Elly Fong-Jones [Wed, 15 May 2013 16:27:46 +0000 (12:27 -0400)]
[cryptohome] add --nolegacymount flag
Passing this flag disables mounting of /home/chronos/user.
BUG=chromium:212419
TEST=unit,adhoc
Build, login, check mounts for /home/chronos/user; it should be present.
Hack /etc/init/cryptohomed.conf to pass --nolegacy
Reboot, login, check mounts for /home/chronos/user; it should be gone.
Change-Id: I9ef6e8ce4d1653674050ef2969992c9571666098
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/51302
Reviewed-by: Will Drewry <wad@chromium.org>
Darren Krahn [Wed, 17 Apr 2013 23:34:41 +0000 (16:34 -0700)]
Fixed the certificate request generated by the CLI.
The change makes the certificate request consistent with how an
Enterprise User Certificate (EUCert) is requested. This allows us to
request certificates which will pass EUCert verification.
Also added support for the Enterprise Machine Key to the
tpm_attestation_key_status action.
BUG=None
TEST=Manual
Change-Id: I21fa1af210437d7d173e4e55116d7421cf5a9fc7
Reviewed-on: https://gerrit.chromium.org/gerrit/51213
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 16 May 2013 01:08:56 +0000 (18:08 -0700)]
Updated attestation protobuf to use cert profiles.
BUG=None
TEST=Build
Change-Id: I3ba81fbce2d596d7f103222e096bc15e60514734
Reviewed-on: https://gerrit.chromium.org/gerrit/51396
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 14 May 2013 20:23:12 +0000 (13:23 -0700)]
Fixed token label reporting.
We must be consistent when reporting token label expectations.
BUG=chromium:239445
TEST=unit,platform_Pkcs11InitOnLogin
Change-Id: I690efe561d091e0bceb6f9423589c9ab58409a5e
Reviewed-on: https://gerrit.chromium.org/gerrit/51170
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Elly Fong-Jones [Wed, 15 May 2013 15:05:37 +0000 (11:05 -0400)]
[cryptohome] store chaps token in multiprofile home
BUG=chromium:212419
TEST=unit,trybot
Change-Id: I807e1335959c44775b6ebc6011656cad3ffe5f38
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/51298
Darren Krahn [Thu, 9 May 2013 17:49:50 +0000 (10:49 -0700)]
Use the username as the user-specific PKCS #11 token label.
BUG=chromium:239445
TEST=unit, manual
CQ-DEPEND=CL:50680
Change-Id: If5560aef674fe109c6cbefc8f1c6310a96fdf066
Reviewed-on: https://gerrit.chromium.org/gerrit/50673
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Ross McIlroy [Wed, 8 May 2013 15:31:20 +0000 (16:31 +0100)]
cryptohome: Update cryptohome calls to chaps to pass auth data in SecureBlob.
Update cryptohome to build after CL:49331 which modifies login_event_client to
take auth data as a SecureBlob.
TEST=Ran on trybot.
BUG=None
CQ-DEPEND=CL:49331
Change-Id: I17dd4f43e804e80cc2aaee048e9bd27629c7b4fa
Reviewed-on: https://gerrit.chromium.org/gerrit/50461
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Darren Krahn [Thu, 2 May 2013 21:26:01 +0000 (14:26 -0700)]
Receive a slot_id from chaps when loading tokens.
This is relevant to supporting multiple simultaneous users and PKCS #11
tokens. Also fixed up chaps directory permissions checking.
BUG=chromium:205206, chromium:215462
TEST=unit, manual
CQ-DEPEND=CL:49960
Change-Id: I61d91dd2cfda00b20f868a8e001ba6b713e0eaa8
Reviewed-on: https://gerrit.chromium.org/gerrit/49962
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David James <davidjames@chromium.org>
Ross McIlroy [Thu, 2 May 2013 11:53:27 +0000 (12:53 +0100)]
cryptohome: Update cryptohome to new chaps login client interface.
Updated cryptohome to use the chaps login client interface now that isolate
support has been added to chaps. Currently loads tokens into the default
chaps isolate.
CQ-DEPEND=CL:47856, CL:49890
BUG=None
TEST=Tested with CL:47856 using trybot.
Change-Id: I3db5d45e1e1beff7bfca645dc6b292a9e56248a9
Reviewed-on: https://gerrit.chromium.org/gerrit/49888
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Darren Krahn [Wed, 1 May 2013 23:54:09 +0000 (16:54 -0700)]
Added [G|S]etKeyPayload dbus permissions.
BUG=chromium:237190
TEST=manual
Change-Id: I706e578cd985f639886ca17a49d1dd9993f44e05
Reviewed-on: https://gerrit.chromium.org/gerrit/49830
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Elly Fong-Jones [Tue, 9 Apr 2013 15:36:55 +0000 (11:36 -0400)]
[cryptohome] mount user home at /home/chronos/u-$hash
Chrome likes home directories to be under /home/chronos. This change causes the
user part of the home directory to be also mounted at /home/chronos/u-$hash in
addition to /home/user/$hash.
BUG=chromium:224291
TEST=unit,trybot
Change-Id: I127146e6fe40491297b856442c3f2a6e54a7e245
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47648
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Chris Masone [Tue, 30 Apr 2013 17:58:47 +0000 (10:58 -0700)]
Use kGuestUserName instead of GetGuestUserName()
libchromeos is changed by the commit below; update to remain compatible.
CQ-DEPEND=Ie070102429856f21e571cc1073e661d6b5b1c5f3
BUG=None
TEST=unit tests
Change-Id: I5aee09cb66e60ef3b5f8f64bf76d7dd7837dab41
Reviewed-on: https://gerrit.chromium.org/gerrit/49606
Tested-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Chris Masone <cmasone@chromium.org>
Darren Krahn [Tue, 16 Apr 2013 18:29:30 +0000 (11:29 -0700)]
Remove key identifier from hmac for EncryptedData.
Since the key identifier will be used before the hmac can be verified
during the decryption process, it is not useful to mix it into the hmac.
BUG=None
TEST=Unit
Change-Id: I4fcf90ad8d815eb48e0c73478fc2958d8fb5582c
Reviewed-on: https://gerrit.chromium.org/gerrit/48246
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 15 Apr 2013 21:51:39 +0000 (14:51 -0700)]
Added an optional encryption key identifier to EncryptedData.
This identifier assists in decryption by giving a hint as to which key
was used to encrypt. This is especially useful for keys which are
rolled over periodically. This CL enables identifiers for the PCA
encryption key and the enterprise server encryption key.
BUG=None
TEST=unit
Change-Id: I2d9b07965217035461bac5a8217cb1d8ffa59b58
Reviewed-on: https://gerrit.chromium.org/gerrit/48161
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 9 Apr 2013 21:04:08 +0000 (14:04 -0700)]
Added command line support for generating a challenge response.
This enables manual and integration testing of the enterprise challenge
response mechanism.
BUG=None
TEST=Manual
Change-Id: I2b144ddeabbd38cace3300e300d5376c4a2c5fee
Reviewed-on: https://gerrit.chromium.org/gerrit/47714
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 11 Apr 2013 00:17:09 +0000 (17:17 -0700)]
Use standard encryption scheme in attestation code.
The attestation code has been erroneously using CryptoLib::AesEncrypt to
encrypt stuff. This method is non-standard and attestation protocols
must use a standard scheme. A kPaddingStandard has been added to
CryptoLib and all instances of CryptoLib::AesEncrypt have been removed
from the Attestation class.
BUG=None
TEST=Unit, Manual
Change-Id: I8d885e1f6878e79de1693637183ae221eedb0a8d
Reviewed-on: https://gerrit.chromium.org/gerrit/47811
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Fri, 12 Apr 2013 19:53:17 +0000 (12:53 -0700)]
Allow an asynchronous completion signal with zero-length data.
Previously, it was not possible to invoke an asynchronous completion
signal which sends empty data. The logic would fallback to the no-data
signal. However, clients expect only the data signal for some
operations and would miss the operation's completion signal.
BUG=None
TEST=Unit, Manual
Change-Id: I77c5687c5c8b21309362b10b18673687e23047ca
Reviewed-on: https://gerrit.chromium.org/gerrit/48033
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Fri, 5 Apr 2013 21:38:30 +0000 (14:38 -0700)]
Added support for a SignedPublicKeyAndChallenge.
A standard SignedPublicKeyAndChallenge can now be included in an
enterprise challenge response. This may be useful if a certificate
request will be made to a CA which expects a proof-of-possession in a
standard format like this.
BUG=chromium:219965
TEST=unit, manual
Change-Id: Ib440b2a00bd8321efe9e91aafd2677d78caebeff
Reviewed-on: https://gerrit.chromium.org/gerrit/47478
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Elly Fong-Jones [Wed, 3 Apr 2013 19:01:34 +0000 (15:01 -0400)]
[cryptohome] mount guestfs at /home/user/$hash
Mount guestfs at /home/user/$hash as well as /home/chronos/user for guest
mounts.
BUG=chromium:224288
TEST=unit,platform_CryptohomeMount
Change-Id: I0324860e0cf9a3ddb7ca6ad3c56abe48f55c5309
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/47262
Reviewed-by: Will Drewry <wad@chromium.org>
Darren Krahn [Thu, 4 Apr 2013 18:56:18 +0000 (11:56 -0700)]
Added a SignedPublicKeyAndChallenge field to KeyInfo.
The purpose of this field is to ease integration with enterprise CAs.
Often a CA will accept this format as proof-of-possession for a
certificate issuance request.
BUG=None
TEST=emerge
Change-Id: I3526e0c96cd609b84e7484a644952579ab0708fd
Reviewed-on: https://gerrit.chromium.org/gerrit/47341
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Reviewed-by: Pin Ting <pinting@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 4 Apr 2013 22:46:48 +0000 (15:46 -0700)]
Added support for key-specific payloads.
This allows meta-data to be associated with keys. The first application
of this will be to store whether a key has been uploaded to the
enterprise server.
BUG=chromium:219959
TEST=unit
Change-Id: Ided7e320dce3524ee653cba81905ea925dcb80ba
Reviewed-on: https://gerrit.chromium.org/gerrit/47376
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 28 Mar 2013 00:28:00 +0000 (17:28 -0700)]
Hard-coded enterprise challenge-response keys.
Also, refactored instances of openssl pointers to use scoped_ptr.
BUG=chromium:221929
TEST=unit
Change-Id: I5bf2abdaa9e92c258d03ac0628d0b21798ef9ce3
Reviewed-on: https://gerrit.chromium.org/gerrit/46722
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Will Drewry [Fri, 22 Mar 2013 14:17:40 +0000 (09:17 -0500)]
service.cc: propagate enterprise ownership to Mount instances
In the past, there was one Mount that was reused for many operations
across cryptohomed. This didn't scale for multiple simultaneous
mounts and was factored out. The move to a MountFactory and per-cryptohome
Mount instances left enterprise ownership unannotated. This change
brings it back by populating when the Mount is created or after the
fact if finalization follows later.
Signed-off-by: Will Drewry <wad@chromium.org>
TEST=builds, unittests pass, (testing this one now) runs on lumpy and the cryptohome status shows enterprise enrollment
BUG=chromium:196621
Change-Id: I23e57d58a3d66a89296bfc9098afa87f197f77cc
Reviewed-on: https://gerrit.chromium.org/gerrit/46267
Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Darren Krahn [Thu, 14 Mar 2013 19:15:20 +0000 (12:15 -0700)]
Implemented attestation key registration.
An attestation key can be 'registered' by moving it to the current
user's PKCS #11 token. It will then be visible to Chrome via NSS.
BUG=chromium-os:37815
TEST=Unit, Manual
CQ-DEPEND=CL:45534
Change-Id: I80a18463fad20a01f59286ee7baf22159a35719b
Reviewed-on: https://gerrit.chromium.org/gerrit/45536
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Fri, 15 Mar 2013 21:00:43 +0000 (14:00 -0700)]
Consistently use gboolean in DBUS interface.
BUG=None
TEST=Unit
Change-Id: I8e97ea1c5c9b89f9229210337c2ad97f30ab4b5f
Reviewed-on: https://gerrit.chromium.org/gerrit/45620
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Wed, 13 Mar 2013 23:49:14 +0000 (16:49 -0700)]
Optimized mock compilation.
Compiling mock constructors and destructors is very expensive. When
these are implemented inline in the header file they get compiled over
and over again. A small change to a test also will trigger the
recompile of all mocks used by the test. This CL moves constructors and
destructors to their own object files which means they only get compiled
once and do not get recompiled on incremental builds unless they have
been modified.
BUG=None
TEST=Unit
Change-Id: I5d002fdb47a568e6ce750aa56b8e6a48ac1c2f6b
Reviewed-on: https://gerrit.chromium.org/gerrit/45455
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 12 Mar 2013 00:33:29 +0000 (17:33 -0700)]
Implemented attestation challenge signing.
BUG=chromium:187258
TEST=unit
Change-Id: Idd91d621ee103becd25ad30756d210b6fc6b5712
Reviewed-on: https://gerrit.chromium.org/gerrit/45454
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 7 Mar 2013 19:08:26 +0000 (11:08 -0800)]
Emit attestation public keys in X.509 SubjectPublicKeyInfo format.
This format is more flexible that PKCS #1 RSAPublicKey (e.g. it can also
contain non-RSA public keys) and it is widely supported by various
crypto libraries.
BUG=none
TEST=unit
Change-Id: I1b97306847fe5534d4c34eb8a94e9c350a16db20
Reviewed-on: https://gerrit.chromium.org/gerrit/45453
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 4 Mar 2013 18:24:21 +0000 (10:24 -0800)]
Added DBUS bindings for more attestation methods.
New methods include querying certified public keys / certificates,
registering keys, and signing challenges. Also, added a test PCA public
key so a certified key can be created for testing.
BUG=chromium-os:39830
TEST=unit; platform_Attestation against test PCA; manual tests
Change-Id: Id97637c02c880972c8559d57dfc19e5b2ed03594
Reviewed-on: https://gerrit.chromium.org/gerrit/45451
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Will Drewry [Thu, 14 Mar 2013 02:48:29 +0000 (21:48 -0500)]
lockbox: better logging, use IsEnabled, not IsConnected
Tpm::IsConnected() is a bad test of TPM readiness because
the connection may be re-established at any point. So far,
it had worked flawlessly because there were no failures or
other conditions triggering a Tpm::Disconnect(). That appears
to have changed recently.
This change fixes the test and adds better fail-state logging
for future debugging. The root cause still needs to be tracked
down. (E.g., was it always racy? another async task? ...)
Signed-off-by: Will Drewry <wad@chromium.org>
TEST=unittests pass; builds and when replaced in-place, it works properly with a freshly cleared TPM allowing enrollment
BUG=chromium:189681
Change-Id: I1b4c525562cd3a4dddfb5b90004912cdd81558f7
Reviewed-on: https://gerrit.chromium.org/gerrit/45379
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Pin Ting [Tue, 12 Mar 2013 05:40:10 +0000 (13:40 +0800)]
Change signature algorithm specification.
BUG=None
TEST=Unit tests
Change-Id: If88e4319f75b63eb038e9bed98a42b4a7a9d8e30
Reviewed-on: https://gerrit.chromium.org/gerrit/45185
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Tested-by: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Commit-Queue: Pin Ting <pinting@chromium.org>
Will Drewry [Fri, 8 Mar 2013 04:36:15 +0000 (22:36 -0600)]
cryptohome: add support for multiple mounts to be used
Cryptohome supports user-specific mount points, but the DBus interface and
daemon do not have a good way to track multiple mounts. This change tweaks the
overall behavior to make Mounts act as per-user in-memory state only and have
cryptohomed manage the mount mappings explicitly. Additionally, PKCS#11
initialization is restricted to the first mount and the mounttask is now
cancelable. This is mostly just clean up work finishing what ellyjones@
started last year.
The resumption behavior should look similar to what cryptohomed does today with
the caveat that if a mount point has open file references when cryptohome
restarts and still has those when an over-mount request comes in,
Mount::MountCryptohome() will reject it as a busy mount point.
For this to occur, it comes to:
1. c-home crashes while signed in and for some reason the user tries to
over-mount
2. c-home crashes during sign-out failing to unmount and ui.conf fails to
remove references to the mount point
Both of these cases imply a behavior change or cascading failure. Should we force unmount? reboot?
BUG=chromium-os:39682
TEST=(1)unittests pass;
Lumpy ToT test image:
(2) suite:smoke passes
(3) manual sign in as guest, call
cryptohome --action=mount --create --ensure_ephemeral --user=a1 --password=a1
cryptohome --action=mount --create --ensure_ephemeral --user=a2 --password=a2
mount # Shows our mounts
initctl restart cryptohomed
mount
grep cryptohome /var/log/messages # Shows the top two mounts cleaned up and guestfs left alone
(4) manual sign in as a real user, call
cryptohome --action=mount --create --user=a1 --password=a1
cryptohome --action=mount --create --ensure_ephemeral --user=a2 --password=a2
mount # Shows our mounts
initctl restart cryptohomed
mount
grep cryptohome /var/log/messages # Shows the top two mounts cleaned up and _all_ my mounts left alone
(5) manual sign-in as guest, call
sudo bash
# bash -c 'initctl stop cryptohomed; initctl restart ui; initctl start cryptohomed'
sign in as guest:
grep cryptohome /var/log/messages # see that stale guestfs mount was cleaned up
(6) #5, except sign-back in as a user
(7) #6, except sign in the whole time as the same real user
Change-Id: I022e99df2f2aea80d600ba85066ee93cdaf34027
Reviewed-on: https://gerrit.chromium.org/gerrit/44972
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Darren Krahn [Wed, 27 Feb 2013 17:08:33 +0000 (09:08 -0800)]
Implemented a PKCS #11 backed key store.
Certified keys which are associated with the user need a safe place to
live. The most important requirement is that the key must not be
available when the user is not signed in. This CL implements a key
store using data objects in the user's PKCS #11 token.
BUG=chromium-os:38996
TEST=unit
CQ-DEPEND=CL:44332, CL:44334
Change-Id: Ice506b0aed92137eef99150ac6f7d5ecf04ce1af
Reviewed-on: https://gerrit.chromium.org/gerrit/44336
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Pin Ting [Tue, 5 Mar 2013 03:21:51 +0000 (11:21 +0800)]
Refine comments.
BUG=None
TEST=Unit tests
Change-Id: Id206bfd72c705705a458a83bea70e7a123ea75a0
Reviewed-on: https://gerrit.chromium.org/gerrit/44608
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Tested-by: Pin Ting <pinting@chromium.org>
Hsu-Cheng Tsai [Tue, 5 Mar 2013 08:05:41 +0000 (16:05 +0800)]
Add random token to AttestationResetRequest for making it easy to
collect all arguments.
BUG=none
TEST=manual
Change-Id: I616ff80f77cefb3e82d6a04be5e6459f2f18a21d
Reviewed-on: https://gerrit.chromium.org/gerrit/44624
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
Pin Ting [Tue, 26 Feb 2013 07:13:52 +0000 (15:13 +0800)]
Updated ChallengeResponse message based on the latest design.
BUG=None
TEST=Unit tests
Change-Id: Ie9f19a5da39a9d1915520bd8cc8af2ab5865eb62
Reviewed-on: https://gerrit.chromium.org/gerrit/44021
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Tested-by: Pin Ting <pinting@chromium.org>
Darren Krahn [Wed, 27 Feb 2013 17:49:26 +0000 (09:49 -0800)]
Fixed clang build errors.
BUG=chromium-os:39277
TEST=emerge with: 'FEATURES=test CFLAGS="-clang" CXXFLAGS="-clang"'
Change-Id: Ic5f20d142d60654b3bce745d035fb277e0b1349c
Reviewed-on: https://gerrit.chromium.org/gerrit/44180
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Bill Richardson [Thu, 28 Feb 2013 18:55:58 +0000 (10:55 -0800)]
Add mount-encrypted utility to cryptohome repo.
This utility sets up the encrypted directories for Chrome OS at boot time.
It uses some of the TPM-related libraries from vboot_reference, but it
isn't really part of the verified boot process itself so I'm moving it into
the cryptohome repo where it belongs.
BUG=chromium-os:39264
BRANCH=none
TEST=auto
CQ-DEPEND=CL:44302, CL:44303
This is just refactoring. After all CLs are in, the
platform_EncryptedStateful autotest should continue to pass as before.
Change-Id: Id2aaa66f7884e1a18358674788d0e6d542b2d213
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/44301
Reviewed-by: Kees Cook <keescook@chromium.org>
Darren Krahn [Tue, 26 Feb 2013 23:44:27 +0000 (15:44 -0800)]
Cleaned up and documented attestation thread safety.
BUG=None
TEST=unit, manual
Change-Id: I409e82c8eb44466e8e8d3af31987d5154b9093f4
Reviewed-on: https://gerrit.chromium.org/gerrit/44173
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 26 Feb 2013 01:41:20 +0000 (17:41 -0800)]
Added support for device key storage.
Added GetCertificateChain and GetPublicKey now because they are useful
in testing. Eventually they will be hooked up to dbus calls.
BUG=chromium-os:38996
TEST=unit
Change-Id: Ie7b74ceca46b68f2070ac7f49d77c5f4da575f1f
Reviewed-on: https://gerrit.chromium.org/gerrit/44085
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 19 Feb 2013 20:21:08 +0000 (12:21 -0800)]
Prepared attestation implementation to support key storage.
Specifically, the following changes have been made:
- Added message_id to certificate request/response messages.
- Updated certificate request interface according to latest design.
- Implemented skeleton for device and user key storage.
BUG=chromium-os:38996
TEST=unit
Change-Id: Ib6a7d37e55633a29203a56660441b482f104c1b9
Reviewed-on: https://gerrit.chromium.org/gerrit/43733
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Will Drewry [Thu, 31 Jan 2013 02:08:59 +0000 (20:08 -0600)]
Remove direct file_util usage
The Platform class and the necessary dependency injection patterns have
been in the codebase for quite a while. However, the use has been
inconsistent. This has hampered code sharing and more robust unittests
(system dependencies introducing flakiness).
This change removes all direct calls to file_util and attempts to
migrate all relevant unittests over to ensure they function as
expected. This includes catching some tests which had become nops
(like the vault migration test). Some integration tests still
linger (e.g, stateful_recovery_unittests), but the unittests should
all be working as expected now (including the new ephemeral skeleton
which could use better specific unittesting).
Change-Id: Ide7c6ae578f53dab8c5ce82b15e4449db2b8a78d
BUG=chromium-os:38444
TEST=unittests pass; suite:smoke passed on lumpy with ToT and this change.
Reviewed-on: https://gerrit.chromium.org/gerrit/43898
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Darren Krahn [Fri, 15 Feb 2013 22:59:28 +0000 (14:59 -0800)]
Updated to use libchrome-180609.
BUG=chromium-os:38930
TEST=unit, manual, relevent autotests
CQ-DEPEND=CL:43669
Change-Id: I6e038fdf30876d816678ee9babef0f3c225e65ca
Reviewed-on: https://gerrit.chromium.org/gerrit/43439
Reviewed-by: Chris Masone <cmasone@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Fri, 15 Feb 2013 18:56:37 +0000 (10:56 -0800)]
Build skeleton home directories in root-only path.
When building a user or guest home directory there are various ownership
and permissions operations that are performed. Doing this work in a
location accessible only to root helps prevent race conditions inducible
by a process running as chronos.
BUG=chromium-os:38821
TEST=unit tests, manual testing
Change-Id: Id59cf4a3a684e69da73c3014d8979b2550087bb2
Reviewed-on: https://gerrit.chromium.org/gerrit/43422
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Julian Pastarmov [Mon, 4 Feb 2013 16:59:29 +0000 (17:59 +0100)]
Make policy reloads explicit.
BUG=chromium-os:38541
TEST=unit tests pass
CQ-DEPEND=I20461078ca890c6ec2f81ad5383c06c4d75a64cd
Change-Id: I6ea0c67caf19fd003500f16253262bab2b18ab2b
Reviewed-on: https://gerrit.chromium.org/gerrit/42539
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org>
Tested-by: Julian Pastarmov <pastarmovj@chromium.org>
Pin Ting [Thu, 31 Jan 2013 07:29:18 +0000 (15:29 +0800)]
Add Challenge and ChallengeResponse messages.
BUG=None
TEST=Unit tests
Change-Id: If4f65899f5f37f20dcdcb412d705d162dcaf1a81
Reviewed-on: https://gerrit.chromium.org/gerrit/42384
Commit-Queue: Pin Ting <pinting@chromium.org>
Reviewed-by: Dennis Kalinichenko <dkalin@google.com>
Tested-by: Pin Ting <pinting@chromium.org>
Reviewed-by: Pin Ting <pinting@chromium.org>
Hsu-Cheng Tsai [Thu, 31 Jan 2013 01:55:23 +0000 (09:55 +0800)]
Update attestation.proto according to the latest design.
Add proto message for reset request and reset response.
BUG=none
TEST=manual
Change-Id: Ibb314cefceeac2026efbbbd14bf91d5e95f83fdd
Reviewed-on: https://gerrit.chromium.org/gerrit/42363
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
Joao da Silva [Wed, 30 Jan 2013 12:13:02 +0000 (13:13 +0100)]
Added GetSanitizedUsername() dbus call to cryptohomed.
This call allows the chrome process to get the hash of the username, so
that it can lookup files that include the hash (i.e. the user policy key
in /var/run/user_policy).
BUG=chromium:163318
TEST=unit tests
CQ-DEPEND=I33d066eea8ebf8d793b4a6451b639be406a8155f
Change-Id: I4739a16f8b16a59e4a9e51975d260c8fa58b1e92
Reviewed-on: https://gerrit.chromium.org/gerrit/42300
Reviewed-by: Chris Masone <cmasone@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Joao da Silva <joaodasilva@chromium.org>
Tested-by: Joao da Silva <joaodasilva@chromium.org>
Hsu-Cheng Tsai [Wed, 30 Jan 2013 13:08:31 +0000 (05:08 -0800)]
Revert "Update attestation.proto according to the latest design."
This reverts commit
9c74c7603e73c252ca11c81107e53c42357bc209
Change-Id: If2b6518dd7d3176e62e3001d99e0379ec18f4212
Reviewed-on: https://gerrit.chromium.org/gerrit/42302
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
Reviewed-by: Hsu-Cheng Tsai <hctsai@chromium.org>
Hsu-Cheng Tsai [Tue, 29 Jan 2013 09:44:55 +0000 (17:44 +0800)]
Update attestation.proto according to the latest design.
Add proto message for reset request and reset response.
BUG=none
TEST=manual
Change-Id: Ib8f8d5275534d5e112f9e1c2ced2c9534774597c
Reviewed-on: https://gerrit.chromium.org/gerrit/42223
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Hsu-Cheng Tsai <hctsai@chromium.org>
Tested-by: Hsu-Cheng Tsai <hctsai@chromium.org>
David Yu [Thu, 24 Jan 2013 06:37:41 +0000 (14:37 +0800)]
Update attestation.proto according to the latest design.
Specifically, is_cert_for_owner is deprecated, and replaced with
include_stable_id and include_device_state. certfied_key_credential2 is
also removed.
BUG=none
TEST=manual
Change-Id: Ied0f84c4ad5f4b10ff3267ba2254be21a4b83b8a
Reviewed-on: https://gerrit.chromium.org/gerrit/41916
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: David Yu <davidyu@chromium.org>
Tested-by: David Yu <davidyu@chromium.org>
Mattias Nissler [Wed, 23 Jan 2013 15:20:47 +0000 (16:20 +0100)]
Write install attributes cache file when locking.
BUG=chromium-os:38111
TEST=Unit tests, check that /var/run/lockbox/install_attributes.pb gets generated when enrolling the device.
Change-Id: I016c6b93598f988ddf25035cccd35b667637c6bc
Reviewed-on: https://gerrit.chromium.org/gerrit/41820
Reviewed-by: Will Drewry <wad@chromium.org>
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Darren Krahn [Fri, 18 Jan 2013 17:58:46 +0000 (09:58 -0800)]
Added another supported intermediate CA.
BUG=None
TEST=Unit
Change-Id: I92f3df88b33407e7d44f2c770664304aab878a7c
Reviewed-on: https://gerrit.chromium.org/gerrit/41645
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Will Drewry [Wed, 16 Jan 2013 17:03:24 +0000 (11:03 -0600)]
lockbox-cache: new commandline utility
lockbox-cache is a simple commandline utility for validating lockbox
data using a pre-extracted NVRAM blob. Successful verification results
in a cache file being written. For example,
lockbox-cache --lockbox=/home/.shadow/install_attributes.pb \
--nvram=/tmp/lockbox.nvram \
--cache=/var/run/lockbox/install_attributes.pb
will emit the file in /var/run on success or emit nothing on failure
and unlink any existing, matching cache files.
Changes:
- Adds Makefile entry that doesn't pull in everything.
- Adds a StubTpm class which returns false or 0 for all calls that
are non-void.
- Adds class LockboxCacheTpm which inherits from StubTpm making only
enough of a working Tpm class to return a supplied NVRAM value.
- Adds class LockboxCache which just layers in Platform handling.
- Adds a driver program.
Change-Id: Idff2cafec034316d82d238d8a81017f866f2469c
BUG=chromium-os:37267
TEST=builds, works with m-e changes. Needs more official tests.
Reviewed-on: https://gerrit.chromium.org/gerrit/41434
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Queue: Will Drewry <wad@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Kees Cook [Thu, 6 Dec 2012 00:32:23 +0000 (16:32 -0800)]
stateful_recovery: include df and tune2fs details
When decrypting the contents of the encrypted partition, it can be
helpful to see the details of the filesystem itself, since that is also
unavailable in recovery mode. Adds various helpers to platform to do the
work and extends the unittests to match.
BUG=chromium-os:37064
TEST=link build, manual stateful recovery
Change-Id: If0b047f3ff652304a2222bcfe20c1157cf4c4498
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39403
Reviewed-by: Will Drewry <wad@chromium.org>
Darren Krahn [Wed, 21 Nov 2012 23:53:25 +0000 (15:53 -0800)]
Implemented asynchronous attestation calls.
BUG=chromium-os:36561
TEST=Ran unit tests
Ran platform_Attestation
Ran platform_Attestation after modifying to use --async
Change-Id: Ibb83b40b3328fbd31ba7632c7f762a52843d0769
Reviewed-on: https://gerrit.chromium.org/gerrit/38780
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Bartosz Fabianowski [Thu, 6 Dec 2012 19:17:17 +0000 (20:17 +0100)]
Add flag for requesting an ephemeral mount
This CL adds a flag that allows Chrome to request an ephemeral mount for
a user. If the flag is set, a cryptohome backed by tmpfs will always be
mounted, even if a regular vault exists for the user.
This functionality is required for public accounts that look like regular
accounts to cryptohomed otherwise but whose cryptohomes must always be
ephemeral.
Adding a new flag to cryptohomed's Mount() and AsyncMount() dbus methods
would change the method signatures, requiring Chrome to be atomically
updated to the new signatures as well. Since an atomic change in
cryptohomed and Chrome is not possible, the CL replaces the obsolete
|replace_tracked_subdirectories| flag with the new |ensure_ephemeral|
flag instead. This is safe because the obsolete flag has been unused for
quite some time, is completely ignored by cryptohomed and always set to
|false| by Chrome. Thus, the new flag is effectively introduced in two
steps:
1/ Replace |replace_tracked_subdirectories| with |ensure_ephemeral| on the
cryptohomed side (this CL). Cryptohomed starts honoring the new flag
but since Chrome has not been updated yet, it will always set the flag
to |false|, yielding the previous, non-ephemeral behavior.
2/ Update Chrome to set the |ensure_ephemeral| flag to |true| for public
account users (a separate CL).
BUG=chromium-os:36892
TEST=new tests in mount_unittest.cc
Change-Id: Ic323271e3a38b979c6b5fe3e2f6bcb30af64add1
Reviewed-on: https://gerrit.chromium.org/gerrit/38995
Commit-Ready: Bartosz Fabianowski <bartfab@chromium.org>
Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org>
Tested-by: Bartosz Fabianowski <bartfab@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Darren Krahn [Wed, 5 Dec 2012 18:48:38 +0000 (10:48 -0800)]
Added fields to the certificate request / response.
BUG=None
TEST=Unit tests
Change-Id: Iafbd699482670a51b40b4ed3d46c0b2e2bfdd7c6
Reviewed-on: https://gerrit.chromium.org/gerrit/39256
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 4 Dec 2012 00:15:17 +0000 (16:15 -0800)]
Added pointer check to MakeIdentity.
Trousers can return NULL from a unicode conversion attempt, the pointer
should be checked.
BUG=chromium:163945
TEST=Unit tests
Manually verified OOBE attestation work
platform_Attestation autotest
Change-Id: I04caaaee502f453009a3a51411aba714e08f7135
Reviewed-on: https://gerrit.chromium.org/gerrit/39135
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Sat, 17 Nov 2012 00:21:52 +0000 (16:21 -0800)]
Created asynchronous version of attestation interface.
This CL implements the D-Bus plumbing for asynchronous versions of the
attestation calls. Part of this is a signal with an arbitrary data
payload. The async calls themselves are not implemented in this CL.
BUG=chromium-os:36561
TEST=Ran unit tests
Ran platform_Attestation
Manually tested login
Manually tested cryptohome actions
Manually tested new signal w/ non-ascii data
Change-Id: I5b81d1b4de540f21f189ee2e3f850e042d16fbb7
Reviewed-on: https://gerrit.chromium.org/gerrit/38499
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Wed, 21 Nov 2012 16:50:03 +0000 (08:50 -0800)]
Added logging when the TPM fails and requires a reboot.
BUG=chromium-os:36552
TEST=Unit tests
Change-Id: I13ed12cd0ab5e3dd04fd288882b2d6f0bda88bda
Reviewed-on: https://gerrit.chromium.org/gerrit/38461
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Fri, 16 Nov 2012 19:19:53 +0000 (11:19 -0800)]
Added Infineon Intermediate CA 16 as a known endorsement CA.
BUG=None
TEST=Ran unit tests.
Change-Id: I96afce9ef31cad860ecaf1f6562bae4ddddf13ff
Reviewed-on: https://gerrit.chromium.org/gerrit/38210
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Thu, 15 Nov 2012 00:06:27 +0000 (16:06 -0800)]
Created an UMA stat for TPM_E_FAIL errors.
BUG=chrome-os-partner:15785
TEST=Ran all unit tests
Change-Id: Iaf4d2a6368d3fb8f46ec67fd1afc74e2c7668fd6
Reviewed-on: https://gerrit.chromium.org/gerrit/38072
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Tue, 13 Nov 2012 18:31:58 +0000 (10:31 -0800)]
Fixed crash when TPM is not ready.
BUG=chrome-os-partner:16139
TEST=Ran all unit tests.
Change-Id: I8f56131456b22ae7e6b4ac79a3c7d3d02525aef6
Reviewed-on: https://gerrit.chromium.org/gerrit/37916
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 22 Oct 2012 22:59:56 +0000 (15:59 -0700)]
Added support for a TPM_NEEDS_REBOOT status code.
The only way that we know of to respond to TPM_E_FAIL errors from the
TPM is to reboot the system, which will reset the TPM. This status
indicator will allow callers to be aware of this condition.
BUG=chromium:156655
TEST=Manual tests with TPM_LoadKey returning TPM_E_FAIL.
Change-Id: Idc65e4cc62888bba44999b542bf9f327031d72c1
Reviewed-on: https://gerrit.chromium.org/gerrit/36362
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Elly Fong-Jones [Wed, 10 Oct 2012 20:54:01 +0000 (16:54 -0400)]
[cryptohome] finalize lockbox asynchronously
Do finalization asynchronously in AsyncMount so we don't block from returning to
the caller. We no longer need to finalize at TPM completion if the cryptohome is
mounted, since we now always finalize as part of mounting.
BUG=chromium-os:154396
TEST=unit,trybot
Change-Id: I528cd0b61ad4d3c507b89bf78d372886541e215f
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35167
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Darren Krahn [Tue, 9 Oct 2012 22:57:55 +0000 (15:57 -0700)]
Fixed a problem with ek cert verification.
The X509_verify function can return values other than 0 or 1.
Specifically it can return -1 if errors occur. Added algorithm
initialization to cryptohomed and also check that X509_verify returns
exactly 1.
Also, fixed an incorrect CA public key.
BUG=None
TEST=Ran all unit tests.
Ran attestation verification manually to cover both success and
failure code paths for cert verification.
Change-Id: I7ef49800c82b21ba87eae3905a7461fabe6a5959
Reviewed-on: https://gerrit.chromium.org/gerrit/35068
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 1 Oct 2012 18:33:10 +0000 (11:33 -0700)]
Added attestation message construction and parsing.
BUG=chromium-os:34805
TEST=Ran unit tests.
Manually tested relevant cryptohome CLI actions.
Ran platform_Attestation autotest.
Change-Id: I36a2e6f0364f2a60072d9fb714a5cf46816d4036
Reviewed-on: https://gerrit.chromium.org/gerrit/34464
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Wed, 26 Sep 2012 20:49:21 +0000 (13:49 -0700)]
Added skeleton for attestation enrollment messages.
BUG=chromium-os:34805
TEST=Manually exercise all new cryptohome actions.
CQ-DEPEND=34673
Change-Id: I2387c8b8ea0d0b216b87eb8e21cc2d5e82d0352d
Reviewed-on: https://gerrit.chromium.org/gerrit/34307
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 24 Sep 2012 18:34:28 +0000 (11:34 -0700)]
Added permissions check for attestation database.
BUG=None
TEST=Manually verified permissions are set correctly.
Ran unit tests.
Change-Id: Icd4b159ac788cd8c05e52ea57d85ef453042688b
Reviewed-on: https://gerrit.chromium.org/gerrit/33907
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 24 Sep 2012 18:58:08 +0000 (11:58 -0700)]
Added another approved intermediate CA.
BUG=None
TEST=cryptohome --action=tpm_verify_attestation
Change-Id: I9a712b6917ffac7a94aefe8745ad0c2f0392f8eb
Reviewed-on: https://gerrit.chromium.org/gerrit/33909
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
David Yu [Tue, 25 Sep 2012 03:12:05 +0000 (11:12 +0800)]
Add the encryption parameters in the comment for the EncryptedData of the
enrollment request.
BUG=none
TEST=manual
Change-Id: I771b3aace3ed4d435c6b9ace676d5bfe52638f36
Reviewed-on: https://gerrit.chromium.org/gerrit/33975
Tested-by: David Yu <davidyu@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>
David Yu [Mon, 24 Sep 2012 09:38:00 +0000 (17:38 +0800)]
Update the comment and change the field name from endorsement_credential to
encrypted_endorsement_credential to make it clearer.
BUG=none
TEST=manual
Change-Id: Ia5cbcbab166e9b671a637882997a603e65e8b677
Reviewed-on: https://gerrit.chromium.org/gerrit/33887
Tested-by: David Yu <davidyu@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>
Elly Fong-Jones [Fri, 21 Sep 2012 20:10:19 +0000 (16:10 -0400)]
[cryptohome] remove ClearUserKeyset
For some reason this method is on Platform even though it's static; it has no
business being there, so shove it back into Crypto.
TEST=unit
BUG=chromium-os:30637
Change-Id: I043589c2421a78903c9574aecfd865c3893b5378
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/33795
Reviewed-by: Kees Cook <keescook@chromium.org>
Darren Krahn [Tue, 4 Sep 2012 18:10:46 +0000 (11:10 -0700)]
Added support for an encrypted endorsement credential.
Converted EncryptedDatabase to a more generic EncryptedData and used
this same protobuf to hold an encrypted endorsement credential.
BUG=None
TEST=Manual
Change-Id: Ibde02c6fe67afbf5ec7706eacae3692d51bbc7d6
Reviewed-on: https://gerrit.chromium.org/gerrit/33708
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: David Yu <davidyu@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Elly Fong-Jones [Thu, 20 Sep 2012 18:17:21 +0000 (14:17 -0400)]
[cryptohome] don't include mount.h from mock_platform.h
This include was pulling in a bunch of other stuff transitively.
BUG=chromium-os:34536
TEST=build
Change-Id: I43c3c59718f6f7596b6e0b046b0584b5af3373a2
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/33706
Reviewed-by: Kees Cook <keescook@chromium.org>
David Yu [Tue, 18 Sep 2012 05:42:06 +0000 (13:42 +0800)]
Add AttestationCertificateRequest and AttestationCertificateResponse.
BUG=none
TEST=compiled successfully
Change-Id: I273a2c229f220de7fad2d8aa60014108788a533a
Reviewed-on: https://gerrit.chromium.org/gerrit/33510
Tested-by: David Yu <davidyu@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>
Ben Chan [Sat, 8 Sep 2012 19:42:40 +0000 (12:42 -0700)]
cryptohome: Fix compilation errors when compiling with glib 2.32.
This CL makes the following changes to make the code compatible with
glib 2.30 and 2.32:
- Add missing gthread-2.0 linkage. gthread-2.0 linkage is required for
g_thread_init when compiling with glib 2.32.
- Include glib.h instead of glib/gthread.h in cryptohomed.cc as the
latter should not be included directly.
BUG=chromium-os:34104
TEST=Build cryptohome with glib 2.30.2 and 2.32.4, and run unit tests.
Change-Id: I8130b03767eed9792ec54d98ad3a3fcba4a52f63
Reviewed-on: https://gerrit.chromium.org/gerrit/32653
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Darin Petkov <petkov@chromium.org>
Will Drewry [Fri, 7 Sep 2012 03:01:24 +0000 (22:01 -0500)]
RFC: stateful recovery: simplify and add unittests
At present stateful encryption should spend some time enabled but trivially
bypassable. This will give it additional time to bake while keeping risks
at a minimum. Once all the tooling is in place, we can renable owner and
write-protect checking in this class to enable proper enforcement of
stateful disk encryption.
It also adds reboot-to-recovery after the copy is complete. This does mean
that until the flag file is removed, the system will continously copy and
reboot to recovery.
This change also adds the missing Copy and ReadFileToString Platform mock.
TEST=new unittests pass (surprise!)
[----------] 4 tests from StatefulRecovery
[ RUN ] StatefulRecovery.ValidRequest
[ OK ] StatefulRecovery.ValidRequest (0 ms)
[ RUN ] StatefulRecovery.InvalidFlagFileContents
[0906/222329:ERROR:stateful_recovery.cc(47)] Bogus stateful recovery request file: 0 hello
[ OK ] StatefulRecovery.InvalidFlagFileContents (0 ms)
[ RUN ] StatefulRecovery.UnreadableFlagFile
[ OK ] StatefulRecovery.UnreadableFlagFile (0 ms)
[ RUN ] StatefulRecovery.UncopyableData
[ OK ] StatefulRecovery.UncopyableData (0 ms)
[----------] 4 tests from StatefulRecovery (1 ms total)
echo -n "1" > /mnt/stateful_partition/decrypt_stateful && reboot
BUG=chromium-os:34218
Change-Id: I4f9c22b514b711ad68dc892f759afaf27da92307
Reviewed-on: https://gerrit.chromium.org/gerrit/32496
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Commit-Ready: Will Drewry <wad@chromium.org>
Darren Krahn [Wed, 5 Sep 2012 22:51:31 +0000 (15:51 -0700)]
Added a command to verify the TPM endorsement key.
This command is useful for verifying TPMs in the factory. The command
requires the TPM owner password.
BUG=chrome-os-partner:13610
TEST=Ran the factory_TPM autotest.
Change-Id: Ia7bb79d33867281e1764eb087e63b5a7d1844ac7
Reviewed-on: https://gerrit.chromium.org/gerrit/32314
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
David Yu [Mon, 3 Sep 2012 10:29:04 +0000 (18:29 +0800)]
Add two new messages, AttestationEnrollmentRequest and Response.
BUG=none
TEST=Compiled the protocol buffer successfully.
Change-Id: Ib51b0c5be4f5c4020c3bc91f0dbfcf18264b1572
Reviewed-on: https://gerrit.chromium.org/gerrit/32105
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Ready: David Yu <davidyu@chromium.org>
Tested-by: David Yu <davidyu@chromium.org>
Elly Jones [Wed, 29 Aug 2012 19:16:12 +0000 (15:16 -0400)]
[cryptohome] allow recovering encrypted stateful
This CL adds a mechanism for copying the contents of /mnt/stateful/encrypted out
into /mnt/stateful/decrypted at startup time, to be used by QA to recover system
logs. Authentication is provided by storage of the owning user's passkey (_NOT_
passphrase) in the request file. The passkey is computed as:
sha256(system-salt-as-hex || passphrase). The following shell script (which
nedes to be run on the device!) produces a passkey from a passphrase:
salt=$(od -A n -t x1 /home/.shadow/salt | tr -d ' ')
stty -echo
read -p "passphrase: " passphrase
stty echo
echo ""
echo $(echo -n "$salt$passphrase" | sha256sum | cut -c -32)
TEST=none yet
BUG=chromium-os:23075
Change-Id: I56a46b8c266da36973fc75da7e81b73b3cdc9b69
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31723
Reviewed-by: Kees Cook <keescook@chromium.org>
Simran Basi [Mon, 27 Aug 2012 21:33:33 +0000 (14:33 -0700)]
Cryptohome: Change location of attestation.epb
Changed the default location of attestation.epb to be in the preserve
directory of stateful_partition.
We will need to preserve this file for stateful wipes thus it is being
relocated.
CQ-DEPEND=I5c24736ea95ccf8ecfa82032cb81ed126b98deb2
BUG=chromium-os:33357
TEST=changed the directory and ensured that it is now created and used
from the new location.
Change-Id: Iafd467e485fa16326d012c28847105094ebb0251
Reviewed-on: https://gerrit.chromium.org/gerrit/31503
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Richard Barnette <jrbarnette@chromium.org>
Commit-Ready: Simran Basi <sbasi@google.com>
Reviewed-by: Simran Basi <sbasi@google.com>
Tested-by: Simran Basi <sbasi@google.com>
Darren Krahn [Thu, 23 Aug 2012 17:51:34 +0000 (10:51 -0700)]
Enabled attestation delegate verification.
BUG=chromium-os:33597
TEST=Ran `cryptohome --action=tpm_verify_attestation`
Change-Id: Id266957021040064857b090202d65424ed210e79
Reviewed-on: https://gerrit.chromium.org/gerrit/31231
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Elly Jones [Wed, 22 Aug 2012 21:17:14 +0000 (17:17 -0400)]
[cryptohome] don't log username in error messages
Also, drop an unused method from UserSession.
TEST=unit
BUG=chromium-os:33804
Change-Id: I8e1bf6cacf08ae62b635c082f9dd4b20ee53a280
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/31149
Reviewed-by: Kees Cook <keescook@chromium.org>
Darren Krahn [Mon, 20 Aug 2012 23:00:14 +0000 (16:00 -0700)]
Ensure the .tpm_owned file exists when it should.
BUG=chromium-os:32038
TEST=Manual, platform_Pkcs11Persistence
Change-Id: I9a72979f30353ac198c2acf59cbedbd53a49d6db
Reviewed-on: https://gerrit.chromium.org/gerrit/30999
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 20 Aug 2012 21:30:15 +0000 (14:30 -0700)]
Added another known endorsement CA.
BUG=None
TEST=Manual
Change-Id: I9e8fc7f8def9a1954359750e649ff4bd62dafab1
Reviewed-on: https://gerrit.chromium.org/gerrit/30918
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Han Shen [Fri, 17 Aug 2012 22:49:39 +0000 (15:49 -0700)]
Fix cryptohome for gcc 4.7 built.
Added explict converion in initialization list.
TEST=Manually built using gcc 4.7 for lumpy.
BUG=None
Change-Id: If72a2c4d27a060e47ef671ad8122696d5b23fb80
Reviewed-on: https://gerrit.chromium.org/gerrit/30771
Reviewed-by: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Han Shen <shenhan@chromium.org>
Commit-Ready: Han Shen <shenhan@chromium.org>
Elly Jones [Thu, 16 Aug 2012 18:09:25 +0000 (14:09 -0400)]
[cryptohome] factor out RSA message obscuring
TEST=unit,platform_CryptohomeMount
BUG=chromium-os:30637
Reviewed-on: https://gerrit.chromium.org/gerrit/#/c/30034/
Change-Id: Icaa2538e5090f8dcb866efe2bd120b202f0c2b78
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/30726
Reviewed-by: Chris Masone <cmasone@chromium.org>
Han Shen [Fri, 17 Aug 2012 03:39:50 +0000 (20:39 -0700)]
Fix cryptohome for gcc 4.7 build.
Added explicit type conversion to initialization list.
TEST=Manually built using gcc 4.7
BUG=None
Change-Id: Ia61eb0d8971c6f13a7bf53c9cebfab97d59b701a
Reviewed-on: https://gerrit.chromium.org/gerrit/30650
Reviewed-by: Yunlian Jiang <yunlian@chromium.org>
Commit-Ready: Han Shen <shenhan@chromium.org>
Tested-by: Han Shen <shenhan@chromium.org>
Elly Jones [Thu, 16 Aug 2012 17:42:43 +0000 (13:42 -0400)]
[cryptohome] remove stale references to mount_
BUG=chromium-os:30637
TEST=unit
Change-Id: Ie1dc4e563eb86fdc2571669348abb71cf1506b68
Signed-off-by: Elly Jones <ellyjones@chromium.org>
(cherry picked from commit
0de8728fe7315857359de7ccf968908f5cbb4250)
Reviewed-on: https://gerrit.chromium.org/gerrit/30571
Reviewed-by: Kees Cook <keescook@chromium.org>
Darren Krahn [Tue, 14 Aug 2012 02:20:40 +0000 (19:20 -0700)]
Added TPM owner delegation to the attestation data.
We need to execute privileged operations in the future but we don't want
to keep the owner password. A delegate allows us to authorize only the
operations we need and discard the owner password.
BUG=chromium-os:33443
TEST=Unit tests pass.
Manually verified delegation data as much as possible.
Change-Id: I780caf4d2d9dd02f92ba7e397950b51f52078e31
Reviewed-on: https://gerrit.chromium.org/gerrit/30601
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Darren Krahn [Mon, 6 Aug 2012 23:47:59 +0000 (16:47 -0700)]
Manually extract endorsement credentials from the TPM.
Also:
- The attestation protobuf is now cleared before destruction.
- Code has been added to verify all attestation data, it can be run with
the following command:
> cryptohome --action=tpm_verify_attestation
BUG=chromium-os:33423
TEST=Unit tests pass.
Manually run 'cryptohome --action=tpm_verify_attestation'.
Bug logged to create an autotest later (crosbug.com/33511).
Change-Id: I6321dc8041f82492705c1da4f8fa15d1803b6ce7
Reviewed-on: https://gerrit.chromium.org/gerrit/30116
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
sabercrombie [Tue, 14 Aug 2012 22:26:37 +0000 (15:26 -0700)]
Revert "[cryptohome] factor out RSA message obscuring"
Seems to break login.
This reverts commit
29bb5ac8dd192d9d74f2e4f7f0c0e1d04ae8b5fb
Change-Id: I8a6c6be345dd6e0690eec0a4bc3e8fbc17be36ef
Reviewed-on: https://gerrit.chromium.org/gerrit/30324
Commit-Ready: <sabercrombie@google.com>
Commit-Ready: Elly Jones <ellyjones@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: <sabercrombie@google.com>
Elly Jones [Mon, 13 Aug 2012 21:21:30 +0000 (17:21 -0400)]
[cryptohome] factor out RSA message obscuring
BUG=chromium-os:30637
TEST=unit
Change-Id: I3f210ab9e20e4ab333fd6e74deb0bb8238b41009
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/30034
Reviewed-by: Kees Cook <keescook@chromium.org>
Elly Jones [Thu, 9 Aug 2012 16:24:49 +0000 (12:24 -0400)]
[cryptohome] push key derivation up a layer again
Do it outside the TPM module.
TEST=unit
BUG=chromium-os:30637
Change-Id: Ida1eb72da828623f63ffdb6cad7dabbccf9929e0
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29770
Elly Jones [Wed, 8 Aug 2012 19:26:04 +0000 (15:26 -0400)]
[cryptohome] thin out the lies in TpmStatusInfo
TpmStatusInfo contains some fields which look useful but are actually tricksy
and false (and unused).
BUG=chromium-os:30637
TEST=build
Change-Id: I89ac26785a715a46d53082ed0b4f93acea0f2693
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29636
Elly Jones [Wed, 8 Aug 2012 21:36:40 +0000 (17:36 -0400)]
[cryptohome] push passkey transform up a level
Eventually, the passkey transform will be done in Crypto; this is step one.
BUG=chromium-os:30637
TEST=unit
Change-Id: I591ec047af4d95e3c03cd298fd5af357678cebb6
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/29657
Reviewed-by: Kees Cook <keescook@chromium.org>
Mike Frysinger [Wed, 8 Aug 2012 16:02:47 +0000 (12:02 -0400)]
fix -I flag paths when building out-of-tree
The current build logic assumes the build dir is the working dir. This
fails if the build and source trees are completely different paths. So
use full paths to the build dir rather than implicitly relative one so
that it works in all states.
BUG=chromium-os:33327
TEST=`emerge-x86-alex chromeos-cryptohome` still works
Change-Id: I5233ad53caa68aed53c2417188fa0de47f029494
Reviewed-on: https://gerrit.chromium.org/gerrit/29613
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Darren Krahn [Fri, 3 Aug 2012 20:12:09 +0000 (13:12 -0700)]
Implemented PrepareForEnrollmentAsync.
Preparing for attestation enrollment can be lengthy (~4sec) and should
always run on a worker thread to avoid blocking the login flow. This CL
implements the asynchronous version of the method.
Also cleaned up class and file names.
BUG=chromium-os:32772
TEST=unit tests pass; manually verified login is not delayed
Change-Id: Id2887fa51bae1a7462848522f411ff99ef16682d
Reviewed-on: https://gerrit.chromium.org/gerrit/29218
Commit-Ready: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
projects / chromiumos / platform / cryptohome.git / log