chromiumos/platform/chaps.git
12 months agoGet Chaps building under Linux again. 87/62987/7 master release-R30-4537.B stabilize-4512.B
David Drysdale [Tue, 23 Jul 2013 10:45:57 +0000 (11:45 +0100)]
Get Chaps building under Linux again.

Define NO_METRICS if metrics library not available.
Encapsulate UMA event generation in a MetricsWrapper class.

TEST=Ran tests under Chromium OS and Linux
BUG=None
Change-Id: Ia39f07347d684e1c34bfea738e844378e27b6371
Reviewed-on: https://gerrit.chromium.org/gerrit/62987
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: David Drysdale <drysdale@google.com>
Commit-Queue: David Drysdale <drysdale@google.com>

12 months agoMade C_Finalize safer when called from a signal-handler. 22/63122/2 factory-4455.B factory-pit-4471.B firmware-pit-4482.B
Darren Krahn [Tue, 23 Jul 2013 22:24:44 +0000 (15:24 -0700)]
Made C_Finalize safer when called from a signal-handler.

Previously, a WaitableEvent instance was used to signal threads waiting
on C_WaitForSlotEvent.  This raised a SIGABRT if C_Finalize was called
during a signal handler.  Now a simple slow poll is used with a side
effect that waiting threads may take a while to realize C_Finalize has
been called.

Note: It should not be considered safe to call C_Finalize from a signal
handler; don't do this.  But for those that do, this change should make
it safer than it was.

BUG=chromium:243147
TEST=unit, network_VPNConnect/control.l2tpipsec_psk

Change-Id: I386720a958173541c0620be28ed4c8f9f9b63568
Reviewed-on: https://gerrit.chromium.org/gerrit/63122
Reviewed-by: Paul Stewart <pstew@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoSet CKA_LABEL attribute for importing X509 certificates via p11_replay. 81/57681/7 factory-pit-4390.B firmware-falco_peppy-4389.B firmware-leon-4389.26.B firmware-wolf-4389.24.B stabilize-4443.B
Sarah Harvey [Thu, 6 Jun 2013 00:04:14 +0000 (17:04 -0700)]
Set CKA_LABEL attribute for importing X509 certificates via p11_replay.

X509 certificates will only be shown under "Your Certificates" in the
Certificate Manager if both of the following two conditions are met:
 (a) a corresponding private key is imported.
 (b) the CKA_LABEL attribute is set, and set to a non-empty string.
If either of these conditions are not met, the certificate is displayed under
"Others" in the Certificate Manager.

Note: The corresponding private key does not need to have the CKA_LABEL
attribute to be set, nor does it have to match.

This label is set in different ways based on the type of certificate
(see chromium:202503 and chromium:237870). How the label is set doesn't
actually affect where the certificate is displayed, so for testing purposes
we just set this to "testing_cert".

BUG=chromium:196315
TEST=Built image and successfully imported certificate via p11_replay. Certificate is correctly displayed under "Your Certificates" in the Certificate Manager.

Change-Id: I0aec63aa20dd8118011ce102336ebb82d82d7011
Reviewed-on: https://gerrit.chromium.org/gerrit/57681
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Sarah Harvey <saharvey@chromium.org>
Commit-Queue: Sarah Harvey <saharvey@chromium.org>

13 months agoAdded support for unique temp directories in unit tests. 88/59488/3
Darren Krahn [Thu, 20 Jun 2013 21:55:34 +0000 (14:55 -0700)]
Added support for unique temp directories in unit tests.

This allows multiple unit test instances to run concurrently on the same
system.  Previously, they would attempt to use the same directory in
/tmp which caused test failures.

BUG=chromium:252001
TEST=concurrent unit test runs

Change-Id: I5dee9392a40569cb26b2d202276f6c82c30bfcd4
Reviewed-on: https://gerrit.chromium.org/gerrit/59488
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
14 months agoAdding support for decoding X.509 SubjectPublicKeyInfo public keys in p11_replay. 22/57522/6 factory-4290.B release-R29-4319.B
Sarah Harvey [Tue, 4 Jun 2013 21:26:08 +0000 (14:26 -0700)]
Adding support for decoding X.509 SubjectPublicKeyInfo public keys in p11_replay.

Support for this was added in an attempt to determine why p11_replay
wasn't importing certificates correctly.

BUG=chromium:196315
TEST=Built image and successfully used p11_replay to import X.509 SubjectPublicKeyInfo public keys

Change-Id: Ic515f95a22248c258e12ce68473908165c0e81ef
Reviewed-on: https://gerrit.chromium.org/gerrit/57522
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Sarah Harvey <saharvey@chromium.org>
Commit-Queue: Sarah Harvey <saharvey@chromium.org>

14 months ago[chaps] add GetTokenList to TokenManager. 88/57788/5 factory-pit-4280.B factory-spring-4262.B stabilize-4287.B
Elly Fong-Jones [Thu, 6 Jun 2013 15:22:15 +0000 (11:22 -0400)]
[chaps] add GetTokenList to TokenManager.

BUG=chromium:205206
TEST=unit

Change-Id: I3eca3fc993d6e89e3c61baf13081840721c1f82f
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/57788

14 months agoC++ readability review for Ross McIlroy (rmcilroy@google.com) 85/50785/7 stabilize-4255.B
Ross McIlroy [Fri, 10 May 2013 10:28:45 +0000 (11:28 +0100)]
C++ readability review for Ross McIlroy (rmcilroy@google.com)

Originally submitted in https://gerrit.chromium.org/gerrit/#/c/49331/.

BUG=None
TEST=Compiled and ran tests.

Change-Id: I605e870bdc3c6f7c601a87cf0098fd2aa7e8254b
Reviewed-on: https://gerrit.chromium.org/gerrit/50785
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>

14 months agoAdded a GetTokenPath() interface method. 39/56539/6
Darren Krahn [Thu, 23 May 2013 22:47:44 +0000 (15:47 -0700)]
Added a GetTokenPath() interface method.

GetTokenPath allows clients to query the loaded path for any slot.

Also did some refactoring:
- Renamed LoginEventListener -> TokenManagerInterface
- Renamed LoginEventClient -> TokenManagerClient
- Moved method documentation to TokenManagerInterface
- TokenManagerClient inherits TokenManagerInterface
- TokenManagerInterface uses FilePath for paths
- Fixed LoadToken dbus interface to marshal slot_id as uint64_t
- Fixed ClearVector and ClearString to not use const_cast

BUG=chromium:241503
TEST=unit,platform_Pkcs11InitOnLogin

Change-Id: I9a574188bbe701ae46a21196ff88e07be2039749
Reviewed-on: https://gerrit.chromium.org/gerrit/56539
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

14 months agoRename login_event* to token_manager*. 39/56839/4
Darren Krahn [Tue, 28 May 2013 20:47:26 +0000 (13:47 -0700)]
Rename login_event* to token_manager*.

This CL paves the way for some refactoring.  We want git to track this
as a rename, not a delete / create so the rename itself is split out.

Refactoring CL: https://gerrit.chromium.org/gerrit/56539

BUG=None
TEST=emerge

Change-Id: I7d6d6fd2626743816842d3dba223f5c7a4b22182
Reviewed-on: https://gerrit.chromium.org/gerrit/56839
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

15 months agoAdded --list_tokens to the usage output. 54/55854/2
Darren Krahn [Tue, 21 May 2013 00:22:39 +0000 (17:22 -0700)]
Added --list_tokens to the usage output.

Also alphabetized command arguments.

BUG=None
TEST=Ran p11_replay --help

Change-Id: I5a8677b64fe893025905e88e533b23371559ed83
Reviewed-on: https://gerrit.chromium.org/gerrit/55854
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
15 months agoAdded support for user-supplied token labels. 80/50680/3 factory-4128.B factory-spring-4131.B
Darren Krahn [Thu, 9 May 2013 18:18:56 +0000 (11:18 -0700)]
Added support for user-supplied token labels.

Now the label for a token can be supplied when that token is loaded.
This makes it possible to differentiate tokens when multiple user
profiles are in use.

BUG=chromium:239445
TEST=unit, manual
CQ-DEPEND=CL:50673

Change-Id: I500d9357c0ce62b4fd8557ee9930417d8eacff74
Reviewed-on: https://gerrit.chromium.org/gerrit/50680
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
15 months agochaps: Salt users password before using it as authorization data to load token. 47/50447/4
Ross McIlroy [Wed, 8 May 2013 11:25:15 +0000 (12:25 +0100)]
chaps: Salt users password before using it as authorization data to load token.

Modify isolate_login_client to salt the users password before using it as
authorization data when loading the users token. On the Linux build, we
use PKCS5_PBKDF2_HMAC with SHA512 as the key derivation function to add
this salt.

TEST=Built and ran tests, installed PAM module on Linux and tested, checked
result of SaltAuthData function manually against reference data.
BUG=None

Change-Id: I6d7cfe0e96f8065ba04c3f8dd7f50a77d9c2506c
Reviewed-on: https://gerrit.chromium.org/gerrit/50447
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
15 months agochaps: Change chaps dbus config to have configurable policy permissions. 94/49594/7
Ross McIlroy [Tue, 30 Apr 2013 16:49:46 +0000 (17:49 +0100)]
chaps: Change chaps dbus config to have configurable policy permissions.

This change enables the chaps dbus configuration to be configured depending
upon the platform it is being installed on. On ChromeOS it will continue to
be only accessable to members of the pkcs11 group. On Linux, it will be
accessable to any user, since on Linux we use isolates to ensure a user can
only access their own token.

TEST=Built and ran tests. Tested using trybot. Ran on Linux to ensure correct
dbus interaction.
BUG=None
CQ-DEPEND=CL:50460

Change-Id: I02f90d386ca3c851be93858410af60ca3b4e14a0
Reviewed-on: https://gerrit.chromium.org/gerrit/49594
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>

15 months agoAdded a database repair attempt during initialization. 10/50510/2
Darren Krahn [Mon, 6 May 2013 20:25:49 +0000 (13:25 -0700)]
Added a database repair attempt during initialization.

Also added metrics for corruption events.

BUG=chrome-os-partner:17610
TEST=unit, manual
CQ-DEPEND=CL:50241

Change-Id: Ie0db759e7f799c51aa72fb6e0200b1bed2424792
Reviewed-on: https://gerrit.chromium.org/gerrit/50510
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
15 months agochaps: Provide a pam module which logs in a user to chaps on Linux. 31/49331/9
Ross McIlroy [Thu, 25 Apr 2013 18:15:19 +0000 (19:15 +0100)]
chaps: Provide a pam module which logs in a user to chaps on Linux.

This change adds a pam module to chaps which is built when building chaps
for Linux. When this module is added, it will open an isolate for the user
when they login, and load their user token into that isolate.  On logout,
the isolate will be closed, unloading the token if all sessions have
been closed.

The change also adds a simple "make install" option for Linux.

TEST=Built and run on Linux, testing pam module login / logout /
change password functionality.
BUG=None
CQ-DEPEND=CL:50461

Change-Id: I0cf443873c895e1e2cd6ea966a4ab26caa2a9f34
Reviewed-on: https://gerrit.chromium.org/gerrit/49331
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
15 months agochaps: Modify chapsd to run as root user on Linux. 93/49593/4 release-R28-4100.B stabilize-4100.38.B stabilize-spring-4100.53.B toolchainB
Ross McIlroy [Tue, 30 Apr 2013 16:37:15 +0000 (17:37 +0100)]
chaps: Modify chapsd to run as root user on Linux.

Enable support for configuring the user which runs chapsd at
compile time, and have the Linux build use root, rather than
chaps user. This makes installing on Linux using a deb package
possible without having to add user chaps.

TEST=Compile and run tests.
BUG=None

Change-Id: Ibda57b0cd194e6ac076d9a141b8b10c4f0074e2c
Reviewed-on: https://gerrit.chromium.org/gerrit/49593
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>

15 months agoAdded a slot_id output parameter to the OnLogin call. 60/49960/4
Darren Krahn [Wed, 1 May 2013 23:53:03 +0000 (16:53 -0700)]
Added a slot_id output parameter to the OnLogin call.

When cryptohome configures a Chaps token it will now receive the
identifier of the PKCS #11 slot on which the token is loaded.  This
allows cryptohome to maintain a mapping between multiple users and their
tokens.

BUG=chromium:205206
TEST=unit, platform_Pkcs11Events autotest
CQ-DEPEND=CL:49962

Change-Id: Ib6a587ce5232ce4e093e778e1c9105c46e223daa
Reviewed-on: https://gerrit.chromium.org/gerrit/49960
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David James <davidjames@chromium.org>

15 months agochaps: Add isolate support to the chaps daemon. 56/47856/21
Ross McIlroy [Thu, 11 Apr 2013 13:54:18 +0000 (14:54 +0100)]
chaps: Add isolate support to the chaps daemon.

Modifies chaps to enable it to support isolated slot lists.
Each dbus request is modified to take an isolate credential, and
the request will only operate on slots which are part of the
isolate associated with the credential. When chaps starts, a default
isolate is created which has a well known credential, other
isolates can be created for each user with the OpenIsolate call.

Also fixed slot_manager_tests which were not compiling
(crosbug.com/224166) and added isolate specific tests.

TEST=Built and ran all chaps tests on Linux. Tested on remote buildbot.
BUG=chromium:224166
CQ-DEPEND=CL:49888, CL:49890

Change-Id: If775ab5def739acb9319521840ca8c5f7237edc9
Signed-off-by: Ross McIlroy <rmcilroy@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/47856
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
15 months agochaps: Add libmemenv check to chaps build, and disable memenv if not 97/49597/6
Ross McIlroy [Tue, 30 Apr 2013 16:59:04 +0000 (17:59 +0100)]
chaps: Add libmemenv check to chaps build, and disable memenv if not
available.

The libmemenv library is not part of the standard libleveldb-dev debian
package. We only use this library for testing, so to enable chaps to be
built as a debian package, add a check for whether libmemenv is available
when building, and disable it's usage if it is not available.

TEST=built and ran tests on Linux and cbuildbot
BUG=None

Change-Id: I19594ceccb2c82a87fa8938ec93f85e92d42a9cc
Reviewed-on: https://gerrit.chromium.org/gerrit/49597
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>

15 months agoFix a bug in ChangeTokenAuth introduced in cl 47569. 93/49193/2 stabilize-4068.0.B
Ross McIlroy [Thu, 25 Apr 2013 17:51:06 +0000 (18:51 +0100)]
Fix a bug in ChangeTokenAuth introduced in cl 47569.

Fix an issue with the chaps_adaptor ChangeTokenAuth method used by the Linux
build (without the DBus::Error param) which caused it to recursivly call itself.

TEST=Built and ran on Linux and changed a users token auth data.
BUG=None

Change-Id: If2c50b9f02939e30f96fbb73d5b7bb86b3f31f4d
Reviewed-on: https://gerrit.chromium.org/gerrit/49193
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
15 months agochaps: Changes required to build Chaps for Linux. 69/47569/8
Ross McIlroy [Fri, 15 Mar 2013 10:27:44 +0000 (10:27 +0000)]
chaps: Changes required to build Chaps for Linux.

Modifies chaps to enable it to be built for Linux as well as ChromeOS.
Some complications are different required libaries used by ChromeOS and
Linux and the different format of the DBus generated interface.

TEST=Built and ran Chaps on Linux, and ran tests on Linux.  Also ran
on remote trybot with alex-paladin and alex-x86 configs.
BUG=none

Change-Id: I43843af04fec6156c0a16b5fed96250c8bbbb196
Signed-off-by: Ross McIlroy <rmcilroy@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/47569
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
16 months agochaps: Make unit tests building behave with gtest-1.6 05/46605/2 stabilize-4008.0.B stabilize-4035.0.B
Gaurav Shah [Wed, 27 Mar 2013 03:29:48 +0000 (20:29 -0700)]
chaps: Make unit tests building behave with gtest-1.6

Disable a bunch of tests under the #if GTEST_IS_THREADSAFE. These are
not currently being built or run (gtest-1.4 is not thread safe) and
need to be fixed to even compile, let alone run.

BUG=chromium:211445,chromium:224166
TEST=built and ran with both current gtest-1.4 and gtest-1.6.

Change-Id: I180abf8ce4338230a5d78ca3d1d2fdadbf675a57
Reviewed-on: https://gerrit.chromium.org/gerrit/46605
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
17 months agoSupport the import of existing TPM-wrapped keys. 34/45534/3 release-R27-3912.B stabilize-3881.0.B stabilize-3912.79.B toolchainA
Darren Krahn [Fri, 15 Mar 2013 02:01:01 +0000 (19:01 -0700)]
Support the import of existing TPM-wrapped keys.

This CL makes it possible to create a private key object which already
holds a TPM-wrapped private key using the conventional Chaps vendor
attributes.  This allows keys used in other parts of the system to be
imported into a PKCS #11 token.

Previously the read-only-on-create policy was set to true for internal
attributes because there was no reason not to.  Now that we have a use
case for creating objects with internal attributes, this restriction has
been lifted.

BUG=chromium-os:37815
TEST=Unit tests; Manually tested importing an existing key.

Change-Id: I457da852b999d323dbdd6cb39b3b1f37f550fa1b
Reviewed-on: https://gerrit.chromium.org/gerrit/45534
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
17 months agoA few tweaks to support a fully mocked mode. 32/44332/3 factory-spring-3842.B firmware-spring-3824.4.B firmware-spring-3824.55.B firmware-spring-3824.84.B firmware-spring-3824.B firmware-spring-3833.B
Darren Krahn [Thu, 28 Feb 2013 23:12:19 +0000 (15:12 -0800)]
A few tweaks to support a fully mocked mode.

This change allows other packages linking with libchaps.so to use the
library with a mock interface.  This effectively allows unit tests to
work with a mock PKCS #11 library.

BUG=None
TEST=- Chaps unit tests
     - Cryptohome unit tests which use a mock Chaps interface

Change-Id: I26edd2e177273707438fd7664e00ccc92435aba1
Reviewed-on: https://gerrit.chromium.org/gerrit/44332
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
17 months agoAdd changes from CL 26276 to support Clang in common.mk 07/44507/2
Liam McLoughlin [Sun, 3 Mar 2013 15:44:10 +0000 (10:44 -0500)]
Add changes from CL 26276 to support Clang in common.mk

Also make protobuf-compiled source files respect CXXFLAGS

BUG=chromium-os:32017
TEST=Compile chaps with Clang/GCC, all tests passed

Change-Id: I486b8404d9f17686185b802dfde221e304060465
Reviewed-on: https://gerrit.chromium.org/gerrit/44507
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Liam McLoughlin <lmcloughlin@chromium.org>

17 months agoUpdated to use libchrome-180609. 35/43435/3
Darren Krahn [Fri, 15 Feb 2013 22:34:23 +0000 (14:34 -0800)]
Updated to use libchrome-180609.

BUG=chromium-os:38929
TEST=unit, manual, relevant autotests
CQ-DEPEND=CL:43670

Change-Id: I08385a73db5a370593ad7a1e6735eff80e349c11
Reviewed-on: https://gerrit.chromium.org/gerrit/43435
Reviewed-by: Chris Masone <cmasone@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
21 months agoAdded a lock to serialize chaps requests. factory-3536.B release-R25-3428.B release-R26-3701.B stabilize-3428.110.0 stabilize-3428.149 stabilize-3428.149.B stabilize-3428.193 stabilize-3658.0.0 stabilize-3701.30.0 stabilize-3701.30.0b stabilize-3701.46.B stabilize-3701.81.B stabilize-bluetooth-smart stabilize2 toolchain-3428.65.B toolchain-3701.42.B
Darren Krahn [Wed, 7 Nov 2012 20:21:59 +0000 (12:21 -0800)]
Added a lock to serialize chaps requests.

The lock serializes requests at the chaps client proxy layer.  This
fixes a problem where all the requests were being sent to chapsd and the
chapsd dispatcher flooded and dropped requests.

A replay test has been added to p11_replay which floods the dispatcher
in the same way Chrome does.

BUG=chromium:152655
TEST=Run all unit tests.
     Run 'p11_replay --digest_test' and ensure there is no five minute
     hang.

Change-Id: I5ee851ec0f4a88d72c561ec8a3674b487c78bd8d
Reviewed-on: https://gerrit.chromium.org/gerrit/37546
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
21 months agoFixed non-POD static data types.
Darren Krahn [Tue, 23 Oct 2012 02:08:38 +0000 (19:08 -0700)]
Fixed non-POD static data types.

BUG=chromium:157060
TEST=Ran all unit tests; manual tests which use PKCS #11.

Change-Id: Ied73499b48efe6818e628538597c0994dfc9995c
Reviewed-on: https://gerrit.chromium.org/gerrit/36302
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
23 months agoAdded code to work around key load failures. factory-2985.B factory-2993.B factory-3004.B
Darren Krahn [Tue, 11 Sep 2012 23:45:01 +0000 (16:45 -0700)]
Added code to work around key load failures.

If a key is evicted it may not be possible to reload it. In this case
tcsd will return TCS_E_KM_LOADFAILED from an operation that uses a
private key. The workaround is to unload and load the key again with a
new handle. In order to isolate the handle churn to a single layer,
TSS handles are virtualized in TPMUtilityImpl.

BUG=chrome-os-partner:13878
TEST=Ran all unit tests and relevant autotests.
     Manually attempted to reproduced the problem and verified that the
     reload logic was operating correctly. This condition is evidenced
     by a warning in the syslog: "TCS load failure: attempting to reload
     key.".

Change-Id: I3961456db3ac383a2721a9d0c102a4ae3dac1642
Reviewed-on: https://gerrit.chromium.org/gerrit/33023
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
23 months agoFix chapsd upstart job start and stop conditions. factory-2914.B
J. Richard Barnette [Fri, 14 Sep 2012 22:08:23 +0000 (15:08 -0700)]
Fix chapsd upstart job start and stop conditions.

The 'ui' job has a post-stop script that depends indirectly on
chapsd.  In order for 'ui' to shut down cleanly, chapsd must remain
running until the 'stopping boot-services' event.  This fix changes
the 'chapsd' job so that a) it only depends on the public
boot-services interface, and that b) the chaps daemon stays running
long enough for a clean shutdown.

BUG=chromium-os:33354
TEST=observe no errors logged by chromeos_shutdown
TEST=run platform_BootPerfServer, and check both startup and shutdown times

Change-Id: Ib63268b547bf9ef3dc9de64149421a4fe6a5b2ff
Reviewed-on: https://gerrit.chromium.org/gerrit/33364
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Scott James Remnant <keybuk@chromium.org>
Commit-Ready: Richard Barnette <jrbarnette@chromium.org>

23 months agoAdded more timing data to p11_replay output.
Darren Krahn [Wed, 12 Sep 2012 23:58:11 +0000 (16:58 -0700)]
Added more timing data to p11_replay output.

BUG=None
TEST=Manual

Change-Id: Ia63168846fe7dca9d621b17c8216f31e72647768
Reviewed-on: https://gerrit.chromium.org/gerrit/33148
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
23 months agochaps: Add dependency for chaps_client.o on...
Christopher Wiley [Fri, 7 Sep 2012 17:52:32 +0000 (10:52 -0700)]
chaps: Add dependency for chaps_client.o on...

...chaps_proxy_generated.h

Apprarently if you build chaps enough you expose that we're missing this
dependency.

BUG=chromium-os:34223
TEST=Still compiles

Change-Id: I607fbb8363b0e10df601f33b63fd0ccec4bbcef6
Reviewed-on: https://gerrit.chromium.org/gerrit/32565
Tested-by: Christopher Wiley <wiley@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Christopher Wiley <wiley@chromium.org>

2 years agochaps: Add manual key/cert reads to p11_replay factory-2717.B factory-2723.14.B factory-2846.B factory-2848.B firmware-butterfly-2788.B firmware-link-2695.2.B firmware-link-2695.B firmware-snow-2695.90.B firmware-snow-2695.B firmware-stout-2817.B
Christopher Wiley [Wed, 25 Jul 2012 18:19:39 +0000 (11:19 -0700)]
chaps: Add manual key/cert reads to p11_replay

Add facillities to p11_replay to allow users to load certificates and
private keys into a token via the command line.  We accept DER encoded
keys and certificates in flat files for right now.  We need this
functionality to be able to load our test certificates into the TPM for
wifi authentication testing.

BUG=chromium-os:31586
TEST=Run wifi tests with this tool, tests work as expected
Change-Id: I3a163f9aaf7e95f70f95b90d1f92706f119d4063
Reviewed-on: https://gerrit.chromium.org/gerrit/28411
Tested-by: Christopher Wiley <wiley@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Christopher Wiley <wiley@chromium.org>

2 years agoMoved to the latest version of common.mk. 36/25436/2 factory-2475.B factory-2569.B firmware-parrot-2685.B release-R21-2465.B
Darren Krahn [Thu, 14 Jun 2012 20:38:15 +0000 (13:38 -0700)]
Moved to the latest version of common.mk.

- The new common.mk defaults to -fvisibility=internal so PKCS #11 entry
  points and the LoginEventClient class have been exported explicitly.
- Tests have been cleaned up and live tests now run without errors.
- Generated code now resides in the output directory. This means
  #include statements for these headers must lose the 'chaps/' prefix.
- A default output directory of 'build-opt-local' is used. The ebuild
  specifies 'build-opt' so output generated by running 'make' locally
  will not collide with output generated by 'emerge'.
- Tests now run on arm platforms in qemu.

BUG=chromium-os:28051
TEST='FEATURES=test emerge' on lumpy, zgb, arm-generic

Change-Id: Ie7759aec3f6f86c78eafa41414192bf67ef08fc4

2 years agoMerge "Limit chaps debug setting to a single restart." factory-2460.B
Gerrit [Sat, 16 Jun 2012 01:25:35 +0000 (18:25 -0700)]
Merge "Limit chaps debug setting to a single restart."

2 years agoUse SecureBlob for authorization data and the master key. 33/25133/2
Darren Krahn [Tue, 12 Jun 2012 04:11:08 +0000 (21:11 -0700)]
Use SecureBlob for authorization data and the master key.

BUG=chromium-os:27681
TEST=Ran all unit tests.

Change-Id: Ic1ebbf65704247a23ff9ff14f8aedfcad84ec73f

2 years agoLimit chaps debug setting to a single restart. 17/25417/1
Darren Krahn [Fri, 15 Jun 2012 21:28:04 +0000 (14:28 -0700)]
Limit chaps debug setting to a single restart.

This prevents debug logging from being left on inadvertently.

BUG=None
TEST=Manual

Change-Id: If5fb7f09dc92829c8b114aa4d6dc13c10c118855

2 years agoAdded support for chaps_debug files. 89/24889/2
Darren Krahn [Thu, 7 Jun 2012 23:58:05 +0000 (16:58 -0700)]
Added support for chaps_debug files.

These files are created / removed by the chaps_debug crosh command.

BUG=None
TEST=Manual

Change-Id: I276c59031c674e71647a04b64706740cb9defeca

2 years agoA few changes related to the removal of opencryptoki. 85/24885/1
Darren Krahn [Thu, 7 Jun 2012 23:52:11 +0000 (16:52 -0700)]
A few changes related to the removal of opencryptoki.

- Cleaned up cryptoki.h.
- Removed opencryptoki option from upstart script.

BUG=chromium-os:21022
TEST=Ran all platform_Pkcs11* autotests.

Change-Id: I192e0fedbb4614ee0d96c1e347da6ae416ac3551

2 years agoMerge "Added list_objects options to p11_replay."
Gerrit [Thu, 7 Jun 2012 19:07:40 +0000 (12:07 -0700)]
Merge "Added list_objects options to p11_replay."

2 years agoStore only a single byte of the auth data hash. 31/24431/2
Darren Krahn [Mon, 4 Jun 2012 22:28:54 +0000 (15:28 -0700)]
Store only a single byte of the auth data hash.

Storing a single byte still allows a reasonable sanity check but is not
very useful for a brute-force attack.

BUG=None
TEST=Ran all unit tests; ran platform_Pkcs11ChangeAuthData.

Change-Id: I9f3a36d9258b6125c6fec85419abd78e6eda7d76

2 years agoAdded list_objects options to p11_replay. 53/24553/1
Darren Krahn [Tue, 5 Jun 2012 00:03:56 +0000 (17:03 -0700)]
Added list_objects options to p11_replay.

BUG=chromium-os:29776
TEST=Manual

Change-Id: I392c1b9fc277264a2e439079cc3aa29eb2e43b08

2 years agoAdded support in p11_replay for key injection and key labels. 40/24240/2
Darren Krahn [Thu, 31 May 2012 21:22:11 +0000 (14:22 -0700)]
Added support in p11_replay for key injection and key labels.

Also, improved logging in a few places.

BUG=None
TEST=Manual; Run platform_Pkcs11Events autotest.

Change-Id: I42738d18693e516a5a8f0d3bd7518e3867b0f89c

2 years agoCleaned up commands that have been moved to chaps_client. 38/23738/1 factory-2368.B factory-2394.B
Darren Krahn [Fri, 25 May 2012 17:09:46 +0000 (10:09 -0700)]
Cleaned up commands that have been moved to chaps_client.

BUG=None
TEST=Manual

Change-Id: Ia72d0ffed4b56042916cb483a49610d7e7f27c82

2 years agoAdded an authorization data hash. 41/23241/3
Darren Krahn [Sat, 19 May 2012 00:59:09 +0000 (17:59 -0700)]
Added an authorization data hash.

Authorization data will only be sent to the TPM if it matches this hash.
This shields the TPM from bad authorization data which can cause it to
enter dictionary-attack-defense mode. Also, fixed a bug found during
testing: the private object mutex should not be signaled in the
ObjectPoolImpl::DeleteAll method.

Note: This CL is security-relevant. Previously a hash of the
authorization data was not stored.

BUG=chromium-os:30836
TEST=Ran all unit tests. Ran platform_Pkcs11ChangeAuthData autotest.

Change-Id: I7c65205e858f74f8a69e13cfe8ae00eb2de75bf2

2 years agoRemoved support for less secure encrypted blob format. 66/23266/1
Darren Krahn [Tue, 22 May 2012 19:57:44 +0000 (12:57 -0700)]
Removed support for less secure encrypted blob format.

BUG=chromium-os:31023
TEST=Ran all unit tests; manually tested existing objects are loaded.

Change-Id: I612d2f9729179b89bae306d3cc8ee3afc9b1b92a

2 years agoMoved the expensive part of token termination onto a worker thread. 26/22426/2 factory-2338.B firmware-link-2348.B
Darren Krahn [Thu, 10 May 2012 17:10:58 +0000 (10:10 -0700)]
Moved the expensive part of token termination onto a worker thread.

The effect is that the OnLogout event is quick and consistent. There is
no noticeable difference (at the ms level) between this OnLogout
implementation and not doing anything in the OnLogout handler. File
system handles are still closed synchronously so a race condition does
not exist with ui.conf killing processes with open handles.

BUG=chromium-os:29933
TEST=Ran all unit tests.
     Ran platform_Pkcs11Init* autotests.
     Tested timing by manually unloading with active keys.
     Manually verified that chapsd does not get killed on logout.

Change-Id: I8f73b15aeb4691232b890cfb1a3a26b870788fdb

2 years agoCreated a dbus method which sets the log level and a chaps client. 01/23001/2
Darren Krahn [Tue, 15 May 2012 23:54:26 +0000 (16:54 -0700)]
Created a dbus method which sets the log level and a chaps client.

Combined with a crosh command, this will allow verbose logging to be
enabled in normal mode. The chaps client also includes some of the
chaps-specific commands from p11_replay. These will be removed from
p11_replay once the dependent autotests have been updated.

BUG=chromium-os:30835
TEST=Ran all unit tests.
     Manually tested setting log level.
     Manually tested using all chaps_client commands.

Change-Id: If74949ffb6c2116528262b70a5e86e7cfd180bdf

2 years agoMerge "Implemented fall-back to software for out-of-range private key sizes."
Gerrit [Wed, 16 May 2012 23:05:39 +0000 (16:05 -0700)]
Merge "Implemented fall-back to software for out-of-range private key sizes."

2 years agoImplemented fall-back to software for out-of-range private key sizes. 06/22606/3
Darren Krahn [Mon, 14 May 2012 19:13:41 +0000 (12:13 -0700)]
Implemented fall-back to software for out-of-range private key sizes.

Also:
 - Added logging to 'not supported' errors.
 - Updated p11_replay so software keys can be tested.
 - Updated RSA key size and output buffer size checks.

BUG=chromium-os:29974
TEST=Ran all unit tests.
     Manually imported sample certs attached to bug.
     Manually tested generation and use of large keys using p11_replay.

Change-Id: I0750aca70cbfdc4b776a7e356aaa3b4268811d99

2 years agoImplemented recovery from bad authorization data. 53/22653/2
Darren Krahn [Mon, 14 May 2012 23:57:44 +0000 (16:57 -0700)]
Implemented recovery from bad authorization data.

If the authorization data passed to OnLogin is not correct, private
objects cannot be used. In practice, the correctness of the
authorization data should be checked before loading a token but in the
event this happens the response is to do the following:
 1) Delete all objects, public and private.
 2) Initialize a new key hierarchy with the given auth data.

If initializing a key hierarchy fails either the first time it runs or
during this recovery step, the private object condition will be set to
avoid blocking incoming requests for private object operations.

BUG=chromium-os:30668
TEST=Ran all unit tests, including two new ones.
     Manually tested bad auth data cases using p11_replay.

Change-Id: I9ad20aa072dd08f9206f05ecf3c1559a842bde93

2 years agoImproved logging of attributes. 04/22404/3 factory-2305.B
Darren Krahn [Mon, 7 May 2012 19:52:52 +0000 (12:52 -0700)]
Improved logging of attributes.

BUG=None
TEST=Unit tests, manually tested log output.

Change-Id: Ic897648f97644e94bec53864233a76098890a56f

2 years agoImproved encryption/authentication of persistent objects. 02/22402/3
Darren Krahn [Wed, 2 May 2012 21:55:14 +0000 (14:55 -0700)]
Improved encryption/authentication of persistent objects.

Now a MAC is computed after encryption and includes the IV. Also
SafeMemcmp is used when verifying the MAC before decryption. Existing
objects are migrated to the new format.

BUG=None
TEST=Ran all unit tests. Manually tested migration of existing objects.

Change-Id: If2f8b5fbcc8ea2c46e4e1c2fcea87e3ff6ecb24c

2 years agoFixed an HMAC compatibility problem. 27/21927/1
Darren Krahn [Sat, 5 May 2012 05:12:02 +0000 (22:12 -0700)]
Fixed an HMAC compatibility problem.

Due to a previous bug, the MAC for some public objects still exist as
computed with the master key (used for private objects). This CL
tolerates this case and considers such MACs valid.

BUG=chromium-os:30577
TEST=Ran all unit tests.

Change-Id: I364a8c724a898a6bed1b8c37e1ed5d0f41d2f2ba

2 years agoFixed a 32-bit to 64-bit conversion error. 81/21881/1
Darren Krahn [Fri, 4 May 2012 19:23:01 +0000 (12:23 -0700)]
Fixed a 32-bit to 64-bit conversion error.

BUG=chromium-os:30145
TEST=Ran all unit tests. Manually tested SPDY.

Change-Id: I98a8eab260a74f8700393c7bbcb201d0652447d3

2 years agoDefined NSS-specific constants to improve logging. 69/21669/2
Darren Krahn [Wed, 2 May 2012 21:12:44 +0000 (14:12 -0700)]
Defined NSS-specific constants to improve logging.

BUG=None
TEST=Ran all unit tests. Manually checked logs for readable constants.

Change-Id: Ic23ecf1937fc54d6e8daee04eb4fbd23dc2ab13e

2 years agoMerge "Improved handling of corrupted database."
Gerrit [Wed, 2 May 2012 19:06:35 +0000 (12:06 -0700)]
Merge "Improved handling of corrupted database."

2 years agoMerge "Modified p11_replay to not attempt any other operations after unload."
Gerrit [Wed, 2 May 2012 19:06:30 +0000 (12:06 -0700)]
Merge "Modified p11_replay to not attempt any other operations after unload."

2 years agoMerge "Default public keys and certificates to CKA_PRIVATE = false."
Gerrit [Wed, 2 May 2012 19:06:30 +0000 (12:06 -0700)]
Merge "Default public keys and certificates to CKA_PRIVATE = false."

2 years agoMerge "Fixed HMAC bug. Public object MACs were incorrectly generated."
Gerrit [Wed, 2 May 2012 19:06:29 +0000 (12:06 -0700)]
Merge "Fixed HMAC bug. Public object MACs were incorrectly generated."

2 years agoImproved handling of corrupted database. 94/21394/2
Darren Krahn [Wed, 25 Apr 2012 20:16:00 +0000 (13:16 -0700)]
Improved handling of corrupted database.

Now a database directory is backed up when it cannot be opened. This
allows PKCS #11 services to proceed with a functional database while
keeping the corrupt database for diagnosis.

BUG=None
TEST=platform_Pkcs11InitUnderErrors

Change-Id: Iecfeff548239eb542f6c73b21e9a5dcd3010155b

2 years agoModified p11_replay to not attempt any other operations after unload. 92/21392/1
Darren Krahn [Mon, 23 Apr 2012 23:11:01 +0000 (16:11 -0700)]
Modified p11_replay to not attempt any other operations after unload.

BUG=None
TEST=Manual

Change-Id: I557b93bba20ea86ca94875a1f0a1ef1270ec8803

2 years agoDefault public keys and certificates to CKA_PRIVATE = false. 52/21352/1
Darren Krahn [Fri, 27 Apr 2012 18:44:28 +0000 (11:44 -0700)]
Default public keys and certificates to CKA_PRIVATE = false.

Some applications (including NSS) don't always specify the CKA_PRIVATE
attribute and previously this always defaulted to true. For public keys
and certificates this attribute set to false is more appropriate and
allows faster access to certificates on login.

BUG=None
TEST=Ran all unit tests; manual tests.

Change-Id: Iafbcae09fe377d8cf4097cf63bdac05a78c16e74

2 years agoFixed HMAC bug. Public object MACs were incorrectly generated. 84/21284/1
Darren Krahn [Fri, 27 Apr 2012 00:18:33 +0000 (17:18 -0700)]
Fixed HMAC bug. Public object MACs were incorrectly generated.

BUG=None
TEST=Ran all unit tests. Manually tested using the following steps:
 - Create a directory owned by chaps (e.g. /tmp/chaps)
 - Restart chapsd
 - Create a new token and generate a key pair:
     > sudo p11_replay --load --path=/tmp/chaps --auth=1234 --generate
 - Unload the new token:
     > sudo p11_replay --unload --path=/tmp/chaps
 - Load the token again and immediately list objects (before the token
   master key can be decrypted by the TPM):
     > sudo p11_replay --load --path=/tmp/chaps --auth=1234; pkcs11-tool
       --module=libchaps.so -O
 - Verify that the output of this command lists a public key. Before
   this fix the output would not list any objects.
 - Wait a few seconds (so the master key is decrypted).
 - List objects again:
     > pkcs11-tool --module=libchaps.so -O
 - Verify that the output lists both the public and private keys.

Change-Id: Id11603cad9732878d72218a82444cf0b7f36e34b

2 years agoFixed a hang during unit testing. 12/21112/2
Darren Krahn [Wed, 25 Apr 2012 20:18:45 +0000 (13:18 -0700)]
Fixed a hang during unit testing.

SlotManagerImpl::OnLogin creates a thread to perform asynchronous token
initialization. The version of gtest and gmock we currently use is not
thread-safe which can cause hangs. For now, all tests calling OnLogin
have been disabled.

BUG=None
TEST=Ran all unit tests.
     Created new unit test which reproduces the problem often.

Change-Id: I518e07ef594253fb4f2b1c00762dffb4986acfee

2 years agoMerge "Fixed a memory / handle leak."
Gerrit [Fri, 20 Apr 2012 22:40:36 +0000 (15:40 -0700)]
Merge "Fixed a memory / handle leak."

2 years agoFixed a memory / handle leak. 61/20761/1
Darren Krahn [Fri, 20 Apr 2012 21:42:04 +0000 (14:42 -0700)]
Fixed a memory / handle leak.

Each leveldb iterator holds an open file handle. This needs to be closed
so chapsd doesn't get killed on logout.

BUG=chromium-os:29665
TEST=Ran all unit tests; manually verified all handles close correctly.

Change-Id: Ie63443e7f345455a41a0c9b56eadd0dda974e60b

2 years agoMerge "Added more robust handling of TPM failures."
Gerrit [Fri, 20 Apr 2012 21:33:13 +0000 (14:33 -0700)]
Merge "Added more robust handling of TPM failures."

2 years agoCleaned up unused code. 94/20694/1
Darren Krahn [Fri, 20 Apr 2012 16:16:56 +0000 (09:16 -0700)]
Cleaned up unused code.

The todo bug has been closed WontFix.

BUG=chromium-os:22297
TEST=none

Change-Id: I3c2a620aaecdc29400c4b85ac8f56bc2fcdf0d35

2 years agoAdded more robust handling of TPM failures. 49/20649/1
Darren Krahn [Thu, 19 Apr 2012 22:40:13 +0000 (15:40 -0700)]
Added more robust handling of TPM failures.

Previously, if the TPM failed to initialize a LOG(FATAL) killed the
process. Now a token will not be loaded but TPM initialization will be
reattempted each time a request to load a token is received.

BUG=chromium-os:29703
TEST=Ran all unit tests; created new unit test.
     Manually tested with functional TPM and with fake TPM failure.

Change-Id: If757a01c35c8208a18ac1567c95cf418f8f15f12

2 years agoEnable the Chaps PKCS #11 implementation by default. 03/20003/3
Darren Krahn [Wed, 11 Apr 2012 17:32:19 +0000 (10:32 -0700)]
Enable the Chaps PKCS #11 implementation by default.

BUG=chromium-os:22543
TEST=Manually tested that an update that includes this change will cause
Chaps to be enabled on the next reboot.

Change-Id: I20d51ec81ababc996df495e2441e1eaf72b4148a

2 years agoMerge "Fixed flushing of objects modified after initial creation."
Gerrit [Tue, 17 Apr 2012 22:38:51 +0000 (15:38 -0700)]
Merge "Fixed flushing of objects modified after initial creation."

2 years agoFixed a race condition between chapsd and chaps clients. 07/20407/2
Darren Krahn [Tue, 17 Apr 2012 21:27:30 +0000 (14:27 -0700)]
Fixed a race condition between chapsd and chaps clients.

This race condition exhibits itself in practice when cryptohome restarts
chapsd and then waits for the process to be respawned before making
calls. If cryptohome calls between the time that chapsd has started and
the time it begins servicing dbus then the calls fail.

This is suspected of causing apparent certificate loss.

BUG=chromium:120767
TEST=Ran all unit tests.
     Manually tested:
     - Ran client but not service.
     - Ran client and then service after a short delay.
     - Ran service and then client.

Change-Id: I0a9105e3d10b0b359ed3faa0c91516c57dffa304

2 years agoFixed flushing of objects modified after initial creation. 85/20385/1
Darren Krahn [Tue, 17 Apr 2012 17:26:55 +0000 (10:26 -0700)]
Fixed flushing of objects modified after initial creation.

BUG=chromium:120767
TEST=New unit test; manually tested.

Change-Id: I79335c99a6616fdfb5286ccadcb5831d99833498

2 years agoImplemented asynchronous initialization and import of tokens. 35/19935/4
Darren Krahn [Tue, 10 Apr 2012 23:41:32 +0000 (16:41 -0700)]
Implemented asynchronous initialization and import of tokens.

When a token is initialized there is some expensive TPM work to do. If
legacy objects need to be imported there is even more TPM work to do.
Objects that are not encrypted with the TPM can be available before this
work is complete. This CL enables this immediate access so certificates
can be enumerated before TPM work is finished. The TPM work executes
asynchronously in the background.

To accomplish this the following changes have been made:
- Separate loading of public and private objects.
- Do not encrypt public objects with the TPM.
- Integrate import logic with object loading logic in the object pool.
- Add locking for the handle manager, tpm utility, and object pools.
- Separate importing of public and private objects.

BUG=chromium-os:21014
TEST=Ran all unit tests; manually tested expensive import, ensuring that
UI was not blocked on the completion of the import.

Change-Id: I2620cd2000b52d9d6d547453441a2286018e05b7

2 years agoMerge "Implemented migration from opencryptoki."
Gerrit [Wed, 11 Apr 2012 23:42:59 +0000 (16:42 -0700)]
Merge "Implemented migration from opencryptoki."

2 years agoImplemented migration from opencryptoki. 06/19406/5
Darren Krahn [Fri, 23 Mar 2012 21:30:00 +0000 (14:30 -0700)]
Implemented migration from opencryptoki.

Private keys that have been imported need to keep the same parent
wrapping key so support has been added to store the imported root
key blobs and load them on demand.

Unit tests have been added that exercise the import logic with normal
data and with corrupted data.

BUG=chromium-os:21014
TEST=Run all unit tests.
     Manually test importing a Google-A cert from opencryptoki and using
     it with Chaps.

Change-Id: I0f19cbb284005dab7c62be8c466a67f3bbc35a55

2 years agoRemoved TODO. TPM RNG evaluation shows its use as a seed is fine. 01/20001/1
Darren Krahn [Wed, 11 Apr 2012 18:02:11 +0000 (11:02 -0700)]
Removed TODO. TPM RNG evaluation shows its use as a seed is fine.

BUG=chromium-os:25435
TEST=None

Change-Id: I483011363de3473052bb0bb34aed92c124038cd6

2 years agoAdded more functions to p11_replay. 67/19767/3
Darren Krahn [Wed, 4 Apr 2012 20:56:22 +0000 (13:56 -0700)]
Added more functions to p11_replay.

These additional functions make p11_replay more useful for autotests:
* load: Loads an arbitrary token given a database path and auth data.
* unload: Unloads an existing token.
* change_auth: Changes the auth data for an arbitrary token.
* logout: Performs a C_Logout after any other commands.
* cleanup: Deletes all previously generated test keys.

BUG=chromium-os:27741
TEST=manually tested by running with each switch

Change-Id: I48b2151546822f2c44eb5711d8c7a09fde872ad9

2 years agoFixed dependencies for generated protobuf headers. 21/19921/1
Darren Krahn [Tue, 10 Apr 2012 20:53:04 +0000 (13:53 -0700)]
Fixed dependencies for generated protobuf headers.

BUG=chromium-os:29203
TEST='FEATURES=test emerge'

Change-Id: I11c8c6793a251e56ebd41167aae42fb2771b9077

2 years agoupdate to newer libbase 91/19891/3
Mike Frysinger [Tue, 10 Apr 2012 16:33:51 +0000 (12:33 -0400)]
update to newer libbase

BUG=chromium-os:25872
TEST=`emerge-x86-alex chaps` works
TEST=`cros_run_unit_tests --board=x86-alex -p chaps` passed

Change-Id: I01068bdb7440ec2073ddd926b89c6c72fc73b071

2 years ago[chaps] add OWNERS 50/19750/1
Elly Jones [Fri, 6 Apr 2012 17:12:19 +0000 (13:12 -0400)]
[chaps] add OWNERS

TEST=None
BUG=chromium-os:22007

Change-Id: Ia74ef03d2a796b54bd42de20862abcd328e9f55c
Signed-off-by: Elly Jones <ellyjones@chromium.org>
2 years agoMerge "Added support for loading opencryptoki key blobs."
Gerrit [Fri, 30 Mar 2012 18:23:47 +0000 (11:23 -0700)]
Merge "Added support for loading opencryptoki key blobs."

2 years agoMerge "Added more flexibility to the decoding of integral serialized types."
Gerrit [Fri, 30 Mar 2012 18:02:56 +0000 (11:02 -0700)]
Merge "Added more flexibility to the decoding of integral serialized types."

2 years agoMerge "Improved handling of invalid attributes."
Gerrit [Fri, 30 Mar 2012 00:40:17 +0000 (17:40 -0700)]
Merge "Improved handling of invalid attributes."

2 years agoAdded support for loading opencryptoki key blobs. 16/19116/2
Darren Krahn [Fri, 23 Mar 2012 21:25:09 +0000 (14:25 -0700)]
Added support for loading opencryptoki key blobs.

Support was added for loading keys which do not have any authorization
data (like opencryptoki root keys). Also, support was added for keys
which have a parent other than the SRK (like all other opencryptoki
keys, which have the root key as their parent).

BUG=chromium-os:21014
TEST=Run all unit tests.

Change-Id: I8e65810f30781b0f0cb0ddee38686d398fd5247e

2 years agoAdded more flexibility to the decoding of integral serialized types. 36/19336/1
Darren Krahn [Wed, 28 Mar 2012 20:06:03 +0000 (13:06 -0700)]
Added more flexibility to the decoding of integral serialized types.

This flexibility allows chaps to correctly import attribute values
written by other PKCS #11 libraries. Unit tests have been added.

BUG=chromium-os:21014
TEST=Run all unit tests.

Change-Id: I5783a2b55d04492139e7482fba19f851cc017a37

2 years agoImproved handling of invalid attributes. 31/19331/2
Darren Krahn [Wed, 28 Mar 2012 19:43:56 +0000 (12:43 -0700)]
Improved handling of invalid attributes.

BUG=chromium-os:28626
TEST=Ran all unit tests.
     Manually tested using steps described in bug.

Change-Id: Iead35b0d5171bd4cee3d8d1226de706a877b2ddd

2 years agoAdded framework for importing objects from opencryptoki. 15/18915/5
Darren Krahn [Tue, 20 Mar 2012 17:04:53 +0000 (10:04 -0700)]
Added framework for importing objects from opencryptoki.

BUG=chromium-os:21014
TEST=Run all unit tests.

Change-Id: I44b8f9facc1e0f9ef2375109de1abd1a7429347f

2 years agoMerge "Moved AES-CBC-PAD encryption to chaps_utility."
Gerrit [Tue, 27 Mar 2012 04:21:29 +0000 (21:21 -0700)]
Merge "Moved AES-CBC-PAD encryption to chaps_utility."

2 years agoMoved AES-CBC-PAD encryption to chaps_utility. 98/18898/3
Darren Krahn [Tue, 20 Mar 2012 19:35:34 +0000 (12:35 -0700)]
Moved AES-CBC-PAD encryption to chaps_utility.

Migration code will reuse this function.

BUG=chromium-os:21014
TEST=Run all unit tests.

Change-Id: I32ad660eaa790b912e9e34e83a2f3e0990f3703d

2 years agoFixed generated-header dependency. 75/19075/1
Darren Krahn [Mon, 26 Mar 2012 16:17:35 +0000 (09:17 -0700)]
Fixed generated-header dependency.

BUG=None
TEST=emerge

Change-Id: I26ae90b488000aa6f915efc761adb5eacb6c6d5b

2 years agoUse a more restrictive umask so token database is not world readable. 66/18966/1
Darren Krahn [Fri, 23 Mar 2012 17:05:53 +0000 (10:05 -0700)]
Use a more restrictive umask so token database is not world readable.

BUG=chromium-os:21003
TEST=Run trybot along with cryptohome changes and autotest changes for
security_ProfilePermissions.

Change-Id: I00bee7c90b51f8567701e3b0b0401b59888dc9aa

2 years agoUpdate dbus policy and run as 'chaps'. 95/18895/2
Darren Krahn [Fri, 16 Mar 2012 23:10:58 +0000 (16:10 -0700)]
Update dbus policy and run as 'chaps'.

The dbus interface can now be owned by 'chaps' or 'root'. All members of
the 'pkcs11' group have normal access to the interface. When chaps is
disabled and calls are redirected to opencryptoki, the daemon still runs
as root and effective chronos. When chaps is enabled, the daemon will
switch to real chaps on startup. Cryptohome will be responsible for
creating a token database directory which is accessible by the chaps
user.

BUG=chromium-os:27967
TEST=Run all unit tests.
     Manually test with chaps enabled and disabled:
     - Use PKCS #11 services as chronos.
     - Use PKCS #11 services as wpa.
     - Connect to Google-A.

Change-Id: I24f29e6b7dab91c07bc5f428598c03653e35a748

2 years agoImplemented an object store using leveldb. 34/18334/2
Darren Krahn [Wed, 14 Mar 2012 23:15:15 +0000 (16:15 -0700)]
Implemented an object store using leveldb.

The magic database name ":memory:" is used to create a memory only
database suitable for testing.

BUG=chromium-os:21009
TEST=Ran all unit tests.
     Manually using the following steps:
      - Login as a user with no token.
      - Create a key in the token and sign with the key.
      - Logout.
      - Login again and sign with the existing key.

Change-Id: I797f421479ebb013281112ab8e094a1f036255d7

2 years agoFixed dependency bug. 66/18466/5
Darren Krahn [Mon, 19 Mar 2012 16:11:32 +0000 (09:11 -0700)]
Fixed dependency bug.

BUG=chromium-os:27975
TEST=FEATURES=test emerge

Change-Id: I21e0ffd156a4d77c3964ab88bbdda84d47a7c9c5

2 years agoUpdated replay app to support more scenarios. 07/18307/4
Darren Krahn [Fri, 9 Mar 2012 02:24:11 +0000 (18:24 -0800)]
Updated replay app to support more scenarios.

Now following actions are available:
  --generate : Generates a key pair suitable for other tests.
  --generate_delete : Generates a key pair and immediately deletes it.
  --replay_wifi : Replays a EAP-TLS negotiation (the default action).
  --replay_vpn : Replays a L2TP/IPSEC vpn negotiation.

BUG=None
TEST=Manual tests.

Change-Id: I065d61cb26390a8fe2161b7602c0e89d775d5ab5

2 years agoMerge "Added an HMAC to each encrypted blob."
Gerrit [Mon, 19 Mar 2012 18:52:35 +0000 (11:52 -0700)]
Merge "Added an HMAC to each encrypted blob."

2 years agoMerge "Enabled the object store in ChapsFactory."
Gerrit [Mon, 19 Mar 2012 18:52:34 +0000 (11:52 -0700)]
Merge "Enabled the object store in ChapsFactory."

2 years agoMerge "Created an ObjectStore skeleton with functional encryption." factory-1987.B
Gerrit [Fri, 16 Mar 2012 19:34:45 +0000 (12:34 -0700)]
Merge "Created an ObjectStore skeleton with functional encryption."