::string& auth_handle_name,
   32242     const TPMI_RH_NV_INDEX& nv_index,
   32243     const std::string& nv_index_name,
   32244     const UINT16& size,
   32245     const UINT16& offset,
   32246     std::string* serialized_command,
   32247     AuthorizationDelegate* authorization_delegate) {
   32248   VLOG(3) << __func__;
   32249   TPM_RC rc = TPM_RC_SUCCESS;
   32250   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32251   UINT32 command_size = 10;  // Header size.
   32252   std::string handle_section_bytes;
   32253   std::string parameter_section_bytes;
   32254   TPM_CC command_code = TPM_CC_NV_Read;
   32255   bool is_command_parameter_encryption_possible = false;
   32256   bool is_response_parameter_encryption_possible = true;
   32257   std::string command_code_bytes;
   32258   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32259   if (rc != TPM_RC_SUCCESS) {
   32260     return rc;
   32261   }
   32262   std::string auth_handle_bytes;
   32263   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   32264   if (rc != TPM_RC_SUCCESS) {
   32265     return rc;
   32266   }
   32267   std::string nv_index_bytes;
   32268   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   32269   if (rc != TPM_RC_SUCCESS) {
   32270     return rc;
   32271   }
   32272   std::string size_bytes;
   32273   rc = Serialize_UINT16(size, &size_bytes);
   32274   if (rc != TPM_RC_SUCCESS) {
   32275     return rc;
   32276   }
   32277   std::string offset_bytes;
   32278   rc = Serialize_UINT16(offset, &offset_bytes);
   32279   if (rc != TPM_RC_SUCCESS) {
   32280     return rc;
   32281   }
   32282   std::unique_ptr<crypto::SecureHash> hash(
   32283       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32284   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32285   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   32286   handle_section_bytes += auth_handle_bytes;
   32287   command_size += auth_handle_bytes.size();
   32288   hash->Update(nv_index_name.data(), nv_index_name.size());
   32289   handle_section_bytes += nv_index_bytes;
   32290   command_size += nv_index_bytes.size();
   32291   hash->Update(size_bytes.data(), size_bytes.size());
   32292   parameter_section_bytes += size_bytes;
   32293   command_size += size_bytes.size();
   32294   hash->Update(offset_bytes.data(), offset_bytes.size());
   32295   parameter_section_bytes += offset_bytes;
   32296   command_size += offset_bytes.size();
   32297   std::string command_hash(32, 0);
   32298   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   32299   std::string authorization_section_bytes;
   32300   std::string authorization_size_bytes;
   32301   if (authorization_delegate) {
   32302     if (!authorization_delegate->GetCommandAuthorization(
   32303             command_hash, is_command_parameter_encryption_possible,
   32304             is_response_parameter_encryption_possible,
   32305             &authorization_section_bytes)) {
   32306       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32307     }
   32308     if (!authorization_section_bytes.empty()) {
   32309       tag = TPM_ST_SESSIONS;
   32310       std::string tmp;
   32311       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32312                             &authorization_size_bytes);
   32313       if (rc != TPM_RC_SUCCESS) {
   32314         return rc;
   32315       }
   32316       command_size +=
   32317           authorization_size_bytes.size() + authorization_section_bytes.size();
   32318     }
   32319   }
   32320   std::string tag_bytes;
   32321   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   32322   if (rc != TPM_RC_SUCCESS) {
   32323     return rc;
   32324   }
   32325   std::string command_size_bytes;
   32326   rc = Serialize_UINT32(command_size, &command_size_bytes);
   32327   if (rc != TPM_RC_SUCCESS) {
   32328     return rc;
   32329   }
   32330   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   32331                         handle_section_bytes + authorization_size_bytes +
   32332                         authorization_section_bytes + parameter_section_bytes;
   32333   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32334   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32335                                             serialized_command->size());
   32336   return TPM_RC_SUCCESS;
   32337 }
   32338 
   32339 TPM_RC Tpm::ParseResponse_NV_Read(
   32340     const std::string& response,
   32341     TPM2B_MAX_NV_BUFFER* data,
   32342     AuthorizationDelegate* authorization_delegate) {
   32343   VLOG(3) << __func__;
   32344   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32345   TPM_RC rc = TPM_RC_SUCCESS;
   32346   std::string buffer(response);
   32347   TPM_ST tag;
   32348   std::string tag_bytes;
   32349   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   32350   if (rc != TPM_RC_SUCCESS) {
   32351     return rc;
   32352   }
   32353   UINT32 response_size;
   32354   std::string response_size_bytes;
   32355   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   32356   if (rc != TPM_RC_SUCCESS) {
   32357     return rc;
   32358   }
   32359   TPM_RC response_code;
   32360   std::string response_code_bytes;
   32361   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   32362   if (rc != TPM_RC_SUCCESS) {
   32363     return rc;
   32364   }
   32365   if (response_size != response.size()) {
   32366     return TPM_RC_SIZE;
   32367   }
   32368   if (response_code != TPM_RC_SUCCESS) {
   32369     return response_code;
   32370   }
   32371   TPM_CC command_code = TPM_CC_NV_Read;
   32372   std::string command_code_bytes;
   32373   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32374   if (rc != TPM_RC_SUCCESS) {
   32375     return rc;
   32376   }
   32377   std::string authorization_section_bytes;
   32378   if (tag == TPM_ST_SESSIONS) {
   32379     UINT32 parameter_section_size = buffer.size();
   32380     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32381     if (rc != TPM_RC_SUCCESS) {
   32382       return rc;
   32383     }
   32384     if (parameter_section_size > buffer.size()) {
   32385       return TPM_RC_INSUFFICIENT;
   32386     }
   32387     authorization_section_bytes = buffer.substr(parameter_section_size);
   32388     // Keep the parameter section in |buffer|.
   32389     buffer.erase(parameter_section_size);
   32390   }
   32391   std::unique_ptr<crypto::SecureHash> hash(
   32392       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32393   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   32394   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32395   hash->Update(buffer.data(), buffer.size());
   32396   std::string response_hash(32, 0);
   32397   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   32398   if (tag == TPM_ST_SESSIONS) {
   32399     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32400     if (!authorization_delegate->CheckResponseAuthorization(
   32401             response_hash, authorization_section_bytes)) {
   32402       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32403     }
   32404   }
   32405   std::string data_bytes;
   32406   rc = Parse_TPM2B_MAX_NV_BUFFER(&buffer, data, &data_bytes);
   32407   if (rc != TPM_RC_SUCCESS) {
   32408     return rc;
   32409   }
   32410   if (tag == TPM_ST_SESSIONS) {
   32411     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32412     // Decrypt just the parameter data, not the size.
   32413     std::string tmp = data_bytes.substr(2);
   32414     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   32415       return TRUNKS_RC_ENCRYPTION_FAILED;
   32416     }
   32417     data_bytes.replace(2, std::string::npos, tmp);
   32418     rc = Parse_TPM2B_MAX_NV_BUFFER(&data_bytes, data, nullptr);
   32419     if (rc != TPM_RC_SUCCESS) {
   32420       return rc;
   32421     }
   32422   }
   32423   return TPM_RC_SUCCESS;
   32424 }
   32425 
   32426 void NV_ReadErrorCallback(const Tpm::NV_ReadResponse& callback,
   32427                           TPM_RC response_code) {
   32428   VLOG(1) << __func__;
   32429   callback.Run(response_code, TPM2B_MAX_NV_BUFFER());
   32430 }
   32431 
   32432 void NV_ReadResponseParser(const Tpm::NV_ReadResponse& callback,
   32433                            AuthorizationDelegate* authorization_delegate,
   32434                            const std::string& response) {
   32435   VLOG(1) << __func__;
   32436   base::Callback<void(TPM_RC)> error_reporter =
   32437       base::Bind(NV_ReadErrorCallback, callback);
   32438   TPM2B_MAX_NV_BUFFER data;
   32439   TPM_RC rc =
   32440       Tpm::ParseResponse_NV_Read(response, &data, authorization_delegate);
   32441   if (rc != TPM_RC_SUCCESS) {
   32442     error_reporter.Run(rc);
   32443     return;
   32444   }
   32445   callback.Run(rc, data);
   32446 }
   32447 
   32448 void Tpm::NV_Read(const TPMI_RH_NV_AUTH& auth_handle,
   32449                   const std::string& auth_handle_name,
   32450                   const TPMI_RH_NV_INDEX& nv_index,
   32451                   const std::string& nv_index_name,
   32452                   const UINT16& size,
   32453                   const UINT16& offset,
   32454                   AuthorizationDelegate* authorization_delegate,
   32455                   const NV_ReadResponse& callback) {
   32456   VLOG(1) << __func__;
   32457   base::Callback<void(TPM_RC)> error_reporter =
   32458       base::Bind(NV_ReadErrorCallback, callback);
   32459   base::Callback<void(const std::string&)> parser =
   32460       base::Bind(NV_ReadResponseParser, callback, authorization_delegate);
   32461   std::string command;
   32462   TPM_RC rc = SerializeCommand_NV_Read(auth_handle, auth_handle_name, nv_index,
   32463                                        nv_index_name, size, offset, &command,
   32464                                        authorization_delegate);
   32465   if (rc != TPM_RC_SUCCESS) {
   32466     error_reporter.Run(rc);
   32467     return;
   32468   }
   32469   transceiver_->SendCommand(command, parser);
   32470 }
   32471 
   32472 TPM_RC Tpm::NV_ReadSync(const TPMI_RH_NV_AUTH& auth_handle,
   32473                         const std::string& auth_handle_name,
   32474                         const TPMI_RH_NV_INDEX& nv_index,
   32475                         const std::string& nv_index_name,
   32476                         const UINT16& size,
   32477                         const UINT16& offset,
   32478                         TPM2B_MAX_NV_BUFFER* data,
   32479                         AuthorizationDelegate* authorization_delegate) {
   32480   VLOG(1) << __func__;
   32481   std::string command;
   32482   TPM_RC rc = SerializeCommand_NV_Read(auth_handle, auth_handle_name, nv_index,
   32483                                        nv_index_name, size, offset, &command,
   32484                                        authorization_delegate);
   32485   if (rc != TPM_RC_SUCCESS) {
   32486     return rc;
   32487   }
   32488   std::string response = transceiver_->SendCommandAndWait(command);
   32489   rc = ParseResponse_NV_Read(response, data, authorization_delegate);
   32490   return rc;
   32491 }
   32492 
   32493 TPM_RC Tpm::SerializeCommand_NV_ReadLock(
   32494     const TPMI_RH_NV_AUTH& auth_handle,
   32495     const std::string& auth_handle_name,
   32496     const TPMI_RH_NV_INDEX& nv_index,
   32497     const std::string& nv_index_name,
   32498     std::string* serialized_command,
   32499     AuthorizationDelegate* authorization_delegate) {
   32500   VLOG(3) << __func__;
   32501   TPM_RC rc = TPM_RC_SUCCESS;
   32502   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32503   UINT32 command_size = 10;  // Header size.
   32504   std::string handle_section_bytes;
   32505   std::string parameter_section_bytes;
   32506   TPM_CC command_code = TPM_CC_NV_ReadLock;
   32507   bool is_command_parameter_encryption_possible = false;
   32508   bool is_response_parameter_encryption_possible = false;
   32509   std::string command_code_bytes;
   32510   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32511   if (rc != TPM_RC_SUCCESS) {
   32512     return rc;
   32513   }
   32514   std::string auth_handle_bytes;
   32515   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   32516   if (rc != TPM_RC_SUCCESS) {
   32517     return rc;
   32518   }
   32519   std::string nv_index_bytes;
   32520   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   32521   if (rc != TPM_RC_SUCCESS) {
   32522     return rc;
   32523   }
   32524   std::unique_ptr<crypto::SecureHash> hash(
   32525       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32526   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32527   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   32528   handle_section_bytes += auth_handle_bytes;
   32529   command_size += auth_handle_bytes.size();
   32530   hash->Update(nv_index_name.data(), nv_index_name.size());
   32531   handle_section_bytes += nv_index_bytes;
   32532   command_size += nv_index_bytes.size();
   32533   std::string command_hash(32, 0);
   32534   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   32535   std::string authorization_section_bytes;
   32536   std::string authorization_size_bytes;
   32537   if (authorization_delegate) {
   32538     if (!authorization_delegate->GetCommandAuthorization(
   32539             command_hash, is_command_parameter_encryption_possible,
   32540             is_response_parameter_encryption_possible,
   32541             &authorization_section_bytes)) {
   32542       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32543     }
   32544     if (!authorization_section_bytes.empty()) {
   32545       tag = TPM_ST_SESSIONS;
   32546       std::string tmp;
   32547       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32548                             &authorization_size_bytes);
   32549       if (rc != TPM_RC_SUCCESS) {
   32550         return rc;
   32551       }
   32552       command_size +=
   32553           authorization_size_bytes.size() + authorization_section_bytes.size();
   32554     }
   32555   }
   32556   std::string tag_bytes;
   32557   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   32558   if (rc != TPM_RC_SUCCESS) {
   32559     return rc;
   32560   }
   32561   std::string command_size_bytes;
   32562   rc = Serialize_UINT32(command_size, &command_size_bytes);
   32563   if (rc != TPM_RC_SUCCESS) {
   32564     return rc;
   32565   }
   32566   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   32567                         handle_section_bytes + authorization_size_bytes +
   32568                         authorization_section_bytes + parameter_section_bytes;
   32569   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32570   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32571                                             serialized_command->size());
   32572   return TPM_RC_SUCCESS;
   32573 }
   32574 
   32575 TPM_RC Tpm::ParseResponse_NV_ReadLock(
   32576     const std::string& response,
   32577     AuthorizationDelegate* authorization_delegate) {
   32578   VLOG(3) << __func__;
   32579   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32580   TPM_RC rc = TPM_RC_SUCCESS;
   32581   std::string buffer(response);
   32582   TPM_ST tag;
   32583   std::string tag_bytes;
   32584   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   32585   if (rc != TPM_RC_SUCCESS) {
   32586     return rc;
   32587   }
   32588   UINT32 response_size;
   32589   std::string response_size_bytes;
   32590   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   32591   if (rc != TPM_RC_SUCCESS) {
   32592     return rc;
   32593   }
   32594   TPM_RC response_code;
   32595   std::string response_code_bytes;
   32596   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   32597   if (rc != TPM_RC_SUCCESS) {
   32598     return rc;
   32599   }
   32600   if (response_size != response.size()) {
   32601     return TPM_RC_SIZE;
   32602   }
   32603   if (response_code != TPM_RC_SUCCESS) {
   32604     return response_code;
   32605   }
   32606   TPM_CC command_code = TPM_CC_NV_ReadLock;
   32607   std::string command_code_bytes;
   32608   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32609   if (rc != TPM_RC_SUCCESS) {
   32610     return rc;
   32611   }
   32612   std::string authorization_section_bytes;
   32613   if (tag == TPM_ST_SESSIONS) {
   32614     UINT32 parameter_section_size = buffer.size();
   32615     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32616     if (rc != TPM_RC_SUCCESS) {
   32617       return rc;
   32618     }
   32619     if (parameter_section_size > buffer.size()) {
   32620       return TPM_RC_INSUFFICIENT;
   32621     }
   32622     authorization_section_bytes = buffer.substr(parameter_section_size);
   32623     // Keep the parameter section in |buffer|.
   32624     buffer.erase(parameter_section_size);
   32625   }
   32626   std::unique_ptr<crypto::SecureHash> hash(
   32627       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32628   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   32629   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32630   hash->Update(buffer.data(), buffer.size());
   32631   std::string response_hash(32, 0);
   32632   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   32633   if (tag == TPM_ST_SESSIONS) {
   32634     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32635     if (!authorization_delegate->CheckResponseAuthorization(
   32636             response_hash, authorization_section_bytes)) {
   32637       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32638     }
   32639   }
   32640   return TPM_RC_SUCCESS;
   32641 }
   32642 
   32643 void NV_ReadLockErrorCallback(const Tpm::NV_ReadLockResponse& callback,
   32644                               TPM_RC response_code) {
   32645   VLOG(1) << __func__;
   32646   callback.Run(response_code);
   32647 }
   32648 
   32649 void NV_ReadLockResponseParser(const Tpm::NV_ReadLockResponse& callback,
   32650                                AuthorizationDelegate* authorization_delegate,
   32651                                const std::string& response) {
   32652   VLOG(1) << __func__;
   32653   base::Callback<void(TPM_RC)> error_reporter =
   32654       base::Bind(NV_ReadLockErrorCallback, callback);
   32655   TPM_RC rc = Tpm::ParseResponse_NV_ReadLock(response, authorization_delegate);
   32656   if (rc != TPM_RC_SUCCESS) {
   32657     error_reporter.Run(rc);
   32658     return;
   32659   }
   32660   callback.Run(rc);
   32661 }
   32662 
   32663 void Tpm::NV_ReadLock(const TPMI_RH_NV_AUTH& auth_handle,
   32664                       const std::string& auth_handle_name,
   32665                       const TPMI_RH_NV_INDEX& nv_index,
   32666                       const std::string& nv_index_name,
   32667                       AuthorizationDelegate* authorization_delegate,
   32668                       const NV_ReadLockResponse& callback) {
   32669   VLOG(1) << __func__;
   32670   base::Callback<void(TPM_RC)> error_reporter =
   32671       base::Bind(NV_ReadLockErrorCallback, callback);
   32672   base::Callback<void(const std::string&)> parser =
   32673       base::Bind(NV_ReadLockResponseParser, callback, authorization_delegate);
   32674   std::string command;
   32675   TPM_RC rc = SerializeCommand_NV_ReadLock(auth_handle, auth_handle_name,
   32676                                            nv_index, nv_index_name, &command,
   32677                                            authorization_delegate);
   32678   if (rc != TPM_RC_SUCCESS) {
   32679     error_reporter.Run(rc);
   32680     return;
   32681   }
   32682   transceiver_->SendCommand(command, parser);
   32683 }
   32684 
   32685 TPM_RC Tpm::NV_ReadLockSync(const TPMI_RH_NV_AUTH& auth_handle,
   32686                             const std::string& auth_handle_name,
   32687                             const TPMI_RH_NV_INDEX& nv_index,
   32688                             const std::string& nv_index_name,
   32689                             AuthorizationDelegate* authorization_delegate) {
   32690   VLOG(1) << __func__;
   32691   std::string command;
   32692   TPM_RC rc = SerializeCommand_NV_ReadLock(auth_handle, auth_handle_name,
   32693                                            nv_index, nv_index_name, &command,
   32694                                            authorization_delegate);
   32695   if (rc != TPM_RC_SUCCESS) {
   32696     return rc;
   32697   }
   32698   std::string response = transceiver_->SendCommandAndWait(command);
   32699   rc = ParseResponse_NV_ReadLock(response, authorization_delegate);
   32700   return rc;
   32701 }
   32702 
   32703 TPM_RC Tpm::SerializeCommand_NV_ChangeAuth(
   32704     const TPMI_RH_NV_INDEX& nv_index,
   32705     const std::string& nv_index_name,
   32706     const TPM2B_AUTH& new_auth,
   32707     std::string* serialized_command,
   32708     AuthorizationDelegate* authorization_delegate) {
   32709   VLOG(3) << __func__;
   32710   TPM_RC rc = TPM_RC_SUCCESS;
   32711   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32712   UINT32 command_size = 10;  // Header size.
   32713   std::string handle_section_bytes;
   32714   std::string parameter_section_bytes;
   32715   TPM_CC command_code = TPM_CC_NV_ChangeAuth;
   32716   bool is_command_parameter_encryption_possible = true;
   32717   bool is_response_parameter_encryption_possible = false;
   32718   std::string command_code_bytes;
   32719   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32720   if (rc != TPM_RC_SUCCESS) {
   32721     return rc;
   32722   }
   32723   std::string nv_index_bytes;
   32724   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   32725   if (rc != TPM_RC_SUCCESS) {
   32726     return rc;
   32727   }
   32728   std::string new_auth_bytes;
   32729   rc = Serialize_TPM2B_AUTH(new_auth, &new_auth_bytes);
   32730   if (rc != TPM_RC_SUCCESS) {
   32731     return rc;
   32732   }
   32733   if (authorization_delegate) {
   32734     // Encrypt just the parameter data, not the size.
   32735     std::string tmp = new_auth_bytes.substr(2);
   32736     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   32737       return TRUNKS_RC_ENCRYPTION_FAILED;
   32738     }
   32739     new_auth_bytes.replace(2, std::string::npos, tmp);
   32740   }
   32741   std::unique_ptr<crypto::SecureHash> hash(
   32742       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32743   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32744   hash->Update(nv_index_name.data(), nv_index_name.size());
   32745   handle_section_bytes += nv_index_bytes;
   32746   command_size += nv_index_bytes.size();
   32747   hash->Update(new_auth_bytes.data(), new_auth_bytes.size());
   32748   parameter_section_bytes += new_auth_bytes;
   32749   command_size += new_auth_bytes.size();
   32750   std::string command_hash(32, 0);
   32751   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   32752   std::string authorization_section_bytes;
   32753   std::string authorization_size_bytes;
   32754   if (authorization_delegate) {
   32755     if (!authorization_delegate->GetCommandAuthorization(
   32756             command_hash, is_command_parameter_encryption_possible,
   32757             is_response_parameter_encryption_possible,
   32758             &authorization_section_bytes)) {
   32759       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32760     }
   32761     if (!authorization_section_bytes.empty()) {
   32762       tag = TPM_ST_SESSIONS;
   32763       std::string tmp;
   32764       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32765                             &authorization_size_bytes);
   32766       if (rc != TPM_RC_SUCCESS) {
   32767         return rc;
   32768       }
   32769       command_size +=
   32770           authorization_size_bytes.size() + authorization_section_bytes.size();
   32771     }
   32772   }
   32773   std::string tag_bytes;
   32774   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   32775   if (rc != TPM_RC_SUCCESS) {
   32776     return rc;
   32777   }
   32778   std::string command_size_bytes;
   32779   rc = Serialize_UINT32(command_size, &command_size_bytes);
   32780   if (rc != TPM_RC_SUCCESS) {
   32781     return rc;
   32782   }
   32783   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   32784                         handle_section_bytes + authorization_size_bytes +
   32785                         authorization_section_bytes + parameter_section_bytes;
   32786   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32787   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32788                                             serialized_command->size());
   32789   return TPM_RC_SUCCESS;
   32790 }
   32791 
   32792 TPM_RC Tpm::ParseResponse_NV_ChangeAuth(
   32793     const std::string& response,
   32794     AuthorizationDelegate* authorization_delegate) {
   32795   VLOG(3) << __func__;
   32796   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32797   TPM_RC rc = TPM_RC_SUCCESS;
   32798   std::string buffer(response);
   32799   TPM_ST tag;
   32800   std::string tag_bytes;
   32801   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   32802   if (rc != TPM_RC_SUCCESS) {
   32803     return rc;
   32804   }
   32805   UINT32 response_size;
   32806   std::string response_size_bytes;
   32807   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   32808   if (rc != TPM_RC_SUCCESS) {
   32809     return rc;
   32810   }
   32811   TPM_RC response_code;
   32812   std::string response_code_bytes;
   32813   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   32814   if (rc != TPM_RC_SUCCESS) {
   32815     return rc;
   32816   }
   32817   if (response_size != response.size()) {
   32818     return TPM_RC_SIZE;
   32819   }
   32820   if (response_code != TPM_RC_SUCCESS) {
   32821     return response_code;
   32822   }
   32823   TPM_CC command_code = TPM_CC_NV_ChangeAuth;
   32824   std::string command_code_bytes;
   32825   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32826   if (rc != TPM_RC_SUCCESS) {
   32827     return rc;
   32828   }
   32829   std::string authorization_section_bytes;
   32830   if (tag == TPM_ST_SESSIONS) {
   32831     UINT32 parameter_section_size = buffer.size();
   32832     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32833     if (rc != TPM_RC_SUCCESS) {
   32834       return rc;
   32835     }
   32836     if (parameter_section_size > buffer.size()) {
   32837       return TPM_RC_INSUFFICIENT;
   32838     }
   32839     authorization_section_bytes = buffer.substr(parameter_section_size);
   32840     // Keep the parameter section in |buffer|.
   32841     buffer.erase(parameter_section_size);
   32842   }
   32843   std::unique_ptr<crypto::SecureHash> hash(
   32844       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32845   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   32846   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32847   hash->Update(buffer.data(), buffer.size());
   32848   std::string response_hash(32, 0);
   32849   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   32850   if (tag == TPM_ST_SESSIONS) {
   32851     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32852     if (!authorization_delegate->CheckResponseAuthorization(
   32853             response_hash, authorization_section_bytes)) {
   32854       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32855     }
   32856   }
   32857   return TPM_RC_SUCCESS;
   32858 }
   32859 
   32860 void NV_ChangeAuthErrorCallback(const Tpm::NV_ChangeAuthResponse& callback,
   32861                                 TPM_RC response_code) {
   32862   VLOG(1) << __func__;
   32863   callback.Run(response_code);
   32864 }
   32865 
   32866 void NV_ChangeAuthResponseParser(const Tpm::NV_ChangeAuthResponse& callback,
   32867                                  AuthorizationDelegate* authorization_delegate,
   32868                                  const std::string& response) {
   32869   VLOG(1) << __func__;
   32870   base::Callback<void(TPM_RC)> error_reporter =
   32871       base::Bind(NV_ChangeAuthErrorCallback, callback);
   32872   TPM_RC rc =
   32873       Tpm::ParseResponse_NV_ChangeAuth(response, authorization_delegate);
   32874   if (rc != TPM_RC_SUCCESS) {
   32875     error_reporter.Run(rc);
   32876     return;
   32877   }
   32878   callback.Run(rc);
   32879 }
   32880 
   32881 void Tpm::NV_ChangeAuth(const TPMI_RH_NV_INDEX& nv_index,
   32882                         const std::string& nv_index_name,
   32883                         const TPM2B_AUTH& new_auth,
   32884                         AuthorizationDelegate* authorization_delegate,
   32885                         const NV_ChangeAuthResponse& callback) {
   32886   VLOG(1) << __func__;
   32887   base::Callback<void(TPM_RC)> error_reporter =
   32888       base::Bind(NV_ChangeAuthErrorCallback, callback);
   32889   base::Callback<void(const std::string&)> parser =
   32890       base::Bind(NV_ChangeAuthResponseParser, callback, authorization_delegate);
   32891   std::string command;
   32892   TPM_RC rc = SerializeCommand_NV_ChangeAuth(nv_index, nv_index_name, new_auth,
   32893                                              &command, authorization_delegate);
   32894   if (rc != TPM_RC_SUCCESS) {
   32895     error_reporter.Run(rc);
   32896     return;
   32897   }
   32898   transceiver_->SendCommand(command, parser);
   32899 }
   32900 
   32901 TPM_RC Tpm::NV_ChangeAuthSync(const TPMI_RH_NV_INDEX& nv_index,
   32902                               const std::string& nv_index_name,
   32903                               const TPM2B_AUTH& new_auth,
   32904                               AuthorizationDelegate* authorization_delegate) {
   32905   VLOG(1) << __func__;
   32906   std::string command;
   32907   TPM_RC rc = SerializeCommand_NV_ChangeAuth(nv_index, nv_index_name, new_auth,
   32908                                              &command, authorization_delegate);
   32909   if (rc != TPM_RC_SUCCESS) {
   32910     return rc;
   32911   }
   32912   std::string response = transceiver_->SendCommandAndWait(command);
   32913   rc = ParseResponse_NV_ChangeAuth(response, authorization_delegate);
   32914   return rc;
   32915 }
   32916 
   32917 TPM_RC Tpm::SerializeCommand_NV_Certify(
   32918     const TPMI_DH_OBJECT& sign_handle,
   32919     const std::string& sign_handle_name,
   32920     const TPMI_RH_NV_AUTH& auth_handle,
   32921     const std::string& auth_handle_name,
   32922     const TPMI_RH_NV_INDEX& nv_index,
   32923     const std::string& nv_index_name,
   32924     const TPM2B_DATA& qualifying_data,
   32925     const TPMT_SIG_SCHEME& in_scheme,
   32926     const UINT16& size,
   32927     const UINT16& offset,
   32928     std::string* serialized_command,
   32929     AuthorizationDelegate* authorization_delegate) {
   32930   VLOG(3) << __func__;
   32931   TPM_RC rc = TPM_RC_SUCCESS;
   32932   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32933   UINT32 command_size = 10;  // Header size.
   32934   std::string handle_section_bytes;
   32935   std::string parameter_section_bytes;
   32936   TPM_CC command_code = TPM_CC_NV_Certify;
   32937   bool is_command_parameter_encryption_possible = true;
   32938   bool is_response_parameter_encryption_possible = true;
   32939   std::string command_code_bytes;
   32940   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   32941   if (rc != TPM_RC_SUCCESS) {
   32942     return rc;
   32943   }
   32944   std::string sign_handle_bytes;
   32945   rc = Serialize_TPMI_DH_OBJECT(sign_handle, &sign_handle_bytes);
   32946   if (rc != TPM_RC_SUCCESS) {
   32947     return rc;
   32948   }
   32949   std::string auth_handle_bytes;
   32950   rc = Serialize_TPMI_RH_NV_AUTH(auth_handle, &auth_handle_bytes);
   32951   if (rc != TPM_RC_SUCCESS) {
   32952     return rc;
   32953   }
   32954   std::string nv_index_bytes;
   32955   rc = Serialize_TPMI_RH_NV_INDEX(nv_index, &nv_index_bytes);
   32956   if (rc != TPM_RC_SUCCESS) {
   32957     return rc;
   32958   }
   32959   std::string qualifying_data_bytes;
   32960   rc = Serialize_TPM2B_DATA(qualifying_data, &qualifying_data_bytes);
   32961   if (rc != TPM_RC_SUCCESS) {
   32962     return rc;
   32963   }
   32964   std::string in_scheme_bytes;
   32965   rc = Serialize_TPMT_SIG_SCHEME(in_scheme, &in_scheme_bytes);
   32966   if (rc != TPM_RC_SUCCESS) {
   32967     return rc;
   32968   }
   32969   std::string size_bytes;
   32970   rc = Serialize_UINT16(size, &size_bytes);
   32971   if (rc != TPM_RC_SUCCESS) {
   32972     return rc;
   32973   }
   32974   std::string offset_bytes;
   32975   rc = Serialize_UINT16(offset, &offset_bytes);
   32976   if (rc != TPM_RC_SUCCESS) {
   32977     return rc;
   32978   }
   32979   if (authorization_delegate) {
   32980     // Encrypt just the parameter data, not the size.
   32981     std::string tmp = qualifying_data_bytes.substr(2);
   32982     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   32983       return TRUNKS_RC_ENCRYPTION_FAILED;
   32984     }
   32985     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   32986   }
   32987   std::unique_ptr<crypto::SecureHash> hash(
   32988       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   32989   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   32990   hash->Update(sign_handle_name.data(), sign_handle_name.size());
   32991   handle_section_bytes += sign_handle_bytes;
   32992   command_size += sign_handle_bytes.size();
   32993   hash->Update(auth_handle_name.data(), auth_handle_name.size());
   32994   handle_section_bytes += auth_handle_bytes;
   32995   command_size += auth_handle_bytes.size();
   32996   hash->Update(nv_index_name.data(), nv_index_name.size());
   32997   handle_section_bytes += nv_index_bytes;
   32998   command_size += nv_index_bytes.size();
   32999   hash->Update(qualifying_data_bytes.data(), qualifying_data_bytes.size());
   33000   parameter_section_bytes += qualifying_data_bytes;
   33001   command_size += qualifying_data_bytes.size();
   33002   hash->Update(in_scheme_bytes.data(), in_scheme_bytes.size());
   33003   parameter_section_bytes += in_scheme_bytes;
   33004   command_size += in_scheme_bytes.size();
   33005   hash->Update(size_bytes.data(), size_bytes.size());
   33006   parameter_section_bytes += size_bytes;
   33007   command_size += size_bytes.size();
   33008   hash->Update(offset_bytes.data(), offset_bytes.size());
   33009   parameter_section_bytes += offset_bytes;
   33010   command_size += offset_bytes.size();
   33011   std::string command_hash(32, 0);
   33012   hash->Finish(base::string_as_array(&command_hash), command_hash.size());
   33013   std::string authorization_section_bytes;
   33014   std::string authorization_size_bytes;
   33015   if (authorization_delegate) {
   33016     if (!authorization_delegate->GetCommandAuthorization(
   33017             command_hash, is_command_parameter_encryption_possible,
   33018             is_response_parameter_encryption_possible,
   33019             &authorization_section_bytes)) {
   33020       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33021     }
   33022     if (!authorization_section_bytes.empty()) {
   33023       tag = TPM_ST_SESSIONS;
   33024       std::string tmp;
   33025       rc = Serialize_UINT32(authorization_section_bytes.size(),
   33026                             &authorization_size_bytes);
   33027       if (rc != TPM_RC_SUCCESS) {
   33028         return rc;
   33029       }
   33030       command_size +=
   33031           authorization_size_bytes.size() + authorization_section_bytes.size();
   33032     }
   33033   }
   33034   std::string tag_bytes;
   33035   rc = Serialize_TPMI_ST_COMMAND_TAG(tag, &tag_bytes);
   33036   if (rc != TPM_RC_SUCCESS) {
   33037     return rc;
   33038   }
   33039   std::string command_size_bytes;
   33040   rc = Serialize_UINT32(command_size, &command_size_bytes);
   33041   if (rc != TPM_RC_SUCCESS) {
   33042     return rc;
   33043   }
   33044   *serialized_command = tag_bytes + command_size_bytes + command_code_bytes +
   33045                         handle_section_bytes + authorization_size_bytes +
   33046                         authorization_section_bytes + parameter_section_bytes;
   33047   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   33048   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   33049                                             serialized_command->size());
   33050   return TPM_RC_SUCCESS;
   33051 }
   33052 
   33053 TPM_RC Tpm::ParseResponse_NV_Certify(
   33054     const std::string& response,
   33055     TPM2B_ATTEST* certify_info,
   33056     TPMT_SIGNATURE* signature,
   33057     AuthorizationDelegate* authorization_delegate) {
   33058   VLOG(3) << __func__;
   33059   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   33060   TPM_RC rc = TPM_RC_SUCCESS;
   33061   std::string buffer(response);
   33062   TPM_ST tag;
   33063   std::string tag_bytes;
   33064   rc = Parse_TPM_ST(&buffer, &tag, &tag_bytes);
   33065   if (rc != TPM_RC_SUCCESS) {
   33066     return rc;
   33067   }
   33068   UINT32 response_size;
   33069   std::string response_size_bytes;
   33070   rc = Parse_UINT32(&buffer, &response_size, &response_size_bytes);
   33071   if (rc != TPM_RC_SUCCESS) {
   33072     return rc;
   33073   }
   33074   TPM_RC response_code;
   33075   std::string response_code_bytes;
   33076   rc = Parse_TPM_RC(&buffer, &response_code, &response_code_bytes);
   33077   if (rc != TPM_RC_SUCCESS) {
   33078     return rc;
   33079   }
   33080   if (response_size != response.size()) {
   33081     return TPM_RC_SIZE;
   33082   }
   33083   if (response_code != TPM_RC_SUCCESS) {
   33084     return response_code;
   33085   }
   33086   TPM_CC command_code = TPM_CC_NV_Certify;
   33087   std::string command_code_bytes;
   33088   rc = Serialize_TPM_CC(command_code, &command_code_bytes);
   33089   if (rc != TPM_RC_SUCCESS) {
   33090     return rc;
   33091   }
   33092   std::string authorization_section_bytes;
   33093   if (tag == TPM_ST_SESSIONS) {
   33094     UINT32 parameter_section_size = buffer.size();
   33095     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   33096     if (rc != TPM_RC_SUCCESS) {
   33097       return rc;
   33098     }
   33099     if (parameter_section_size > buffer.size()) {
   33100       return TPM_RC_INSUFFICIENT;
   33101     }
   33102     authorization_section_bytes = buffer.substr(parameter_section_size);
   33103     // Keep the parameter section in |buffer|.
   33104     buffer.erase(parameter_section_size);
   33105   }
   33106   std::unique_ptr<crypto::SecureHash> hash(
   33107       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   33108   hash->Update(response_code_bytes.data(), response_code_bytes.size());
   33109   hash->Update(command_code_bytes.data(), command_code_bytes.size());
   33110   hash->Update(buffer.data(), buffer.size());
   33111   std::string response_hash(32, 0);
   33112   hash->Finish(base::string_as_array(&response_hash), response_hash.size());
   33113   if (tag == TPM_ST_SESSIONS) {
   33114     CHECK(authorization_delegate) << "Authorization delegate missing!";
   33115     if (!authorization_delegate->CheckResponseAuthorization(
   33116             response_hash, authorization_section_bytes)) {
   33117       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33118     }
   33119   }
   33120   std::string certify_info_bytes;
   33121   rc = Parse_TPM2B_ATTEST(&buffer, certify_info, &certify_info_bytes);
   33122   if (rc != TPM_RC_SUCCESS) {
   33123     return rc;
   33124   }
   33125   std::string signature_bytes;
   33126   rc = Parse_TPMT_SIGNATURE(&buffer, signature, &signature_bytes);
   33127   if (rc != TPM_RC_SUCCESS) {
   33128     return rc;
   33129   }
   33130   if (tag == TPM_ST_SESSIONS) {
   33131     CHECK(authorization_delegate) << "Authorization delegate missing!";
   33132     // Decrypt just the parameter data, not the size.
   33133     std::string tmp = certify_info_bytes.substr(2);
   33134     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   33135       return TRUNKS_RC_ENCRYPTION_FAILED;
   33136     }
   33137     certify_info_bytes.replace(2, std::string::npos, tmp);
   33138     rc = Parse_TPM2B_ATTEST(&certify_info_bytes, certify_info, nullptr);
   33139     if (rc != TPM_RC_SUCCESS) {
   33140       return rc;
   33141     }
   33142   }
   33143   return TPM_RC_SUCCESS;
   33144 }
   33145 
   33146 void NV_CertifyErrorCallback(const Tpm::NV_CertifyResponse& callback,
   33147                              TPM_RC response_code) {
   33148   VLOG(1) << __func__;
   33149   callback.Run(response_code, TPM2B_ATTEST(), TPMT_SIGNATURE());
   33150 }
   33151 
   33152 void NV_CertifyResponseParser(const Tpm::NV_CertifyResponse& callback,
   33153                               AuthorizationDelegate* authorization_delegate,
   33154                               const std::string& response) {
   33155   VLOG(1) << __func__;
   33156   base::Callback<void(TPM_RC)> error_reporter =
   33157       base::Bind(NV_CertifyErrorCallback, callback);
   33158   TPM2B_ATTEST certify_info;
   33159   TPMT_SIGNATURE signature;
   33160   TPM_RC rc = Tpm::ParseResponse_NV_Certify(response, &certify_info, &signature,
   33161                                             authorization_delegate);
   33162   if (rc != TPM_RC_SUCCESS) {
   33163     error_reporter.Run(rc);
   33164     return;
   33165   }
   33166   callback.Run(rc, certify_info, signature);
   33167 }
   33168 
   33169 void Tpm::NV_Certify(const TPMI_DH_OBJECT& sign_handle,
   33170                      const std::string& sign_handle_name,
   33171                      const TPMI_RH_NV_AUTH& auth_handle,
   33172                      const std::string& auth_handle_name,
   33173                      const TPMI_RH_NV_INDEX& nv_index,
   33174                      const std::string& nv_index_name,
   33175                      const TPM2B_DATA& qualifying_data,
   33176                      const TPMT_SIG_SCHEME& in_scheme,
   33177                      const UINT16& size,
   33178                      const UINT16& offset,
   33179                      AuthorizationDelegate* authorization_delegate,
   33180                      const NV_CertifyResponse& callback) {
   33181   VLOG(1) << __func__;
   33182   base::Callback<void(TPM_RC)> error_reporter =
   33183       base::Bind(NV_CertifyErrorCallback, callback);
   33184   base::Callback<void(const std::string&)> parser =
   33185       base::Bind(NV_CertifyResponseParser, callback, authorization_delegate);
   33186   std::string command;
   33187   TPM_RC rc = SerializeCommand_NV_Certify(
   33188       sign_handle, sign_handle_name, auth_handle, auth_handle_name, nv_index,
   33189       nv_index_name, qualifying_data, in_scheme, size, offset, &command,
   33190       authorization_delegate);
   33191   if (rc != TPM_RC_SUCCESS) {
   33192     error_reporter.Run(rc);
   33193     return;
   33194   }
   33195   transceiver_->SendCommand(command, parser);
   33196 }
   33197 
   33198 TPM_RC Tpm::NV_CertifySync(const TPMI_DH_OBJECT& sign_handle,
   33199                            const std::string& sign_handle_name,
   33200                            const TPMI_RH_NV_AUTH& auth_handle,
   33201                            const std::string& auth_handle_name,
   33202                            const TPMI_RH_NV_INDEX& nv_index,
   33203                            const std::string& nv_index_name,
   33204                            const TPM2B_DATA& qualifying_data,
   33205                            const TPMT_SIG_SCHEME& in_scheme,
   33206                            const UINT16& size,
   33207                            const UINT16& offset,
   33208                            TPM2B_ATTEST* certify_info,
   33209                            TPMT_SIGNATURE* signature,
   33210                            AuthorizationDelegate* authorization_delegate) {
   33211   VLOG(1) << __func__;
   33212   std::string command;
   33213   TPM_RC rc = SerializeCommand_NV_Certify(
   33214       sign_handle, sign_handle_name, auth_handle, auth_handle_name, nv_index,
   33215       nv_index_name, qualifying_data, in_scheme, size, offset, &command,
   33216       authorization_delegate);
   33217   if (rc != TPM_RC_SUCCESS) {
   33218     return rc;
   33219   }
   33220   std::string response = transceiver_->SendCommandAndWait(command);
   33221   rc = ParseResponse_NV_Certify(response, certify_info, signature,
   33222                                 authorization_delegate);
   33223   return rc;
   33224 }
   33225 
   33226 }  // namespace trunks
   33227