chromiumos/platform/cryptohome.git
7 months agoAdded permissions for new dbus method. 31/66131/2 master
Darren Krahn [Fri, 16 Aug 2013 21:39:39 +0000 (14:39 -0700)]
Added permissions for new dbus method.

BUG=chromium:260504
TEST=manual

Change-Id: I382a65435e345aa0befdd6dbcb3002b7ec5c93e1
Reviewed-on: https://gerrit.chromium.org/gerrit/66131
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
7 months ago[cryptohome] fix CleanUpStale crash 35/63335/6
Elly Fong-Jones [Thu, 25 Jul 2013 14:25:30 +0000 (10:25 -0400)]
[cryptohome] fix CleanUpStale crash

We were attempting to access end()->second, which is a big nono. Also, add a new
unit-test to cover this case (which was also instrumental in tracking down the
bug itself).

TEST=unit
BUG=chromium:263541

Change-Id: I540b71fabf48899845b833fcad2807e5f62d5997
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/63335
Commit-Queue: Kees Cook <keescook@chromium.org>

8 months agoImplemented the temporal index selection algorithm. 91/63491/3
Darren Krahn [Fri, 26 Jul 2013 00:48:05 +0000 (17:48 -0700)]
Implemented the temporal index selection algorithm.

Also added a username parameter to the CreateCertRequestByProfile dbus
method for use by the algorithm.

BUG=chromium:260504
TEST=unit, platform_Attestation

Change-Id: I31dcb95ed8f92ad681187be97ad1029533843ba1
Reviewed-on: https://gerrit.chromium.org/gerrit/63491
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
8 months agoAdded temporal_index to the attestation protobuf. 98/63398/2 stabilize-4512.B
Darren Krahn [Wed, 24 Jul 2013 22:06:30 +0000 (15:06 -0700)]
Added temporal_index to the attestation protobuf.

This index is used as part of the scheme to generate origin-specific
identifiers.  They allow a device to request different identifiers for
different users.  The indexed value on the server side changes over time
which explains the name.

BUG=chromium:260504
TEST=unit

Change-Id: I54e863bea406b94c46157432beea7857c5630624
Reviewed-on: https://gerrit.chromium.org/gerrit/63398
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

8 months agoChanged cryptohome to use attestation certificate profiles. 39/62939/3
Darren Krahn [Fri, 19 Jul 2013 22:21:06 +0000 (15:21 -0700)]
Changed cryptohome to use attestation certificate profiles.

The PCA now accepts a certificate profile enum.  Cryptohome now
specifies this profile value for certificate requests and no longer uses
any deprecated attributes.

BUG=chromium:260504
TEST=unit, platform_Attestation autotest

Change-Id: Ic4a2d7dbbe81685dd94847e178f60b50a1a3404f
Reviewed-on: https://gerrit.chromium.org/gerrit/62939
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

8 months agocryptohome: fix heap use-after-free error. 04/64404/3
Yunlian Jiang [Fri, 2 Aug 2013 23:29:43 +0000 (16:29 -0700)]
cryptohome: fix heap use-after-free error.

BUG=chromium:267868
TEST=FEATURES="test nostrip" emerge-lumpy chromeos-cryptohome with
address sanitizer passes.

Change-Id: I72cbc31b2fd14bdd236df75ddc211f643714c4fa
Reviewed-on: https://gerrit.chromium.org/gerrit/64404
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Commit-Queue: Yunlian Jiang <yunlian@chromium.org>

8 months ago[cryptohome] refactor CleanUpStale unit tests. 26/63226/2 firmware-pit-4482.B
Elly Fong-Jones [Wed, 24 Jul 2013 18:56:49 +0000 (14:56 -0400)]
[cryptohome] refactor CleanUpStale unit tests.

Eliminate duplicated code.

BUG=chromium:203275
TEST=unit

Change-Id: I0b6787a3399364dc261a6ceff414ccca3e9f2171
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/63226
Reviewed-by: Kees Cook <keescook@chromium.org>
8 months agoAdd QUOTA_LIMIT_EXCEEDED to response status 81/63581/3
Hsu-Cheng Tsai [Mon, 29 Jul 2013 05:56:35 +0000 (13:56 +0800)]
Add QUOTA_LIMIT_EXCEEDED to response status

Change-Id: I5de658a5979fe09d608006eb5a28cdc2a81edc1b
BUG=None
TEST=Manual
Reviewed-on: https://gerrit.chromium.org/gerrit/63581
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
8 months agoAdd MountPublic/AsyncMountPublic call. 85/61585/5 factory-pit-4471.B
Xiyuan Xia [Tue, 9 Jul 2013 23:03:30 +0000 (16:03 -0700)]
Add MountPublic/AsyncMountPublic call.

MountPublic/AsyncMountPublic mount cryptohome for a public session that has
no password, e.g. an kiosk app. The cryptohome is protected by a passkey that
is generated using a random, root-access-only and secure salt stored in
/var/lib/public_mount_salt and the public session id.

BUG=chromium:243099
TEST=manual, cryptohome --action=mount_public --user=public_mount_id

Change-Id: I848d4eb8c095d1ae14132615b87cfbdc048d4807
Reviewed-on: https://gerrit.chromium.org/gerrit/61585
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Xiyuan Xia <xiyuan@chromium.org>
Tested-by: Xiyuan Xia <xiyuan@chromium.org>
8 months agoAdd new action for cryptohome utility to dump last activity for all 43/63343/4
antrim [Thu, 25 Jul 2013 16:34:16 +0000 (20:34 +0400)]
Add new action for cryptohome utility to dump last activity for all
users.

BUG=chromium:247371

TEST=Run cryptohome --action=dump_last_activity, and compare it with
individual values from --action=dump_keyset.

Change-Id: I29bb24856c3f30e39f822b5e38bcbbf320ae92e3
Reviewed-on: https://gerrit.chromium.org/gerrit/63343
Tested-by: Denis Kuznetsov <antrim@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Denis Kuznetsov <antrim@chromium.org>

8 months agouse StrEq matcher when comparing two strings. 53/63353/2
Yunlian Jiang [Thu, 25 Jul 2013 17:14:17 +0000 (10:14 -0700)]
use StrEq matcher when comparing two strings.

This uses StrEq() matcher to compare the content of the strings instead
of the pointers that point to the strings. Without this fix, the test
failed with AddressSanitizer.

BUG=chromium:264245
TEST=FEATURES="nostrip test" emerge-lumpy chromeos-cryptohome passes.

Change-Id: I9859759ac4a0d59901e88e1b8f5c8096e6dc7443
Reviewed-on: https://gerrit.chromium.org/gerrit/63353
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
8 months agoMoved the chaps database directory under /home/root. 53/62753/2 factory-4455.B
Darren Krahn [Tue, 25 Jun 2013 00:33:52 +0000 (17:33 -0700)]
Moved the chaps database directory under /home/root.

This CL also includes code to migrate existing chaps data to the new
location.

BUG=chromium:212630
TEST=unit, manual

Change-Id: If66a60c89a658c73ed7db763dd8cfd26ab990418
Reviewed-on: https://gerrit.chromium.org/gerrit/62753
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
8 months agoFixed a bug in Platform::SyncPath when used with directories. 25/62925/3 stabilize-4443.B
Darren Krahn [Mon, 22 Jul 2013 23:52:50 +0000 (16:52 -0700)]
Fixed a bug in Platform::SyncPath when used with directories.

When using fsync with a file, opening a file descriptor using
open(O_WRONLY) is fine but it doesn't work with directories.  The
testing on the original CL was clearly not effective because attestation
enrollment fails.

To reproduce run platform_Attestation autotest on a system which has not
previously enrolled for attestation.

BUG=chromium:254028
TEST=unit, manual

Change-Id: Iadbfb6c1ab85f8f9f61b93512c16e5fe9fdef76e
Reviewed-on: https://gerrit.chromium.org/gerrit/62925
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
9 months ago[cryptohome] support multiple pkcs11 contexts 87/57787/8
Elly Fong-Jones [Thu, 6 Jun 2013 15:07:24 +0000 (11:07 -0400)]
[cryptohome] support multiple pkcs11 contexts

Disable the restriction of pkcs11 contexts to the first mount. Have mounts clean
up their pkcs11 tokens when being unmounted. Have the crash-recovery code clean
up stale pkcs11 tokens.

CQ-DEPEND=I3eca3fc993d6e89e3c61baf13081840721c1f82f
BUG=chromium:205206
TEST=adhoc,unit,trybot
$ cryptohome --action=mount --user=user1 --password=pwd --create
$ cryptohome --action=mount --user=user2 --password=pwd --create
$ cryptohome --action=mount --user=user3 --password=pwd --create
$ mount | grep '/home/root' | wc -l
3
$ chaps_client --list 2>&1 | grep 'Slot' | wc -l
3
$ cryptohome --action=unmount
$ mount | grep '/home/root' | wc -l
0
$ chaps_client --list 2>&1 | grep Slot | wc -l
0

Change-Id: I46e6274667f317ac64a3b9a9eed50313162e06a6
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/57787

9 months agoRevert "Moved the chaps database directory under /home/root." 69/60869/2 factory-pit-4390.B firmware-falco_peppy-4389.B firmware-leon-4389.26.B firmware-wolf-4389.24.B
Elly Jones [Wed, 3 Jul 2013 15:38:02 +0000 (08:38 -0700)]
Revert "Moved the chaps database directory under /home/root."

This reverts commit d083d86bc53dbc180b0a44d9e388bd122e090e24

This commit likely caused <https://uberchromegw.corp.google.com/i/chromeos/builders/lumpy%20canary/builds/2797/steps/UnitTest/logs/stdio> and other failures.

Change-Id: I4f0beafc20c410b7e58c43770c040883ab156f43
Reviewed-on: https://gerrit.chromium.org/gerrit/60869
Reviewed-by: Peter Mayo <petermayo@chromium.org>
Commit-Queue: Elly Jones <ellyjones@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
9 months agoMoved the chaps database directory under /home/root. 61/59961/3
Darren Krahn [Tue, 25 Jun 2013 00:33:52 +0000 (17:33 -0700)]
Moved the chaps database directory under /home/root.

This CL also includes code to migrate existing chaps data to the new
location.

BUG=chromium:212630
TEST=unit, manual

Change-Id: I026b21fc10d1df043e1478db9d7d66fc95116011
Reviewed-on: https://gerrit.chromium.org/gerrit/59961
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

9 months agoSync the attestation database after write. 89/59989/4
Darren Krahn [Tue, 25 Jun 2013 23:04:55 +0000 (16:04 -0700)]
Sync the attestation database after write.

The attestation database holds data that cannot be recovered if lost.
Currently, it was possible to lose this data if something went wrong
before the data was flushed to disk.  Adding a sync will reduce the
chances of this.

BUG=chromium:254028
TEST=unit

Change-Id: I82d528adf32de1a0343a1e36c9e5fbe588182541
Reviewed-on: https://gerrit.chromium.org/gerrit/59989
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

9 months agoInstallAttributesIsReady: Wait for Attestation blob preparation 07/59707/4 release-R29-4319.B
Will Drewry [Mon, 24 Jun 2013 01:57:47 +0000 (20:57 -0500)]
InstallAttributesIsReady: Wait for Attestation blob preparation

On some hardware, attestation blob preparation may take a noticably
longer time. In those cases, a user may have completely all the UI steps
needed to trigger an enterprise enrollment.  While enterprise enrollment
waits on TPM ownership, it does not wait for the TPM to be free and
clear.  It appears that in some instances, it is possible to create
enough TPM contention to delay a response to
InstallAttributesFinalize().

This change avoids the possibility of that contention by forcing Chrome
to serialize enrollment commitment with Attestation preparation.  Chrome
will wait for up to 10 minutes for InstallAttributesIsReady() to return
true.  This change relies on that logic to keep Chrome from making a
TPM-contention InstallAttributesFinalize call while the TPM is busy.

At the very least, this change will remove one variable from the DBus
timeout behavior we see sometimes with InstallAttributesFinalize.

TEST=Tested on ToT lumpy through dev-switch to clear then boot.
BUG=chromium:189681

Change-Id: I7adc871ac7dbb60e90f3d131318384ae42f8e074
Reviewed-on: https://gerrit.chromium.org/gerrit/59707
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
9 months agoRemove unnecessary call to the deprecated g_thread_init(). 82/59682/2
Ben Chan [Sat, 22 Jun 2013 13:19:52 +0000 (06:19 -0700)]
Remove unnecessary call to the deprecated g_thread_init().

g_thread_init() has been deprecated since glib 2.32. This CL removes the
unnecessary call to g_thread_init(), so that we can later migrate to
glib 2.34.

BUG=chromium:253025
TEST=Tested the following:
1. Build and run unit tests.
2. Run login_CryptohomeMounted and login_CryptohomeUnmounted.

Change-Id: I61311a685365c20e6502acb3821925a89a70d348
Reviewed-on: https://gerrit.chromium.org/gerrit/59682
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Commit-Queue: Ben Chan <benchan@chromium.org>

9 months agomount: Ensure UpdateCurrentUserActivityTimestamp does nothing on ephemeral 56/59556/3
Will Drewry [Fri, 21 Jun 2013 15:33:05 +0000 (10:33 -0500)]
mount: Ensure UpdateCurrentUserActivityTimestamp does nothing on ephemeral

Move the check from Unmount to UpdateCurrentUserActivityTimestamp to
protect all callpaths in (MountTask, Unmount).

BUG=chromium:251420
TEST=unit;  cryptohome --action=mount --ensure_ephemeral --create --password=12345; wait for no-crash :)
     (Built with a log event in the Update call path to show it was called and properly skipped.)

Change-Id: Ie9e14a070d82f579340de6c4aaf3caf66a773c9d
Reviewed-on: https://gerrit.chromium.org/gerrit/59556
Tested-by: Will Drewry <wad@chromium.org>
Reviewed-by: Nikita Kostylev <nkostylev@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>

9 months agohomedirs: {Add,Remove,Move}Keyset 60/59160/4
Will Drewry [Mon, 17 Jun 2013 19:10:25 +0000 (14:10 -0500)]
homedirs: {Add,Remove,Move}Keyset

Add support for adding, removing, and moving keysets to one vault.  It
also wires up AddKey() to the DBus API and refactors
AreCredentialsValid() to use a function that returns the validated
VaultKeyset.

MoveKeyset and RemoveKeyset are not wired up to Service nor has keyset
removal been centralized yet on RemoveKeyset.  (Prior to adding
user-exposure for multiple keyset management, we will need to work
through the right edge cases, and finish all keyset related
refactoring. The full flow will need to be covered by more detailed
documentation.)

Migrate() behavior has been updated and set to treat accounts like
single-key accounts.  This will ensure that no non-user-initiated keys
can persist past an online key change until we expose a richer API for
multi-keyset management. It does mean that any special accounts with an
escrow key will need to re-add the escrow key after migration. E.g.,

  Migrate(escrow_key, new_key) // deletes all other keys
  AddKey(new_key, escrow_key)  // adds the escrow key back for future use

BUG=chromium:220243
TEST=unit, normal sign-in, cryptohome --action=add_key --user=foo --password=1 --new_password=2; .. 2 3; .. 3 4 ...
     migration: signed in with a web account; add_key from shell; deleted master.0 (web key); re-signed in online; migrated with the add_key'd value,
      ls -la /home/.shadow/[hash] and cryptohome --action=status show that all other keys were removed on successful migration.

Change-Id: I825f0876851b6de0b1007760746a018e94d22d1d
Reviewed-on: https://gerrit.chromium.org/gerrit/59160
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
9 months agoAdded better messaging for errors before TPM ownership. 31/58931/3
Darren Krahn [Mon, 17 Jun 2013 23:07:22 +0000 (16:07 -0700)]
Added better messaging for errors before TPM ownership.

Errors occur when the SRK does not exist.  This is normal before the TPM
is owned but confusing errors were still dumped to the log.

BUG=chromium:216739
TEST=unit, manual

Change-Id: I719130edfd1aebd858b2dd9775e03437a972345c
Reviewed-on: https://gerrit.chromium.org/gerrit/58931
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
10 months agoFix unittests on Arm. 81/59081/3 factory-4290.B
Elly Fong-Jones [Tue, 18 Jun 2013 18:25:50 +0000 (14:25 -0400)]
Fix unittests on Arm.

Pull in the new common.mk (from https://gerrit.chromium.org/gerrit/#/c/49925/),
rework StatefulRecovery's Report* functions to not write directly to a file and
not run df(1).

BUG=chromium:203275
TEST=unit

Change-Id: Ida00d86ea72ee670c65005af51402d166f2e37f0
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/59081
Reviewed-by: Kees Cook <keescook@chromium.org>
10 months agomount, homedirs: Add support for multiple vault keysets 86/58786/5 stabilize-4287.B
Will Drewry [Mon, 10 Jun 2013 19:22:07 +0000 (14:22 -0500)]
mount, homedirs: Add support for multiple vault keysets

The original design of cryptohome supported multiple
"master" keys stored as:
  master.0
  master.1
  ...
  master.n
It was used initially for atomic migrations to protect against data loss
on power down.  That behavior was not maintained over time and support
for multiple key sets faded into the past.

This change refactors keyset (and another vestigial component, user salt)
support to support multiple files again.  Subsequent CLs will enable
keys to be added or removed, and move migration over to this model.

An outstanding issues will be to ensure enforcement of TPM-backed keys
in the cases where it could be possible to have a mix of scrypt and tpm.

The remaining work (next CL) is to add DBus accessors (e.g., AddKey)
and add unittests around multi-key management. Additionally, unifying
vault keyset parsing via the vault_keyset.cc code and moving key migration
over to multi-key helpers needs to happen.

BUG=chromium:220243
TEST=unittest; Remainder need to be redone as this was rebased onto
     the FreeDiskSpace change test CL:
     normal sign-in, sign-out, re-signin. Manual multi-sign-in/out.

Change-Id: I4e253976c758f574dbb59af9670f3b36010e950e
Reviewed-on: https://gerrit.chromium.org/gerrit/58786
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
10 months agohomedirs_unittest: make it unit; move in FreeDiskSpace. 03/58703/3
Will Drewry [Thu, 13 Jun 2013 23:11:22 +0000 (18:11 -0500)]
homedirs_unittest: make it unit; move in FreeDiskSpace.

In order to move in all the FreeDiskSpace tests from
mount_unittest.cc, a number of changes needed to happen:
- (*vault_keyset*) Remove the duplication of keyset parsing
- (*mock_user*) Add MockUserOldestActivityTimestampCache!
- (*homedirs*) Use mock timestamp cache instead of a real instance
- (*mount_unittest*) Use new VaultKeyset signatures
- (*mount_unittest*) Hand off all DoAutomatic...
- (*mount*) Kill code! Remove duplicated methods from Mount.

TEST=unittests all pass; normal lumpy ops work
BUG=chromium:220243
Change-Id: Ic6ec1f2d7b9f108f66c5abcafd7a9addd905eff0
Reviewed-on: https://gerrit.chromium.org/gerrit/58703
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
10 months agoAllow VerifyEK to use previously cached attestation data. 02/58402/2 factory-pit-4280.B
Darren Krahn [Wed, 12 Jun 2013 18:24:33 +0000 (11:24 -0700)]
Allow VerifyEK to use previously cached attestation data.

This will allow EK verification to be performed on a device which has
already been through the TPM ownership flow and has discarded the TPM
owner password.

BUG=chrome-os-partner:19962
TEST=unit, manually ran cryptohome --action=tpm_verify_ek

Change-Id: I10025578dc1c8eacadc66fe9024fafdfcb3618c6
Reviewed-on: https://gerrit.chromium.org/gerrit/58402
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

10 months agorecovery: require wp disabled for v1 flagfile 67/57667/2 stabilize-4255.B
Kees Cook [Wed, 5 Jun 2013 20:26:15 +0000 (13:26 -0700)]
recovery: require wp disabled for v1 flagfile

For version 1 decryption recovery flagfile, now require that the device
have firmware write protect disabled. For version 2, write protect
disabled OR authenticated system owner is needed for dumping encrypted
stateful partition.

Reworked build to always link against libvboot_host for the crossystem
library calls.

BUG=chromium:236093
TEST=link build, manual verification and unittests

Change-Id: I9401fad5224ac9b28dcf9998d69c6c6ce1d672e3
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/57667
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
10 months agoUpdate decryption recovery to require user/passkey 78/57378/6
Kees Cook [Mon, 3 Jun 2013 20:55:40 +0000 (13:55 -0700)]
Update decryption recovery to require user/passkey

Bump the format of the decryption recovery flag file to "version 2",
which requires username and passkey (first half of ascii dump of sha256
of ascii system salt + password, as seen in Crypto::PasswordToPasskey).

On successful authentication, /home/.shadow/[hash]/mount (containing
both "user" and "root" directories) will be copied out to the stateful
partition in decrypted/mount. If the user is also the system owner, the
encrypted stateful partition will be copied out to decrypted/encrypted
as before, along with filesystem details.

Version "1" is currently still supported.

Also updates the unittests to perform V2 decryption recovery tests.

BUG=chromium:236093
TEST=link build, manual creation of file

Change-Id: I32a432f9e227f16ff029ea18a7903aa488d3a0f0
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/57378

10 months agohandle passwords with spaces in cmdline tool 64/57264/4
Kees Cook [Fri, 31 May 2013 21:35:50 +0000 (14:35 -0700)]
handle passwords with spaces in cmdline tool

The "cryptohome" cmdline tool would stop reading stdin if it encountered
a whitespace character. To allow for prompting of passwords that contain
whitespace, use fgets instead of stream operations.

BUG=None
TEST=link build and manual verification

Change-Id: Ic92de98cdb9726dc2dcd24110a2ce0b0568ece2e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/57264

10 months agoRefactored chaps client calls. 42/56542/2
Darren Krahn [Fri, 24 May 2013 01:03:10 +0000 (18:03 -0700)]
Refactored chaps client calls.

The chaps client interface has been refactored, this CL updates
cryptohome's use of the client interface to match.

BUG=None
TEST=unit
CQ-DEPEND=CL:56539

Change-Id: I883edffbbe15876a6227488dbdaf88f2623296d1
Reviewed-on: https://gerrit.chromium.org/gerrit/56542
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

10 months ago[cryptohome] add --nolegacymount flag 02/51302/6
Elly Fong-Jones [Wed, 15 May 2013 16:27:46 +0000 (12:27 -0400)]
[cryptohome] add --nolegacymount flag

Passing this flag disables mounting of /home/chronos/user.

BUG=chromium:212419
TEST=unit,adhoc
Build, login, check mounts for /home/chronos/user; it should be present.
Hack /etc/init/cryptohomed.conf to pass --nolegacy
Reboot, login, check mounts for /home/chronos/user; it should be gone.

Change-Id: I9ef6e8ce4d1653674050ef2969992c9571666098
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/51302
Reviewed-by: Will Drewry <wad@chromium.org>
11 months agoFixed the certificate request generated by the CLI. 13/51213/3
Darren Krahn [Wed, 17 Apr 2013 23:34:41 +0000 (16:34 -0700)]
Fixed the certificate request generated by the CLI.

The change makes the certificate request consistent with how an
Enterprise User Certificate (EUCert) is requested.  This allows us to
request certificates which will pass EUCert verification.

Also added support for the Enterprise Machine Key to the
tpm_attestation_key_status action.

BUG=None
TEST=Manual

Change-Id: I21fa1af210437d7d173e4e55116d7421cf5a9fc7
Reviewed-on: https://gerrit.chromium.org/gerrit/51213
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
11 months agoUpdated attestation protobuf to use cert profiles. 96/51396/3
Darren Krahn [Thu, 16 May 2013 01:08:56 +0000 (18:08 -0700)]
Updated attestation protobuf to use cert profiles.

BUG=None
TEST=Build

Change-Id: I3ba81fbce2d596d7f103222e096bc15e60514734
Reviewed-on: https://gerrit.chromium.org/gerrit/51396
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
11 months agoFixed token label reporting. 70/51170/2
Darren Krahn [Tue, 14 May 2013 20:23:12 +0000 (13:23 -0700)]
Fixed token label reporting.

We must be consistent when reporting token label expectations.

BUG=chromium:239445
TEST=unit,platform_Pkcs11InitOnLogin

Change-Id: I690efe561d091e0bceb6f9423589c9ab58409a5e
Reviewed-on: https://gerrit.chromium.org/gerrit/51170
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
11 months ago[cryptohome] store chaps token in multiprofile home 98/51298/5
Elly Fong-Jones [Wed, 15 May 2013 15:05:37 +0000 (11:05 -0400)]
[cryptohome] store chaps token in multiprofile home

BUG=chromium:212419
TEST=unit,trybot

Change-Id: I807e1335959c44775b6ebc6011656cad3ffe5f38
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/51298

11 months agoUse the username as the user-specific PKCS #11 token label. 73/50673/3 factory-4128.B factory-spring-4131.B
Darren Krahn [Thu, 9 May 2013 17:49:50 +0000 (10:49 -0700)]
Use the username as the user-specific PKCS #11 token label.

BUG=chromium:239445
TEST=unit, manual
CQ-DEPEND=CL:50680

Change-Id: If5560aef674fe109c6cbefc8f1c6310a96fdf066
Reviewed-on: https://gerrit.chromium.org/gerrit/50673
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
11 months agocryptohome: Update cryptohome calls to chaps to pass auth data in SecureBlob. 61/50461/2
Ross McIlroy [Wed, 8 May 2013 15:31:20 +0000 (16:31 +0100)]
cryptohome: Update cryptohome calls to chaps to pass auth data in SecureBlob.

Update cryptohome to build after CL:49331 which modifies login_event_client to
take auth data as a SecureBlob.

TEST=Ran on trybot.
BUG=None
CQ-DEPEND=CL:49331

Change-Id: I17dd4f43e804e80cc2aaee048e9bd27629c7b4fa
Reviewed-on: https://gerrit.chromium.org/gerrit/50461
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
11 months agoReceive a slot_id from chaps when loading tokens. 62/49962/3 stabilize-4100.38.B toolchainB
Darren Krahn [Thu, 2 May 2013 21:26:01 +0000 (14:26 -0700)]
Receive a slot_id from chaps when loading tokens.

This is relevant to supporting multiple simultaneous users and PKCS #11
tokens.  Also fixed up chaps directory permissions checking.

BUG=chromium:205206, chromium:215462
TEST=unit, manual
CQ-DEPEND=CL:49960

Change-Id: I61d91dd2cfda00b20f868a8e001ba6b713e0eaa8
Reviewed-on: https://gerrit.chromium.org/gerrit/49962
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David James <davidjames@chromium.org>

11 months agocryptohome: Update cryptohome to new chaps login client interface. 88/49888/5
Ross McIlroy [Thu, 2 May 2013 11:53:27 +0000 (12:53 +0100)]
cryptohome: Update cryptohome to new chaps login client interface.

Updated cryptohome to use the chaps login client interface now that isolate
support has been added to chaps. Currently loads tokens into the default
chaps isolate.

CQ-DEPEND=CL:47856, CL:49890
BUG=None
TEST=Tested with CL:47856 using trybot.

Change-Id: I3db5d45e1e1beff7bfca645dc6b292a9e56248a9
Reviewed-on: https://gerrit.chromium.org/gerrit/49888
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>

11 months agoAdded [G|S]etKeyPayload dbus permissions. 30/49830/2
Darren Krahn [Wed, 1 May 2013 23:54:09 +0000 (16:54 -0700)]
Added [G|S]etKeyPayload dbus permissions.

BUG=chromium:237190
TEST=manual

Change-Id: I706e578cd985f639886ca17a49d1dd9993f44e05
Reviewed-on: https://gerrit.chromium.org/gerrit/49830
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
11 months ago[cryptohome] mount user home at /home/chronos/u-$hash 48/47648/10
Elly Fong-Jones [Tue, 9 Apr 2013 15:36:55 +0000 (11:36 -0400)]
[cryptohome] mount user home at /home/chronos/u-$hash

Chrome likes home directories to be under /home/chronos. This change causes the
user part of the home directory to be also mounted at /home/chronos/u-$hash in
addition to /home/user/$hash.

BUG=chromium:224291
TEST=unit,trybot

Change-Id: I127146e6fe40491297b856442c3f2a6e54a7e245
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47648
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
11 months agoUse kGuestUserName instead of GetGuestUserName() 06/49606/2
Chris Masone [Tue, 30 Apr 2013 17:58:47 +0000 (10:58 -0700)]
Use kGuestUserName instead of GetGuestUserName()

libchromeos is changed by the commit below; update to remain compatible.

CQ-DEPEND=Ie070102429856f21e571cc1073e661d6b5b1c5f3
BUG=None
TEST=unit tests

Change-Id: I5aee09cb66e60ef3b5f8f64bf76d7dd7837dab41
Reviewed-on: https://gerrit.chromium.org/gerrit/49606
Tested-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Chris Masone <cmasone@chromium.org>

12 months agoRemove key identifier from hmac for EncryptedData. 46/48246/2 stabilize-4035.0.B stabilize-4068.0.B
Darren Krahn [Tue, 16 Apr 2013 18:29:30 +0000 (11:29 -0700)]
Remove key identifier from hmac for EncryptedData.

Since the key identifier will be used before the hmac can be verified
during the decryption process, it is not useful to mix it into the hmac.

BUG=None
TEST=Unit

Change-Id: I4fcf90ad8d815eb48e0c73478fc2958d8fb5582c
Reviewed-on: https://gerrit.chromium.org/gerrit/48246
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoAdded an optional encryption key identifier to EncryptedData. 61/48161/3 stabilize-4008.0.B
Darren Krahn [Mon, 15 Apr 2013 21:51:39 +0000 (14:51 -0700)]
Added an optional encryption key identifier to EncryptedData.

This identifier assists in decryption by giving a hint as to which key
was used to encrypt.  This is especially useful for keys which are
rolled over periodically.  This CL enables identifiers for the PCA
encryption key and the enterprise server encryption key.

BUG=None
TEST=unit

Change-Id: I2d9b07965217035461bac5a8217cb1d8ffa59b58
Reviewed-on: https://gerrit.chromium.org/gerrit/48161
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoAdded command line support for generating a challenge response. 14/47714/3
Darren Krahn [Tue, 9 Apr 2013 21:04:08 +0000 (14:04 -0700)]
Added command line support for generating a challenge response.

This enables manual and integration testing of the enterprise challenge
response mechanism.

BUG=None
TEST=Manual

Change-Id: I2b144ddeabbd38cace3300e300d5376c4a2c5fee
Reviewed-on: https://gerrit.chromium.org/gerrit/47714
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoUse standard encryption scheme in attestation code. 11/47811/3
Darren Krahn [Thu, 11 Apr 2013 00:17:09 +0000 (17:17 -0700)]
Use standard encryption scheme in attestation code.

The attestation code has been erroneously using CryptoLib::AesEncrypt to
encrypt stuff.  This method is non-standard and attestation protocols
must use a standard scheme.  A kPaddingStandard has been added to
CryptoLib and all instances of CryptoLib::AesEncrypt have been removed
from the Attestation class.

BUG=None
TEST=Unit, Manual

Change-Id: I8d885e1f6878e79de1693637183ae221eedb0a8d
Reviewed-on: https://gerrit.chromium.org/gerrit/47811
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoAllow an asynchronous completion signal with zero-length data. 33/48033/3
Darren Krahn [Fri, 12 Apr 2013 19:53:17 +0000 (12:53 -0700)]
Allow an asynchronous completion signal with zero-length data.

Previously, it was not possible to invoke an asynchronous completion
signal which sends empty data.  The logic would fallback to the no-data
signal.  However, clients expect only the data signal for some
operations and would miss the operation's completion signal.

BUG=None
TEST=Unit, Manual

Change-Id: I77c5687c5c8b21309362b10b18673687e23047ca
Reviewed-on: https://gerrit.chromium.org/gerrit/48033
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoAdded support for a SignedPublicKeyAndChallenge. 78/47478/3
Darren Krahn [Fri, 5 Apr 2013 21:38:30 +0000 (14:38 -0700)]
Added support for a SignedPublicKeyAndChallenge.

A standard SignedPublicKeyAndChallenge can now be included in an
enterprise challenge response.  This may be useful if a certificate
request will be made to a CA which expects a proof-of-possession in a
standard format like this.

BUG=chromium:219965
TEST=unit, manual

Change-Id: Ib440b2a00bd8321efe9e91aafd2677d78caebeff
Reviewed-on: https://gerrit.chromium.org/gerrit/47478
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months ago[cryptohome] mount guestfs at /home/user/$hash 62/47262/5
Elly Fong-Jones [Wed, 3 Apr 2013 19:01:34 +0000 (15:01 -0400)]
[cryptohome] mount guestfs at /home/user/$hash

Mount guestfs at /home/user/$hash as well as /home/chronos/user for guest
mounts.

BUG=chromium:224288
TEST=unit,platform_CryptohomeMount

Change-Id: I0324860e0cf9a3ddb7ca6ad3c56abe48f55c5309
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47262
Reviewed-by: Will Drewry <wad@chromium.org>
12 months agoAdded a SignedPublicKeyAndChallenge field to KeyInfo. 41/47341/2
Darren Krahn [Thu, 4 Apr 2013 18:56:18 +0000 (11:56 -0700)]
Added a SignedPublicKeyAndChallenge field to KeyInfo.

The purpose of this field is to ease integration with enterprise CAs.
Often a CA will accept this format as proof-of-possession for a
certificate issuance request.

BUG=None
TEST=emerge

Change-Id: I3526e0c96cd609b84e7484a644952579ab0708fd
Reviewed-on: https://gerrit.chromium.org/gerrit/47341
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Reviewed-by: Pin Ting <pinting@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoAdded support for key-specific payloads. 76/47376/2
Darren Krahn [Thu, 4 Apr 2013 22:46:48 +0000 (15:46 -0700)]
Added support for key-specific payloads.

This allows meta-data to be associated with keys.  The first application
of this will be to store whether a key has been uploaded to the
enterprise server.

BUG=chromium:219959
TEST=unit

Change-Id: Ided7e320dce3524ee653cba81905ea925dcb80ba
Reviewed-on: https://gerrit.chromium.org/gerrit/47376
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

12 months agoHard-coded enterprise challenge-response keys. 22/46722/2
Darren Krahn [Thu, 28 Mar 2013 00:28:00 +0000 (17:28 -0700)]
Hard-coded enterprise challenge-response keys.

Also, refactored instances of openssl pointers to use scoped_ptr.

BUG=chromium:221929
TEST=unit

Change-Id: I5bf2abdaa9e92c258d03ac0628d0b21798ef9ce3
Reviewed-on: https://gerrit.chromium.org/gerrit/46722
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
12 months agoservice.cc: propagate enterprise ownership to Mount instances 67/46267/2 release-R27-3912.B stabilize-3912.79.B toolchainA
Will Drewry [Fri, 22 Mar 2013 14:17:40 +0000 (09:17 -0500)]
service.cc: propagate enterprise ownership to Mount instances

In the past, there was one Mount that was reused for many operations
across cryptohomed.  This didn't scale for multiple simultaneous
mounts and was factored out.  The move to a MountFactory and per-cryptohome
Mount instances left enterprise ownership unannotated.  This change
brings it back by populating when the Mount is created or after the
fact if finalization follows later.

Signed-off-by: Will Drewry <wad@chromium.org>
TEST=builds, unittests pass, (testing this one now) runs on lumpy and the cryptohome status shows enterprise enrollment
BUG=chromium:196621

Change-Id: I23e57d58a3d66a89296bfc9098afa87f197f77cc
Reviewed-on: https://gerrit.chromium.org/gerrit/46267
Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
12 months agoImplemented attestation key registration. 36/45536/3
Darren Krahn [Thu, 14 Mar 2013 19:15:20 +0000 (12:15 -0700)]
Implemented attestation key registration.

An attestation key can be 'registered' by moving it to the current
user's PKCS #11 token.  It will then be visible to Chrome via NSS.

BUG=chromium-os:37815
TEST=Unit, Manual
CQ-DEPEND=CL:45534

Change-Id: I80a18463fad20a01f59286ee7baf22159a35719b
Reviewed-on: https://gerrit.chromium.org/gerrit/45536
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoConsistently use gboolean in DBUS interface. 20/45620/2 stabilize-3881.0.B
Darren Krahn [Fri, 15 Mar 2013 21:00:43 +0000 (14:00 -0700)]
Consistently use gboolean in DBUS interface.

BUG=None
TEST=Unit

Change-Id: I8e97ea1c5c9b89f9229210337c2ad97f30ab4b5f
Reviewed-on: https://gerrit.chromium.org/gerrit/45620
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoOptimized mock compilation. 55/45455/2
Darren Krahn [Wed, 13 Mar 2013 23:49:14 +0000 (16:49 -0700)]
Optimized mock compilation.

Compiling mock constructors and destructors is very expensive.  When
these are implemented inline in the header file they get compiled over
and over again.  A small change to a test also will trigger the
recompile of all mocks used by the test.  This CL moves constructors and
destructors to their own object files which means they only get compiled
once and do not get recompiled on incremental builds unless they have
been modified.

BUG=None
TEST=Unit

Change-Id: I5d002fdb47a568e6ce750aa56b8e6a48ac1c2f6b
Reviewed-on: https://gerrit.chromium.org/gerrit/45455
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoImplemented attestation challenge signing. 54/45454/3
Darren Krahn [Tue, 12 Mar 2013 00:33:29 +0000 (17:33 -0700)]
Implemented attestation challenge signing.

BUG=chromium:187258
TEST=unit

Change-Id: Idd91d621ee103becd25ad30756d210b6fc6b5712
Reviewed-on: https://gerrit.chromium.org/gerrit/45454
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoEmit attestation public keys in X.509 SubjectPublicKeyInfo format. 53/45453/3
Darren Krahn [Thu, 7 Mar 2013 19:08:26 +0000 (11:08 -0800)]
Emit attestation public keys in X.509 SubjectPublicKeyInfo format.

This format is more flexible that PKCS #1 RSAPublicKey (e.g. it can also
contain non-RSA public keys) and it is widely supported by various
crypto libraries.

BUG=none
TEST=unit

Change-Id: I1b97306847fe5534d4c34eb8a94e9c350a16db20
Reviewed-on: https://gerrit.chromium.org/gerrit/45453
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoAdded DBUS bindings for more attestation methods. 51/45451/2
Darren Krahn [Mon, 4 Mar 2013 18:24:21 +0000 (10:24 -0800)]
Added DBUS bindings for more attestation methods.

New methods include querying certified public keys / certificates,
registering keys, and signing challenges.  Also, added a test PCA public
key so a certified key can be created for testing.

BUG=chromium-os:39830
TEST=unit; platform_Attestation against test PCA; manual tests

Change-Id: Id97637c02c880972c8559d57dfc19e5b2ed03594
Reviewed-on: https://gerrit.chromium.org/gerrit/45451
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agolockbox: better logging, use IsEnabled, not IsConnected 79/45379/5 factory-spring-3842.B
Will Drewry [Thu, 14 Mar 2013 02:48:29 +0000 (21:48 -0500)]
lockbox: better logging, use IsEnabled, not IsConnected

Tpm::IsConnected() is a bad test of TPM readiness because
the connection may be re-established at any point.  So far,
it had worked flawlessly because there were no failures or
other conditions triggering a Tpm::Disconnect().  That appears
to have changed recently.

This change fixes the test and adds better fail-state logging
for future debugging.  The root cause still needs to be tracked
down.  (E.g., was it always racy? another async task? ...)

Signed-off-by: Will Drewry <wad@chromium.org>
TEST=unittests pass; builds and when replaced in-place, it works properly with a freshly cleared TPM allowing enrollment
BUG=chromium:189681

Change-Id: I1b4c525562cd3a4dddfb5b90004912cdd81558f7
Reviewed-on: https://gerrit.chromium.org/gerrit/45379
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
13 months agoChange signature algorithm specification. 85/45185/2
Pin Ting [Tue, 12 Mar 2013 05:40:10 +0000 (13:40 +0800)]
Change signature algorithm specification.

BUG=None
TEST=Unit tests

Change-Id: If88e4319f75b63eb038e9bed98a42b4a7a9d8e30
Reviewed-on: https://gerrit.chromium.org/gerrit/45185
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Tested-by: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Commit-Queue: Pin Ting <pinting@chromium.org>

13 months agocryptohome: add support for multiple mounts to be used 72/44972/5 firmware-spring-3833.B
Will Drewry [Fri, 8 Mar 2013 04:36:15 +0000 (22:36 -0600)]
cryptohome: add support for multiple mounts to be used

Cryptohome supports user-specific mount points, but the DBus interface and
daemon do not have a good way to track multiple mounts. This change tweaks the
overall behavior to make Mounts act as per-user in-memory state only and have
cryptohomed manage the mount mappings explicitly.  Additionally, PKCS#11
initialization is restricted to the first mount and the mounttask is now
cancelable.  This is mostly just clean up work finishing what ellyjones@
started last year.

The resumption behavior should look similar to what cryptohomed does today with
the caveat that if a mount point has open file references when cryptohome
restarts and still has those when an over-mount request comes in,
Mount::MountCryptohome() will reject it as a busy mount point.
For this to occur, it comes to:
1. c-home crashes while signed in and for some reason the user tries to
   over-mount
2. c-home crashes during sign-out failing to unmount and ui.conf fails to
   remove references to the mount point
Both of these cases imply a behavior change or cascading failure.  Should we force unmount? reboot?

BUG=chromium-os:39682
TEST=(1)unittests pass;
Lumpy ToT test image:
(2) suite:smoke passes
(3) manual sign in as guest, call
    cryptohome --action=mount --create --ensure_ephemeral --user=a1 --password=a1
    cryptohome --action=mount --create --ensure_ephemeral --user=a2 --password=a2
    mount  # Shows our mounts
    initctl restart cryptohomed
    mount
    grep cryptohome /var/log/messages # Shows the top two mounts cleaned up and guestfs left alone
(4) manual sign in as a real user, call
    cryptohome --action=mount --create --user=a1 --password=a1
    cryptohome --action=mount --create --ensure_ephemeral --user=a2 --password=a2
    mount  # Shows our mounts
    initctl restart cryptohomed
    mount
    grep cryptohome /var/log/messages # Shows the top two mounts cleaned up and _all_ my mounts left alone
(5) manual sign-in as guest, call
      sudo bash
      # bash -c 'initctl stop cryptohomed; initctl restart ui; initctl start cryptohomed'
    sign in as guest:
      grep cryptohome /var/log/messages # see that stale guestfs mount was cleaned up
(6) #5, except sign-back in as a user
(7) #6, except sign in the whole time as the same real user

Change-Id: I022e99df2f2aea80d600ba85066ee93cdaf34027
Reviewed-on: https://gerrit.chromium.org/gerrit/44972
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
13 months agoImplemented a PKCS #11 backed key store. 36/44336/4 firmware-spring-3824.4.B firmware-spring-3824.55.B firmware-spring-3824.84.B firmware-spring-3824.B
Darren Krahn [Wed, 27 Feb 2013 17:08:33 +0000 (09:08 -0800)]
Implemented a PKCS #11 backed key store.

Certified keys which are associated with the user need a safe place to
live.  The most important requirement is that the key must not be
available when the user is not signed in.  This CL implements a key
store using data objects in the user's PKCS #11 token.

BUG=chromium-os:38996
TEST=unit
CQ-DEPEND=CL:44332, CL:44334

Change-Id: Ice506b0aed92137eef99150ac6f7d5ecf04ce1af
Reviewed-on: https://gerrit.chromium.org/gerrit/44336
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoRefine comments. 08/44608/4
Pin Ting [Tue, 5 Mar 2013 03:21:51 +0000 (11:21 +0800)]
Refine comments.

BUG=None
TEST=Unit tests

Change-Id: Id206bfd72c705705a458a83bea70e7a123ea75a0
Reviewed-on: https://gerrit.chromium.org/gerrit/44608
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Tested-by: Pin Ting <pinting@chromium.org>
13 months agoAdd random token to AttestationResetRequest for making it easy to 24/44624/2
Hsu-Cheng Tsai [Tue, 5 Mar 2013 08:05:41 +0000 (16:05 +0800)]
Add random token to AttestationResetRequest for making it easy to
collect all arguments.

BUG=none
TEST=manual

Change-Id: I616ff80f77cefb3e82d6a04be5e6459f2f18a21d
Reviewed-on: https://gerrit.chromium.org/gerrit/44624
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
13 months agoUpdated ChallengeResponse message based on the latest design. 21/44021/5
Pin Ting [Tue, 26 Feb 2013 07:13:52 +0000 (15:13 +0800)]
Updated ChallengeResponse message based on the latest design.

BUG=None
TEST=Unit tests

Change-Id: Ie9f19a5da39a9d1915520bd8cc8af2ab5865eb62
Reviewed-on: https://gerrit.chromium.org/gerrit/44021
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Tested-by: Pin Ting <pinting@chromium.org>
13 months agoFixed clang build errors. 80/44180/2
Darren Krahn [Wed, 27 Feb 2013 17:49:26 +0000 (09:49 -0800)]
Fixed clang build errors.

BUG=chromium-os:39277
TEST=emerge with: 'FEATURES=test CFLAGS="-clang" CXXFLAGS="-clang"'

Change-Id: Ic5f20d142d60654b3bce745d035fb277e0b1349c
Reviewed-on: https://gerrit.chromium.org/gerrit/44180
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
13 months agoAdd mount-encrypted utility to cryptohome repo. 01/44301/3
Bill Richardson [Thu, 28 Feb 2013 18:55:58 +0000 (10:55 -0800)]
Add mount-encrypted utility to cryptohome repo.

This utility sets up the encrypted directories for Chrome OS at boot time.
It uses some of the TPM-related libraries from vboot_reference, but it
isn't really part of the verified boot process itself so I'm moving it into
the cryptohome repo where it belongs.

BUG=chromium-os:39264
BRANCH=none
TEST=auto
CQ-DEPEND=CL:44302, CL:44303

This is just refactoring. After all CLs are in, the
platform_EncryptedStateful autotest should continue to pass as before.

Change-Id: Id2aaa66f7884e1a18358674788d0e6d542b2d213
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44301
Reviewed-by: Kees Cook <keescook@chromium.org>
13 months agoCleaned up and documented attestation thread safety. 73/44173/2
Darren Krahn [Tue, 26 Feb 2013 23:44:27 +0000 (15:44 -0800)]
Cleaned up and documented attestation thread safety.

BUG=None
TEST=unit, manual

Change-Id: I409e82c8eb44466e8e8d3af31987d5154b9093f4
Reviewed-on: https://gerrit.chromium.org/gerrit/44173
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoAdded support for device key storage. 85/44085/3
Darren Krahn [Tue, 26 Feb 2013 01:41:20 +0000 (17:41 -0800)]
Added support for device key storage.

Added GetCertificateChain and GetPublicKey now because they are useful
in testing.  Eventually they will be hooked up to dbus calls.

BUG=chromium-os:38996
TEST=unit

Change-Id: Ie7b74ceca46b68f2070ac7f49d77c5f4da575f1f
Reviewed-on: https://gerrit.chromium.org/gerrit/44085
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoPrepared attestation implementation to support key storage. 33/43733/5
Darren Krahn [Tue, 19 Feb 2013 20:21:08 +0000 (12:21 -0800)]
Prepared attestation implementation to support key storage.

Specifically, the following changes have been made:
- Added message_id to certificate request/response messages.
- Updated certificate request interface according to latest design.
- Implemented skeleton for device and user key storage.

BUG=chromium-os:38996
TEST=unit

Change-Id: Ib6a7d37e55633a29203a56660441b482f104c1b9
Reviewed-on: https://gerrit.chromium.org/gerrit/43733
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
13 months agoRemove direct file_util usage 98/43898/6
Will Drewry [Thu, 31 Jan 2013 02:08:59 +0000 (20:08 -0600)]
Remove direct file_util usage

The Platform class and the necessary dependency injection patterns have
been in the codebase for quite a while.  However, the use has been
inconsistent.  This has hampered code sharing and more robust unittests
(system dependencies introducing flakiness).

This change removes all direct calls to file_util and attempts to
migrate all relevant unittests over to ensure they function as
expected.  This includes catching some tests which had become nops
(like the vault migration test).  Some integration tests still
linger (e.g, stateful_recovery_unittests), but the unittests should
all be working as expected now (including the new ephemeral skeleton
which could use better specific unittesting).

Change-Id: Ide7c6ae578f53dab8c5ce82b15e4449db2b8a78d
BUG=chromium-os:38444
TEST=unittests pass; suite:smoke passed on lumpy with ToT and this change.
Reviewed-on: https://gerrit.chromium.org/gerrit/43898
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
13 months agoUpdated to use libchrome-180609. 39/43439/3
Darren Krahn [Fri, 15 Feb 2013 22:59:28 +0000 (14:59 -0800)]
Updated to use libchrome-180609.

BUG=chromium-os:38930
TEST=unit, manual, relevent autotests
CQ-DEPEND=CL:43669

Change-Id: I6e038fdf30876d816678ee9babef0f3c225e65ca
Reviewed-on: https://gerrit.chromium.org/gerrit/43439
Reviewed-by: Chris Masone <cmasone@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
14 months agoBuild skeleton home directories in root-only path. 22/43422/2
Darren Krahn [Fri, 15 Feb 2013 18:56:37 +0000 (10:56 -0800)]
Build skeleton home directories in root-only path.

When building a user or guest home directory there are various ownership
and permissions operations that are performed.  Doing this work in a
location accessible only to root helps prevent race conditions inducible
by a process running as chronos.

BUG=chromium-os:38821
TEST=unit tests, manual testing

Change-Id: Id59cf4a3a684e69da73c3014d8979b2550087bb2
Reviewed-on: https://gerrit.chromium.org/gerrit/43422
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
14 months agoMake policy reloads explicit. 39/42539/2 stabilize-bluetooth-smart
Julian Pastarmov [Mon, 4 Feb 2013 16:59:29 +0000 (17:59 +0100)]
Make policy reloads explicit.

BUG=chromium-os:38541
TEST=unit tests pass
CQ-DEPEND=I20461078ca890c6ec2f81ad5383c06c4d75a64cd

Change-Id: I6ea0c67caf19fd003500f16253262bab2b18ab2b
Reviewed-on: https://gerrit.chromium.org/gerrit/42539
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org>
Tested-by: Julian Pastarmov <pastarmovj@chromium.org>
14 months agoAdd Challenge and ChallengeResponse messages. 84/42384/6
Pin Ting [Thu, 31 Jan 2013 07:29:18 +0000 (15:29 +0800)]
Add Challenge and ChallengeResponse messages.

BUG=None
TEST=Unit tests
Change-Id: If4f65899f5f37f20dcdcb412d705d162dcaf1a81
Reviewed-on: https://gerrit.chromium.org/gerrit/42384
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Tested-by: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
14 months agoUpdate attestation.proto according to the latest design. 63/42363/2 stabilize-3658.0.0
Hsu-Cheng Tsai [Thu, 31 Jan 2013 01:55:23 +0000 (09:55 +0800)]
Update attestation.proto according to the latest design.

Add proto message for reset request and reset response.

BUG=none
TEST=manual

Change-Id: Ibb314cefceeac2026efbbbd14bf91d5e95f83fdd
Reviewed-on: https://gerrit.chromium.org/gerrit/42363
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
14 months agoAdded GetSanitizedUsername() dbus call to cryptohomed. 00/42300/3
Joao da Silva [Wed, 30 Jan 2013 12:13:02 +0000 (13:13 +0100)]
Added GetSanitizedUsername() dbus call to cryptohomed.

This call allows the chrome process to get the hash of the username, so
that it can lookup files that include the hash (i.e. the user policy key
in /var/run/user_policy).

BUG=chromium:163318
TEST=unit tests

CQ-DEPEND=I33d066eea8ebf8d793b4a6451b639be406a8155f

Change-Id: I4739a16f8b16a59e4a9e51975d260c8fa58b1e92
Reviewed-on: https://gerrit.chromium.org/gerrit/42300
Reviewed-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Joao da Silva <joaodasilva@chromium.org>
Tested-by: Joao da Silva <joaodasilva@chromium.org>
14 months agoRevert "Update attestation.proto according to the latest design." 02/42302/2
Hsu-Cheng Tsai [Wed, 30 Jan 2013 13:08:31 +0000 (05:08 -0800)]
Revert "Update attestation.proto according to the latest design."

This reverts commit 9c74c7603e73c252ca11c81107e53c42357bc209

Change-Id: If2b6518dd7d3176e62e3001d99e0379ec18f4212
Reviewed-on: https://gerrit.chromium.org/gerrit/42302
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
Reviewed-by: Hsu-Cheng Tsai <hctsai@chromium.org>
14 months agoUpdate attestation.proto according to the latest design. 23/42223/4
Hsu-Cheng Tsai [Tue, 29 Jan 2013 09:44:55 +0000 (17:44 +0800)]
Update attestation.proto according to the latest design.

Add proto message for reset request and reset response.

BUG=none
TEST=manual

Change-Id: Ib8f8d5275534d5e112f9e1c2ced2c9534774597c
Reviewed-on: https://gerrit.chromium.org/gerrit/42223
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
14 months agoUpdate attestation.proto according to the latest design. 16/41916/4
David Yu [Thu, 24 Jan 2013 06:37:41 +0000 (14:37 +0800)]
Update attestation.proto according to the latest design.

Specifically, is_cert_for_owner is deprecated, and replaced with
include_stable_id and include_device_state. certfied_key_credential2 is
also removed.

BUG=none
TEST=manual

Change-Id: Ied0f84c4ad5f4b10ff3267ba2254be21a4b83b8a
Reviewed-on: https://gerrit.chromium.org/gerrit/41916
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David Yu <davidyu@chromium.org>
Tested-by: David Yu <davidyu@chromium.org>
14 months agoWrite install attributes cache file when locking. 20/41820/3
Mattias Nissler [Wed, 23 Jan 2013 15:20:47 +0000 (16:20 +0100)]
Write install attributes cache file when locking.

BUG=chromium-os:38111
TEST=Unit tests, check that /var/run/lockbox/install_attributes.pb gets generated when enrolling the device.

Change-Id: I016c6b93598f988ddf25035cccd35b667637c6bc
Reviewed-on: https://gerrit.chromium.org/gerrit/41820
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
14 months agoAdded another supported intermediate CA. 45/41645/2
Darren Krahn [Fri, 18 Jan 2013 17:58:46 +0000 (09:58 -0800)]
Added another supported intermediate CA.

BUG=None
TEST=Unit

Change-Id: I92f3df88b33407e7d44f2c770664304aab878a7c
Reviewed-on: https://gerrit.chromium.org/gerrit/41645
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
15 months agolockbox-cache: new commandline utility 34/41434/4
Will Drewry [Wed, 16 Jan 2013 17:03:24 +0000 (11:03 -0600)]
lockbox-cache: new commandline utility

lockbox-cache is a simple commandline utility for validating lockbox
data using a pre-extracted NVRAM blob.  Successful verification results
in a cache file being written.  For example,
  lockbox-cache --lockbox=/home/.shadow/install_attributes.pb \
                --nvram=/tmp/lockbox.nvram \
                --cache=/var/run/lockbox/install_attributes.pb
will emit the file in /var/run on success or emit nothing on failure
and unlink any existing, matching cache files.

Changes:
- Adds Makefile entry that doesn't pull in everything.
- Adds a StubTpm class which returns false or 0 for all calls that
  are non-void.
- Adds class LockboxCacheTpm which inherits from StubTpm making only
  enough of a working Tpm class to return a supplied NVRAM value.
- Adds class LockboxCache which just layers in Platform handling.
- Adds a driver program.

Change-Id: Idff2cafec034316d82d238d8a81017f866f2469c
BUG=chromium-os:37267
TEST=builds, works with m-e changes. Needs more official tests.
Reviewed-on: https://gerrit.chromium.org/gerrit/41434
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
15 months agostateful_recovery: include df and tune2fs details 03/39403/5
Kees Cook [Thu, 6 Dec 2012 00:32:23 +0000 (16:32 -0800)]
stateful_recovery: include df and tune2fs details

When decrypting the contents of the encrypted partition, it can be
helpful to see the details of the filesystem itself, since that is also
unavailable in recovery mode. Adds various helpers to platform to do the
work and extends the unittests to match.

BUG=chromium-os:37064
TEST=link build, manual stateful recovery

Change-Id: If0b047f3ff652304a2222bcfe20c1157cf4c4498
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39403
Reviewed-by: Will Drewry <wad@chromium.org>
16 months agoImplemented asynchronous attestation calls. 80/38780/3 factory-3536.B stabilize2 toolchain-3428.65.B
Darren Krahn [Wed, 21 Nov 2012 23:53:25 +0000 (15:53 -0800)]
Implemented asynchronous attestation calls.

BUG=chromium-os:36561
TEST=Ran unit tests
     Ran platform_Attestation
     Ran platform_Attestation after modifying to use --async

Change-Id: Ibb83b40b3328fbd31ba7632c7f762a52843d0769
Reviewed-on: https://gerrit.chromium.org/gerrit/38780
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
16 months agoAdd flag for requesting an ephemeral mount 95/38995/8
Bartosz Fabianowski [Thu, 6 Dec 2012 19:17:17 +0000 (20:17 +0100)]
Add flag for requesting an ephemeral mount

This CL adds a flag that allows Chrome to request an ephemeral mount for
a user. If the flag is set, a cryptohome backed by tmpfs will always be
mounted, even if a regular vault exists for the user.

This functionality is required for public accounts that look like regular
accounts to cryptohomed otherwise but whose cryptohomes must always be
ephemeral.

Adding a new flag to cryptohomed's Mount() and AsyncMount() dbus methods
would change the method signatures, requiring Chrome to be atomically
updated to the new signatures as well. Since an atomic change in
cryptohomed and Chrome is not possible, the CL replaces the obsolete
|replace_tracked_subdirectories| flag with the new |ensure_ephemeral|
flag instead. This is safe because the obsolete flag has been unused for
quite some time, is completely ignored by cryptohomed and always set to
|false| by Chrome. Thus, the new flag is effectively introduced in two
steps:

1/ Replace |replace_tracked_subdirectories| with |ensure_ephemeral| on the
   cryptohomed side (this CL). Cryptohomed starts honoring the new flag
   but since Chrome has not been updated yet, it will always set the flag
   to |false|, yielding the previous, non-ephemeral behavior.
2/ Update Chrome to set the |ensure_ephemeral| flag to |true| for public
   account users (a separate CL).

BUG=chromium-os:36892
TEST=new tests in mount_unittest.cc
Change-Id: Ic323271e3a38b979c6b5fe3e2f6bcb30af64add1
Reviewed-on: https://gerrit.chromium.org/gerrit/38995
Commit-Ready: Bartosz Fabianowski <bartfab@chromium.org>
Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org>
Tested-by: Bartosz Fabianowski <bartfab@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
16 months agoAdded fields to the certificate request / response. 56/39256/2
Darren Krahn [Wed, 5 Dec 2012 18:48:38 +0000 (10:48 -0800)]
Added fields to the certificate request / response.

BUG=None
TEST=Unit tests

Change-Id: Iafbd699482670a51b40b4ed3d46c0b2e2bfdd7c6
Reviewed-on: https://gerrit.chromium.org/gerrit/39256
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
16 months agoAdded pointer check to MakeIdentity. 35/39135/3
Darren Krahn [Tue, 4 Dec 2012 00:15:17 +0000 (16:15 -0800)]
Added pointer check to MakeIdentity.

Trousers can return NULL from a unicode conversion attempt, the pointer
should be checked.

BUG=chromium:163945
TEST=Unit tests
     Manually verified OOBE attestation work
     platform_Attestation autotest

Change-Id: I04caaaee502f453009a3a51411aba714e08f7135
Reviewed-on: https://gerrit.chromium.org/gerrit/39135
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
16 months agoCreated asynchronous version of attestation interface. 99/38499/4
Darren Krahn [Sat, 17 Nov 2012 00:21:52 +0000 (16:21 -0800)]
Created asynchronous version of attestation interface.

This CL implements the D-Bus plumbing for asynchronous versions of the
attestation calls.  Part of this is a signal with an arbitrary data
payload.  The async calls themselves are not implemented in this CL.

BUG=chromium-os:36561
TEST=Ran unit tests
     Ran platform_Attestation
     Manually tested login
     Manually tested cryptohome actions
     Manually tested new signal w/ non-ascii data

Change-Id: I5b81d1b4de540f21f189ee2e3f850e042d16fbb7
Reviewed-on: https://gerrit.chromium.org/gerrit/38499
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
16 months agoAdded logging when the TPM fails and requires a reboot. 61/38461/2
Darren Krahn [Wed, 21 Nov 2012 16:50:03 +0000 (08:50 -0800)]
Added logging when the TPM fails and requires a reboot.

BUG=chromium-os:36552
TEST=Unit tests

Change-Id: I13ed12cd0ab5e3dd04fd288882b2d6f0bda88bda
Reviewed-on: https://gerrit.chromium.org/gerrit/38461
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
17 months agoAdded Infineon Intermediate CA 16 as a known endorsement CA. 10/38210/2
Darren Krahn [Fri, 16 Nov 2012 19:19:53 +0000 (11:19 -0800)]
Added Infineon Intermediate CA 16 as a known endorsement CA.

BUG=None
TEST=Ran unit tests.

Change-Id: I96afce9ef31cad860ecaf1f6562bae4ddddf13ff
Reviewed-on: https://gerrit.chromium.org/gerrit/38210
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>

17 months agoCreated an UMA stat for TPM_E_FAIL errors. 72/38072/2
Darren Krahn [Thu, 15 Nov 2012 00:06:27 +0000 (16:06 -0800)]
Created an UMA stat for TPM_E_FAIL errors.

BUG=chrome-os-partner:15785
TEST=Ran all unit tests

Change-Id: Iaf4d2a6368d3fb8f46ec67fd1afc74e2c7668fd6
Reviewed-on: https://gerrit.chromium.org/gerrit/38072
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
17 months agoFixed crash when TPM is not ready. 16/37916/2
Darren Krahn [Tue, 13 Nov 2012 18:31:58 +0000 (10:31 -0800)]
Fixed crash when TPM is not ready.

BUG=chrome-os-partner:16139
TEST=Ran all unit tests.

Change-Id: I8f56131456b22ae7e6b4ac79a3c7d3d02525aef6
Reviewed-on: https://gerrit.chromium.org/gerrit/37916
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
17 months agoAdded support for a TPM_NEEDS_REBOOT status code.
Darren Krahn [Mon, 22 Oct 2012 22:59:56 +0000 (15:59 -0700)]
Added support for a TPM_NEEDS_REBOOT status code.

The only way that we know of to respond to TPM_E_FAIL errors from the
TPM is to reboot the system, which will reset the TPM.  This status
indicator will allow callers to be aware of this condition.

BUG=chromium:156655
TEST=Manual tests with TPM_LoadKey returning TPM_E_FAIL.

Change-Id: Idc65e4cc62888bba44999b542bf9f327031d72c1
Reviewed-on: https://gerrit.chromium.org/gerrit/36362
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
18 months ago[cryptohome] finalize lockbox asynchronously
Elly Fong-Jones [Wed, 10 Oct 2012 20:54:01 +0000 (16:54 -0400)]
[cryptohome] finalize lockbox asynchronously

Do finalization asynchronously in AsyncMount so we don't block from returning to
the caller. We no longer need to finalize at TPM completion if the cryptohome is
mounted, since we now always finalize as part of mounting.

BUG=chromium-os:154396
TEST=unit,trybot

Change-Id: I528cd0b61ad4d3c507b89bf78d372886541e215f
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35167
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
18 months agoFixed a problem with ek cert verification.
Darren Krahn [Tue, 9 Oct 2012 22:57:55 +0000 (15:57 -0700)]
Fixed a problem with ek cert verification.

The X509_verify function can return values other than 0 or 1.
Specifically it can return -1 if errors occur.  Added algorithm
initialization to cryptohomed and also check that X509_verify returns
exactly 1.

Also, fixed an incorrect CA public key.

BUG=None
TEST=Ran all unit tests.
     Ran attestation verification manually to cover both success and
     failure code paths for cert verification.

Change-Id: I7ef49800c82b21ba87eae3905a7461fabe6a5959
Reviewed-on: https://gerrit.chromium.org/gerrit/35068
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
18 months agoAdded attestation message construction and parsing.
Darren Krahn [Mon, 1 Oct 2012 18:33:10 +0000 (11:33 -0700)]
Added attestation message construction and parsing.

BUG=chromium-os:34805
TEST=Ran unit tests.
     Manually tested relevant cryptohome CLI actions.
     Ran platform_Attestation autotest.

Change-Id: I36a2e6f0364f2a60072d9fb714a5cf46816d4036
Reviewed-on: https://gerrit.chromium.org/gerrit/34464
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
18 months agoAdded skeleton for attestation enrollment messages.
Darren Krahn [Wed, 26 Sep 2012 20:49:21 +0000 (13:49 -0700)]
Added skeleton for attestation enrollment messages.

BUG=chromium-os:34805
TEST=Manually exercise all new cryptohome actions.

CQ-DEPEND=34673

Change-Id: I2387c8b8ea0d0b216b87eb8e21cc2d5e82d0352d
Reviewed-on: https://gerrit.chromium.org/gerrit/34307
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>

18 months agoAdded permissions check for attestation database. factory-2985.B factory-2993.B
Darren Krahn [Mon, 24 Sep 2012 18:34:28 +0000 (11:34 -0700)]
Added permissions check for attestation database.

BUG=None
TEST=Manually verified permissions are set correctly.
     Ran unit tests.

Change-Id: Icd4b159ac788cd8c05e52ea57d85ef453042688b
Reviewed-on: https://gerrit.chromium.org/gerrit/33907
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>