trunks: Generator bugs
This patch fixes a few bugs in the trunks generator.
- Argument with type TPM2B_ENCRYPTED_SECRET was occasionally
not parsed due to errors in raw_structures_fixed.txt. Affected
commands Duplicate, MakeCredential, and Rewrap.
- Arguments with types INT[0-9]* were not parsed due to a bug
in extract_commands.sh. Affected commands PolicySigned and
PolicySecret.
- Argument with name returnCode is part of the header, not a
parameter. Affected commands ClockRateAdjust, ClockSet, and
ReadClock commands.
BUG=None
TEST=Passes all unit tests
Change-Id: I075f7c9fe64b7c1663f8ae6a5b8e8a0387c411aa
Reviewed-on: https://chromium-review.googlesource.com/286840
Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org>
Commit-Queue: Jocelyn Bohr <bohr@chromium.org>
Tested-by: Jocelyn Bohr <bohr@chromium.org>
diff --git a/trunks/generator/extract_commands.sh b/trunks/generator/extract_commands.sh
index aa43b7e..70b3f49 100755
--- a/trunks/generator/extract_commands.sh
+++ b/trunks/generator/extract_commands.sh
@@ -37,7 +37,7 @@
sed 's/^Table [0-9]* . \(.*\) Response$/_OUTPUT_START \1/' |
# Mark argument types.
sed 's/^\(TPM[_A-Z0-9+]*\)$/_TYPE \1/' |
- sed 's/^\(UINT[0-9]*\)$/_TYPE \1/' |
+ sed 's/^\(U*INT[0-9]*\)$/_TYPE \1/' |
# Filter out a few special cases that look like types but are not.
sed 's/^_TYPE TPM_ST_NO_SESSIONS$/TPM_ST_NO_SESSIONS/' |
sed 's/^_TYPE TPM_ALG_NULL$/TPM_ALG_NULL/' |
diff --git a/trunks/generator/generator.py b/trunks/generator/generator.py
index bbc0311..3ecbcc8 100755
--- a/trunks/generator/generator.py
+++ b/trunks/generator/generator.py
@@ -1806,7 +1806,7 @@
_COMMENT_RE = re.compile(r'^_COMMENT\s+(.*)')
# Args which are handled internally by the generated method.
_INTERNAL_ARGS = ('tag', 'Tag', 'commandSize', 'commandCode', 'responseSize',
- 'responseCode')
+ 'responseCode', 'returnCode')
def __init__(self, in_file):
"""Initializes a CommandParser instance.
diff --git a/trunks/generator/raw_commands_fixed.txt b/trunks/generator/raw_commands_fixed.txt
index dda72a3..72e2963 100644
--- a/trunks/generator/raw_commands_fixed.txt
+++ b/trunks/generator/raw_commands_fixed.txt
@@ -6116,7 +6116,9 @@
credentialBlob
-TPM2B_ENCRYPTED_SECRET secret
+TPM2B_ENCRYPTED_SECRET
+
+secret
Page 68
October 31, 2013
@@ -6910,7 +6912,9 @@
private area that may be encrypted by encryptionKeyIn;
and may be doubly encrypted
-TPM2B_ENCRYPTED_SECRET outSymSeed
+TPM2B_ENCRYPTED_SECRET
+
+outSymSeed
Page 78
October 31, 2013
@@ -7261,7 +7265,9 @@
the Name of the object being rewrapped
-TPM2B_ENCRYPTED_SECRET inSymSeed
+TPM2B_ENCRYPTED_SECRET
+
+inSymSeed
Description
@@ -7294,7 +7300,9 @@
outDuplicate
-TPM2B_ENCRYPTED_SECRET outSymSeed
+TPM2B_ENCRYPTED_SECRET
+
+outSymSeed
Page 82
October 31, 2013
diff --git a/trunks/mock_tpm.cc b/trunks/mock_tpm.cc
index 5035504..371458a 100644
--- a/trunks/mock_tpm.cc
+++ b/trunks/mock_tpm.cc
@@ -124,6 +124,22 @@
return CommitSyncShort(sign_handle, param_size, p1, y2, param_size_out, k,
l, e, counter, authorization_delegate);
}
+void MockTpm::PolicySigned(
+ const TPMI_DH_OBJECT& auth_object,
+ const std::string& auth_object_name,
+ const TPMI_SH_POLICY& policy_session,
+ const std::string& policy_session_name,
+ const TPM2B_NONCE& nonce_tpm,
+ const TPM2B_DIGEST& cp_hash_a,
+ const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
+ const TPMT_SIGNATURE& auth,
+ AuthorizationDelegate* authorization_delegate,
+ const PolicySignedResponse& callback) {
+ PolicySignedShort(auth_object, policy_session, nonce_tpm, cp_hash_a,
+ policy_ref, expiration, auth, authorization_delegate,
+ callback);
+}
TPM_RC MockTpm::PolicySignedSync(
const TPMI_DH_OBJECT& auth_object,
const std::string& auth_object_name,
@@ -132,12 +148,29 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate) {
return PolicySignedSyncShort(auth_object, policy_session, nonce_tpm,
- cp_hash_a, policy_ref, auth, timeout,
+ cp_hash_a, policy_ref, expiration, auth, timeout,
+ policy_ticket, authorization_delegate);
+}
+TPM_RC MockTpm::PolicySecretSync(
+ const TPMI_DH_ENTITY& auth_handle,
+ const std::string& auth_handle_name,
+ const TPMI_SH_POLICY& policy_session,
+ const std::string& policy_session_name,
+ const TPM2B_NONCE& nonce_tpm,
+ const TPM2B_DIGEST& cp_hash_a,
+ const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
+ TPM2B_TIMEOUT* timeout,
+ TPMT_TK_AUTH* policy_ticket,
+ AuthorizationDelegate* authorization_delegate) {
+ return PolicySecretSyncShort(auth_handle, policy_session, nonce_tpm,
+ cp_hash_a, policy_ref, expiration, timeout,
policy_ticket, authorization_delegate);
}
void MockTpm::PolicyNV(const TPMI_RH_NV_AUTH& auth_handle,
diff --git a/trunks/mock_tpm.h b/trunks/mock_tpm.h
index 902c9f0..96ba9b3 100644
--- a/trunks/mock_tpm.h
+++ b/trunks/mock_tpm.h
@@ -211,12 +211,13 @@
const TPM2B_NAME& object_name,
AuthorizationDelegate* authorization_delegate,
const MakeCredentialResponse& callback));
- MOCK_METHOD6(MakeCredentialSync,
+ MOCK_METHOD7(MakeCredentialSync,
TPM_RC(const TPMI_DH_OBJECT& handle,
const std::string& handle_name,
const TPM2B_DIGEST& credential,
const TPM2B_NAME& object_name,
TPM2B_ID_OBJECT* credential_blob,
+ TPM2B_ENCRYPTED_SECRET* secret,
AuthorizationDelegate* authorization_delegate));
MOCK_METHOD4(Unseal,
void(const TPMI_DH_OBJECT& item_handle,
@@ -253,7 +254,7 @@
const TPMT_SYM_DEF_OBJECT& symmetric_alg,
AuthorizationDelegate* authorization_delegate,
const DuplicateResponse& callback));
- MOCK_METHOD9(DuplicateSync,
+ MOCK_METHOD10(DuplicateSync,
TPM_RC(const TPMI_DH_OBJECT& object_handle,
const std::string& object_handle_name,
const TPMI_DH_OBJECT& new_parent_handle,
@@ -262,24 +263,28 @@
const TPMT_SYM_DEF_OBJECT& symmetric_alg,
TPM2B_DATA* encryption_key_out,
TPM2B_PRIVATE* duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate));
- MOCK_METHOD8(Rewrap,
+ MOCK_METHOD9(Rewrap,
void(const TPMI_DH_OBJECT& old_parent,
const std::string& old_parent_name,
const TPMI_DH_OBJECT& new_parent,
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
AuthorizationDelegate* authorization_delegate,
const RewrapResponse& callback));
- MOCK_METHOD8(RewrapSync,
+ MOCK_METHOD10(RewrapSync,
TPM_RC(const TPMI_DH_OBJECT& old_parent,
const std::string& old_parent_name,
const TPMI_DH_OBJECT& new_parent,
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
TPM2B_PRIVATE* out_duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate));
MOCK_METHOD9(Import,
void(const TPMI_DH_OBJECT& parent_handle,
@@ -830,14 +835,26 @@
TPM_RC(const TPMI_DH_PCR& pcr_handle,
const std::string& pcr_handle_name,
AuthorizationDelegate* authorization_delegate));
- MOCK_METHOD10(PolicySigned,
+ // Too many args to mock, forward to *Short version.
+ void PolicySigned(
+ const TPMI_DH_OBJECT& auth_object,
+ const std::string& auth_object_name,
+ const TPMI_SH_POLICY& policy_session,
+ const std::string& policy_session_name,
+ const TPM2B_NONCE& nonce_tpm,
+ const TPM2B_DIGEST& cp_hash_a,
+ const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
+ const TPMT_SIGNATURE& auth,
+ AuthorizationDelegate* authorization_delegate,
+ const PolicySignedResponse& callback) override;
+ MOCK_METHOD9(PolicySignedShort,
void(const TPMI_DH_OBJECT& auth_object,
- const std::string& auth_object_name,
const TPMI_SH_POLICY& policy_session,
- const std::string& policy_session_name,
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
AuthorizationDelegate* authorization_delegate,
const PolicySignedResponse& callback));
@@ -850,21 +867,23 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate) override;
- MOCK_METHOD9(PolicySignedSyncShort,
+ MOCK_METHOD10(PolicySignedSyncShort,
TPM_RC(const TPMI_DH_OBJECT& auth_object,
const TPMI_SH_POLICY& policy_session,
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate));
- MOCK_METHOD9(PolicySecret,
+ MOCK_METHOD10(PolicySecret,
void(const TPMI_DH_ENTITY& auth_handle,
const std::string& auth_handle_name,
const TPMI_SH_POLICY& policy_session,
@@ -872,16 +891,29 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
AuthorizationDelegate* authorization_delegate,
const PolicySecretResponse& callback));
- MOCK_METHOD10(PolicySecretSync,
+ // Too many args to mock, forward to *Short version.
+ TPM_RC PolicySecretSync(
+ const TPMI_DH_ENTITY& auth_handle,
+ const std::string& auth_handle_name,
+ const TPMI_SH_POLICY& policy_session,
+ const std::string& policy_session_name,
+ const TPM2B_NONCE& nonce_tpm,
+ const TPM2B_DIGEST& cp_hash_a,
+ const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
+ TPM2B_TIMEOUT* timeout,
+ TPMT_TK_AUTH* policy_ticket,
+ AuthorizationDelegate* authorization_delegate) override;
+ MOCK_METHOD9(PolicySecretSyncShort,
TPM_RC(const TPMI_DH_ENTITY& auth_handle,
- const std::string& auth_handle_name,
const TPMI_SH_POLICY& policy_session,
- const std::string& policy_session_name,
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate));
@@ -1334,9 +1366,8 @@
MOCK_METHOD2(ReadClock,
void(AuthorizationDelegate* authorization_delegate,
const ReadClockResponse& callback));
- MOCK_METHOD3(ReadClockSync,
- TPM_RC(TPM_RC* return_code,
- TPMS_TIME_INFO* current_time,
+ MOCK_METHOD2(ReadClockSync,
+ TPM_RC(TPMS_TIME_INFO* current_time,
AuthorizationDelegate* authorization_delegate));
MOCK_METHOD5(ClockSet,
void(const TPMI_RH_PROVISION& auth,
@@ -1344,11 +1375,10 @@
const UINT64& new_time,
AuthorizationDelegate* authorization_delegate,
const ClockSetResponse& callback));
- MOCK_METHOD5(ClockSetSync,
+ MOCK_METHOD4(ClockSetSync,
TPM_RC(const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const UINT64& new_time,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate));
MOCK_METHOD5(ClockRateAdjust,
void(const TPMI_RH_PROVISION& auth,
@@ -1356,11 +1386,10 @@
const TPM_CLOCK_ADJUST& rate_adjust,
AuthorizationDelegate* authorization_delegate,
const ClockRateAdjustResponse& callback));
- MOCK_METHOD5(ClockRateAdjustSync,
+ MOCK_METHOD4(ClockRateAdjustSync,
TPM_RC(const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const TPM_CLOCK_ADJUST& rate_adjust,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate));
MOCK_METHOD5(GetCapability,
void(const TPM_CAP& capability,
diff --git a/trunks/tpm_generated.cc b/trunks/tpm_generated.cc
index 94c577e..f755502 100644
--- a/trunks/tpm_generated.cc
+++ b/trunks/tpm_generated.cc
@@ -13075,6 +13075,7 @@
TPM_RC Tpm::ParseResponse_MakeCredential(
const std::string& response,
TPM2B_ID_OBJECT* credential_blob,
+ TPM2B_ENCRYPTED_SECRET* secret,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
@@ -13161,6 +13162,14 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string secret_bytes;
+ rc = Parse_TPM2B_ENCRYPTED_SECRET(
+ &buffer,
+ secret,
+ &secret_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
if (tag == TPM_ST_SESSIONS) {
CHECK(authorization_delegate) << "Authorization delegate missing!";
// Decrypt just the parameter data, not the size.
@@ -13185,7 +13194,8 @@
TPM_RC response_code) {
VLOG(1) << __func__;
callback.Run(response_code,
- TPM2B_ID_OBJECT());
+ TPM2B_ID_OBJECT(),
+ TPM2B_ENCRYPTED_SECRET());
}
void MakeCredentialResponseParser(
@@ -13196,9 +13206,11 @@
base::Callback<void(TPM_RC)> error_reporter =
base::Bind(MakeCredentialErrorCallback, callback);
TPM2B_ID_OBJECT credential_blob;
+ TPM2B_ENCRYPTED_SECRET secret;
TPM_RC rc = Tpm::ParseResponse_MakeCredential(
response,
&credential_blob,
+ &secret,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
error_reporter.Run(rc);
@@ -13206,7 +13218,8 @@
}
callback.Run(
rc,
- credential_blob);
+ credential_blob,
+ secret);
}
void Tpm::MakeCredential(
@@ -13244,6 +13257,7 @@
const TPM2B_DIGEST& credential,
const TPM2B_NAME& object_name,
TPM2B_ID_OBJECT* credential_blob,
+ TPM2B_ENCRYPTED_SECRET* secret,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
std::string command;
@@ -13261,6 +13275,7 @@
rc = ParseResponse_MakeCredential(
response,
credential_blob,
+ secret,
authorization_delegate);
return rc;
}
@@ -13990,6 +14005,7 @@
const std::string& response,
TPM2B_DATA* encryption_key_out,
TPM2B_PRIVATE* duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
@@ -14084,6 +14100,14 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string out_sym_seed_bytes;
+ rc = Parse_TPM2B_ENCRYPTED_SECRET(
+ &buffer,
+ out_sym_seed,
+ &out_sym_seed_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
if (tag == TPM_ST_SESSIONS) {
CHECK(authorization_delegate) << "Authorization delegate missing!";
// Decrypt just the parameter data, not the size.
@@ -14109,7 +14133,8 @@
VLOG(1) << __func__;
callback.Run(response_code,
TPM2B_DATA(),
- TPM2B_PRIVATE());
+ TPM2B_PRIVATE(),
+ TPM2B_ENCRYPTED_SECRET());
}
void DuplicateResponseParser(
@@ -14121,10 +14146,12 @@
base::Bind(DuplicateErrorCallback, callback);
TPM2B_DATA encryption_key_out;
TPM2B_PRIVATE duplicate;
+ TPM2B_ENCRYPTED_SECRET out_sym_seed;
TPM_RC rc = Tpm::ParseResponse_Duplicate(
response,
&encryption_key_out,
&duplicate,
+ &out_sym_seed,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
error_reporter.Run(rc);
@@ -14133,7 +14160,8 @@
callback.Run(
rc,
encryption_key_out,
- duplicate);
+ duplicate,
+ out_sym_seed);
}
void Tpm::Duplicate(
@@ -14178,6 +14206,7 @@
const TPMT_SYM_DEF_OBJECT& symmetric_alg,
TPM2B_DATA* encryption_key_out,
TPM2B_PRIVATE* duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
std::string command;
@@ -14198,6 +14227,7 @@
response,
encryption_key_out,
duplicate,
+ out_sym_seed,
authorization_delegate);
return rc;
}
@@ -14209,6 +14239,7 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
@@ -14255,6 +14286,13 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string in_sym_seed_bytes;
+ rc = Serialize_TPM2B_ENCRYPTED_SECRET(
+ in_sym_seed,
+ &in_sym_seed_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
if (authorization_delegate) {
// Encrypt just the parameter data, not the size.
std::string tmp = in_duplicate_bytes.substr(2);
@@ -14283,6 +14321,10 @@
name_bytes.size());
parameter_section_bytes += name_bytes;
command_size += name_bytes.size();
+ hash->Update(in_sym_seed_bytes.data(),
+ in_sym_seed_bytes.size());
+ parameter_section_bytes += in_sym_seed_bytes;
+ command_size += in_sym_seed_bytes.size();
std::string command_hash(32, 0);
hash->Finish(string_as_array(&command_hash), command_hash.size());
std::string authorization_section_bytes;
@@ -14337,6 +14379,7 @@
TPM_RC Tpm::ParseResponse_Rewrap(
const std::string& response,
TPM2B_PRIVATE* out_duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
@@ -14423,6 +14466,14 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string out_sym_seed_bytes;
+ rc = Parse_TPM2B_ENCRYPTED_SECRET(
+ &buffer,
+ out_sym_seed,
+ &out_sym_seed_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
if (tag == TPM_ST_SESSIONS) {
CHECK(authorization_delegate) << "Authorization delegate missing!";
// Decrypt just the parameter data, not the size.
@@ -14447,7 +14498,8 @@
TPM_RC response_code) {
VLOG(1) << __func__;
callback.Run(response_code,
- TPM2B_PRIVATE());
+ TPM2B_PRIVATE(),
+ TPM2B_ENCRYPTED_SECRET());
}
void RewrapResponseParser(
@@ -14458,9 +14510,11 @@
base::Callback<void(TPM_RC)> error_reporter =
base::Bind(RewrapErrorCallback, callback);
TPM2B_PRIVATE out_duplicate;
+ TPM2B_ENCRYPTED_SECRET out_sym_seed;
TPM_RC rc = Tpm::ParseResponse_Rewrap(
response,
&out_duplicate,
+ &out_sym_seed,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
error_reporter.Run(rc);
@@ -14468,7 +14522,8 @@
}
callback.Run(
rc,
- out_duplicate);
+ out_duplicate,
+ out_sym_seed);
}
void Tpm::Rewrap(
@@ -14478,6 +14533,7 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
AuthorizationDelegate* authorization_delegate,
const RewrapResponse& callback) {
VLOG(1) << __func__;
@@ -14495,6 +14551,7 @@
new_parent_name,
in_duplicate,
name,
+ in_sym_seed,
&command,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
@@ -14511,7 +14568,9 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
TPM2B_PRIVATE* out_duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
std::string command;
@@ -14522,6 +14581,7 @@
new_parent_name,
in_duplicate,
name,
+ in_sym_seed,
&command,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
@@ -14531,6 +14591,7 @@
rc = ParseResponse_Rewrap(
response,
out_duplicate,
+ out_sym_seed,
authorization_delegate);
return rc;
}
@@ -25375,6 +25436,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate) {
@@ -25429,6 +25491,13 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string expiration_bytes;
+ rc = Serialize_INT32(
+ expiration,
+ &expiration_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
std::string auth_bytes;
rc = Serialize_TPMT_SIGNATURE(
auth,
@@ -25468,6 +25537,10 @@
policy_ref_bytes.size());
parameter_section_bytes += policy_ref_bytes;
command_size += policy_ref_bytes.size();
+ hash->Update(expiration_bytes.data(),
+ expiration_bytes.size());
+ parameter_section_bytes += expiration_bytes;
+ command_size += expiration_bytes.size();
hash->Update(auth_bytes.data(),
auth_bytes.size());
parameter_section_bytes += auth_bytes;
@@ -25681,6 +25754,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
AuthorizationDelegate* authorization_delegate,
const PolicySignedResponse& callback) {
@@ -25700,6 +25774,7 @@
nonce_tpm,
cp_hash_a,
policy_ref,
+ expiration,
auth,
&command,
authorization_delegate);
@@ -25718,6 +25793,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
@@ -25732,6 +25808,7 @@
nonce_tpm,
cp_hash_a,
policy_ref,
+ expiration,
auth,
&command,
authorization_delegate);
@@ -25755,6 +25832,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
@@ -25808,6 +25886,13 @@
if (rc != TPM_RC_SUCCESS) {
return rc;
}
+ std::string expiration_bytes;
+ rc = Serialize_INT32(
+ expiration,
+ &expiration_bytes);
+ if (rc != TPM_RC_SUCCESS) {
+ return rc;
+ }
if (authorization_delegate) {
// Encrypt just the parameter data, not the size.
std::string tmp = nonce_tpm_bytes.substr(2);
@@ -25840,6 +25925,10 @@
policy_ref_bytes.size());
parameter_section_bytes += policy_ref_bytes;
command_size += policy_ref_bytes.size();
+ hash->Update(expiration_bytes.data(),
+ expiration_bytes.size());
+ parameter_section_bytes += expiration_bytes;
+ command_size += expiration_bytes.size();
std::string command_hash(32, 0);
hash->Finish(string_as_array(&command_hash), command_hash.size());
std::string authorization_section_bytes;
@@ -26049,6 +26138,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
AuthorizationDelegate* authorization_delegate,
const PolicySecretResponse& callback) {
VLOG(1) << __func__;
@@ -26067,6 +26157,7 @@
nonce_tpm,
cp_hash_a,
policy_ref,
+ expiration,
&command,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
@@ -26084,6 +26175,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate) {
@@ -26097,6 +26189,7 @@
nonce_tpm,
cp_hash_a,
policy_ref,
+ expiration,
&command,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
@@ -35738,7 +35831,6 @@
TPM_RC Tpm::ParseResponse_ReadClock(
const std::string& response,
- TPM_RC* return_code,
TPMS_TIME_INFO* current_time,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
@@ -35818,14 +35910,6 @@
return TRUNKS_RC_AUTHORIZATION_FAILED;
}
}
- std::string return_code_bytes;
- rc = Parse_TPM_RC(
- &buffer,
- return_code,
- &return_code_bytes);
- if (rc != TPM_RC_SUCCESS) {
- return rc;
- }
std::string current_time_bytes;
rc = Parse_TPMS_TIME_INFO(
&buffer,
@@ -35842,7 +35926,6 @@
TPM_RC response_code) {
VLOG(1) << __func__;
callback.Run(response_code,
- TPM_RC(),
TPMS_TIME_INFO());
}
@@ -35853,11 +35936,9 @@
VLOG(1) << __func__;
base::Callback<void(TPM_RC)> error_reporter =
base::Bind(ReadClockErrorCallback, callback);
- TPM_RC return_code;
TPMS_TIME_INFO current_time;
TPM_RC rc = Tpm::ParseResponse_ReadClock(
response,
- &return_code,
¤t_time,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
@@ -35866,7 +35947,6 @@
}
callback.Run(
rc,
- return_code,
current_time);
}
@@ -35892,7 +35972,6 @@
}
TPM_RC Tpm::ReadClockSync(
- TPM_RC* return_code,
TPMS_TIME_INFO* current_time,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
@@ -35906,7 +35985,6 @@
std::string response = transceiver_->SendCommandAndWait(command);
rc = ParseResponse_ReadClock(
response,
- return_code,
current_time,
authorization_delegate);
return rc;
@@ -36013,7 +36091,6 @@
TPM_RC Tpm::ParseResponse_ClockSet(
const std::string& response,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
@@ -36092,14 +36169,6 @@
return TRUNKS_RC_AUTHORIZATION_FAILED;
}
}
- std::string return_code_bytes;
- rc = Parse_TPM_RC(
- &buffer,
- return_code,
- &return_code_bytes);
- if (rc != TPM_RC_SUCCESS) {
- return rc;
- }
return TPM_RC_SUCCESS;
}
@@ -36107,8 +36176,7 @@
const Tpm::ClockSetResponse& callback,
TPM_RC response_code) {
VLOG(1) << __func__;
- callback.Run(response_code,
- TPM_RC());
+ callback.Run(response_code);
}
void ClockSetResponseParser(
@@ -36118,18 +36186,15 @@
VLOG(1) << __func__;
base::Callback<void(TPM_RC)> error_reporter =
base::Bind(ClockSetErrorCallback, callback);
- TPM_RC return_code;
TPM_RC rc = Tpm::ParseResponse_ClockSet(
response,
- &return_code,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
error_reporter.Run(rc);
return;
}
callback.Run(
- rc,
- return_code);
+ rc);
}
void Tpm::ClockSet(
@@ -36163,7 +36228,6 @@
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const UINT64& new_time,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
std::string command;
@@ -36179,7 +36243,6 @@
std::string response = transceiver_->SendCommandAndWait(command);
rc = ParseResponse_ClockSet(
response,
- return_code,
authorization_delegate);
return rc;
}
@@ -36285,7 +36348,6 @@
TPM_RC Tpm::ParseResponse_ClockRateAdjust(
const std::string& response,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate) {
VLOG(3) << __func__;
VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
@@ -36364,14 +36426,6 @@
return TRUNKS_RC_AUTHORIZATION_FAILED;
}
}
- std::string return_code_bytes;
- rc = Parse_TPM_RC(
- &buffer,
- return_code,
- &return_code_bytes);
- if (rc != TPM_RC_SUCCESS) {
- return rc;
- }
return TPM_RC_SUCCESS;
}
@@ -36379,8 +36433,7 @@
const Tpm::ClockRateAdjustResponse& callback,
TPM_RC response_code) {
VLOG(1) << __func__;
- callback.Run(response_code,
- TPM_RC());
+ callback.Run(response_code);
}
void ClockRateAdjustResponseParser(
@@ -36390,18 +36443,15 @@
VLOG(1) << __func__;
base::Callback<void(TPM_RC)> error_reporter =
base::Bind(ClockRateAdjustErrorCallback, callback);
- TPM_RC return_code;
TPM_RC rc = Tpm::ParseResponse_ClockRateAdjust(
response,
- &return_code,
authorization_delegate);
if (rc != TPM_RC_SUCCESS) {
error_reporter.Run(rc);
return;
}
callback.Run(
- rc,
- return_code);
+ rc);
}
void Tpm::ClockRateAdjust(
@@ -36435,7 +36485,6 @@
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const TPM_CLOCK_ADJUST& rate_adjust,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate) {
VLOG(1) << __func__;
std::string command;
@@ -36451,7 +36500,6 @@
std::string response = transceiver_->SendCommandAndWait(command);
rc = ParseResponse_ClockRateAdjust(
response,
- return_code,
authorization_delegate);
return rc;
}
diff --git a/trunks/tpm_generated.h b/trunks/tpm_generated.h
index 956415f..8eb443d 100644
--- a/trunks/tpm_generated.h
+++ b/trunks/tpm_generated.h
@@ -4044,7 +4044,8 @@
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,
- const TPM2B_ID_OBJECT& credential_blob)> MakeCredentialResponse;
+ const TPM2B_ID_OBJECT& credential_blob,
+ const TPM2B_ENCRYPTED_SECRET& secret)> MakeCredentialResponse;
static TPM_RC SerializeCommand_MakeCredential(
const TPMI_DH_OBJECT& handle,
const std::string& handle_name,
@@ -4055,6 +4056,7 @@
static TPM_RC ParseResponse_MakeCredential(
const std::string& response,
TPM2B_ID_OBJECT* credential_blob,
+ TPM2B_ENCRYPTED_SECRET* secret,
AuthorizationDelegate* authorization_delegate);
virtual void MakeCredential(
const TPMI_DH_OBJECT& handle,
@@ -4069,6 +4071,7 @@
const TPM2B_DIGEST& credential,
const TPM2B_NAME& object_name,
TPM2B_ID_OBJECT* credential_blob,
+ TPM2B_ENCRYPTED_SECRET* secret,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,
@@ -4126,7 +4129,8 @@
typedef base::Callback<void(
TPM_RC response_code,
const TPM2B_DATA& encryption_key_out,
- const TPM2B_PRIVATE& duplicate)> DuplicateResponse;
+ const TPM2B_PRIVATE& duplicate,
+ const TPM2B_ENCRYPTED_SECRET& out_sym_seed)> DuplicateResponse;
static TPM_RC SerializeCommand_Duplicate(
const TPMI_DH_OBJECT& object_handle,
const std::string& object_handle_name,
@@ -4140,6 +4144,7 @@
const std::string& response,
TPM2B_DATA* encryption_key_out,
TPM2B_PRIVATE* duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate);
virtual void Duplicate(
const TPMI_DH_OBJECT& object_handle,
@@ -4159,10 +4164,12 @@
const TPMT_SYM_DEF_OBJECT& symmetric_alg,
TPM2B_DATA* encryption_key_out,
TPM2B_PRIVATE* duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,
- const TPM2B_PRIVATE& out_duplicate)> RewrapResponse;
+ const TPM2B_PRIVATE& out_duplicate,
+ const TPM2B_ENCRYPTED_SECRET& out_sym_seed)> RewrapResponse;
static TPM_RC SerializeCommand_Rewrap(
const TPMI_DH_OBJECT& old_parent,
const std::string& old_parent_name,
@@ -4170,11 +4177,13 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate);
static TPM_RC ParseResponse_Rewrap(
const std::string& response,
TPM2B_PRIVATE* out_duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate);
virtual void Rewrap(
const TPMI_DH_OBJECT& old_parent,
@@ -4183,6 +4192,7 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
AuthorizationDelegate* authorization_delegate,
const RewrapResponse& callback);
virtual TPM_RC RewrapSync(
@@ -4192,7 +4202,9 @@
const std::string& new_parent_name,
const TPM2B_PRIVATE& in_duplicate,
const TPM2B_NAME& name,
+ const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
TPM2B_PRIVATE* out_duplicate,
+ TPM2B_ENCRYPTED_SECRET* out_sym_seed,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,
@@ -5249,6 +5261,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate);
@@ -5265,6 +5278,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
AuthorizationDelegate* authorization_delegate,
const PolicySignedResponse& callback);
@@ -5276,6 +5290,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
const TPMT_SIGNATURE& auth,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
@@ -5292,6 +5307,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate);
static TPM_RC ParseResponse_PolicySecret(
@@ -5307,6 +5323,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
AuthorizationDelegate* authorization_delegate,
const PolicySecretResponse& callback);
virtual TPM_RC PolicySecretSync(
@@ -5317,6 +5334,7 @@
const TPM2B_NONCE& nonce_tpm,
const TPM2B_DIGEST& cp_hash_a,
const TPM2B_NONCE& policy_ref,
+ const INT32& expiration,
TPM2B_TIMEOUT* timeout,
TPMT_TK_AUTH* policy_ticket,
AuthorizationDelegate* authorization_delegate);
@@ -6170,26 +6188,22 @@
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,
- const TPM_RC& return_code,
const TPMS_TIME_INFO& current_time)> ReadClockResponse;
static TPM_RC SerializeCommand_ReadClock(
std::string* serialized_command,
AuthorizationDelegate* authorization_delegate);
static TPM_RC ParseResponse_ReadClock(
const std::string& response,
- TPM_RC* return_code,
TPMS_TIME_INFO* current_time,
AuthorizationDelegate* authorization_delegate);
virtual void ReadClock(
AuthorizationDelegate* authorization_delegate,
const ReadClockResponse& callback);
virtual TPM_RC ReadClockSync(
- TPM_RC* return_code,
TPMS_TIME_INFO* current_time,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
- TPM_RC response_code,
- const TPM_RC& return_code)> ClockSetResponse;
+ TPM_RC response_code)> ClockSetResponse;
static TPM_RC SerializeCommand_ClockSet(
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
@@ -6198,7 +6212,6 @@
AuthorizationDelegate* authorization_delegate);
static TPM_RC ParseResponse_ClockSet(
const std::string& response,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate);
virtual void ClockSet(
const TPMI_RH_PROVISION& auth,
@@ -6210,11 +6223,9 @@
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const UINT64& new_time,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
- TPM_RC response_code,
- const TPM_RC& return_code)> ClockRateAdjustResponse;
+ TPM_RC response_code)> ClockRateAdjustResponse;
static TPM_RC SerializeCommand_ClockRateAdjust(
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
@@ -6223,7 +6234,6 @@
AuthorizationDelegate* authorization_delegate);
static TPM_RC ParseResponse_ClockRateAdjust(
const std::string& response,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate);
virtual void ClockRateAdjust(
const TPMI_RH_PROVISION& auth,
@@ -6235,7 +6245,6 @@
const TPMI_RH_PROVISION& auth,
const std::string& auth_name,
const TPM_CLOCK_ADJUST& rate_adjust,
- TPM_RC* return_code,
AuthorizationDelegate* authorization_delegate);
typedef base::Callback<void(
TPM_RC response_code,