service,cryptohome: wire up lockbox to dbus

service.cc

 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "service.h"
 
+#define __STDC_FORMAT_MACROS 1
+#include <inttypes.h>
 #include <stdio.h>
 #include <stdlib.h>
 
 #include <base/file_util.h>
 #include <base/logging.h>
 #include <base/string_util.h>
 #include <base/time.h>
 #include <chromeos/dbus/dbus.h>
+#include <string>
+#include <vector>
 
 #include "cryptohome/marshal.glibmarshal.h"
 #include "cryptohome_event_source.h"
+#include "crypto.h"
+#include "install_attributes.h"
 #include "interface.h"
-#include "crypto.h"
 #include "mount.h"
 #include "secure_blob.h"
 #include "tpm.h"
 #include "username_passkey.h"
 #include "vault_keyset.pb.h"
 
 // Forcibly namespace the dbus-bindings generated server bindings instead of
 // modifying the files afterward.
 namespace cryptohome {  // NOLINT
 namespace gobject {  // NOLINT
@@ skipping 53 matching lines @@
       default_tpm_init_(new TpmInit()),
       tpm_init_(default_tpm_init_.get()),
       default_pkcs11_init_(new Pkcs11Init()),
       pkcs11_init_(default_pkcs11_init_.get()),
       initialize_tpm_(true),
       mount_thread_(kMountThreadName),
       async_complete_signal_(-1),
       tpm_init_signal_(-1),
       event_source_(),
       auto_cleanup_period_(kAutoCleanupPeriodMS),
+      default_install_attrs_(new cryptohome::InstallAttributes(NULL)),
+      install_attrs_(default_install_attrs_.get()),
       update_user_activity_period_(kUpdateUserActivityPeriod - 1) {
 }
 
 Service::~Service() {
   if (loop_)
     g_main_loop_unref(loop_);
   if (cryptohome_)
     g_object_unref(cryptohome_);
   if (mount_thread_.IsRunning()) {
     mount_thread_.Stop();
   }
 }
 
 bool Service::Initialize() {
   bool result = true;
 
   mount_->Init();
+  // If the TPM is unowned or doesn't exist, it's safe for
+  // this function to be called again. However, it shouldn't
+  // be called across multiple threads in parallel.
+  InitializeInstallAttributes(false);
+
   Tpm* tpm = const_cast<Tpm*>(mount_->get_crypto()->get_tpm());
+  // TODO(wad) Determine if this should only be called if
+  //           tpm->IsEnabled() is true.
   if (tpm && initialize_tpm_) {
     tpm_init_->set_tpm(tpm);
     tpm_init_->Init(this);
     if (!SeedUrandom()) {
       LOG(ERROR) << "FAILED TO SEED /dev/urandom AT START";
     }
   }
-
   // Install the type-info for the service with dbus.
   dbus_g_object_type_install_info(gobject::cryptohome_get_type(),
                                   &gobject::dbus_glib_cryptohome_object_info);
   if (!Reset()) {
     result = false;
   }
 
   async_complete_signal_ = g_signal_new("async_call_status",
                                         gobject::cryptohome_get_type(),
                                         G_SIGNAL_RUN_LAST,
@@ skipping 24 matching lines @@
 
   // Start scheduling periodic cleanup events.  Note, that the first
   // event will be called by Chrome explicitly from the login screen.
   mount_thread_.message_loop()->PostDelayedTask(
       FROM_HERE, NewRunnableMethod(this, &Service::AutoCleanupCallback),
       auto_cleanup_period_);
 
   return result;
 }
 
+void Service::InitializeInstallAttributes(bool first_time) {
+  Tpm* tpm = const_cast<Tpm*>(mount_->get_crypto()->get_tpm());
+  // Wait for ownership if there is a working TPM.
+  if (tpm && tpm->IsEnabled() && !tpm->IsOwned())
+    return;
+
+  // The TPM owning instance may have changed since initialization.
+  // InstallAttributes can handle a NULL or !IsEnabled Tpm object.
+  install_attrs_->SetTpm(tpm);
+
+  if (first_time)
+    // TODO(wad) Go nuclear if PrepareSystem fails!
+    install_attrs_->PrepareSystem();
+
+  // Init can fail without making the interface inconsistent so we're okay here.
+  install_attrs_->Init();
+}
+
 bool Service::SeedUrandom() {
   SecureBlob random;
   if (!tpm_init_->GetRandomData(kDefaultRandomSeedLength, &random)) {
     LOG(ERROR) << "Could not get random data from the TPM";
     return false;
   }
   size_t written = file_util::WriteFile(FilePath(kDefaultEntropySource),
       static_cast<const char*>(random.const_data()), random.size());
   if (written != random.size()) {
     LOG(ERROR) << "Error writing data to /dev/urandom";
@@ skipping 30 matching lines @@
 
 void Service::NotifyEvent(CryptohomeEventBase* event) {
   if (!strcmp(event->GetEventName(), kMountTaskResultEventType)) {
     MountTaskResult* result = static_cast<MountTaskResult*>(event);
     g_signal_emit(cryptohome_, async_complete_signal_, 0, result->sequence_id(),
                   result->return_status(), result->return_code());
   } else if (!strcmp(event->GetEventName(), kTpmInitStatusEventType)) {
     TpmInitStatus* result = static_cast<TpmInitStatus*>(event);
     g_signal_emit(cryptohome_, tpm_init_signal_, 0, tpm_init_->IsTpmReady(),
                   tpm_init_->IsTpmEnabled(), result->get_took_ownership());
+    // TODO(wad) should we package up a InstallAttributes status here too?
   }
 }
 
 void Service::InitializeTpmComplete(bool status, bool took_ownership) {
   if (took_ownership) {
     MountTaskResult ignored_result;
     base::WaitableEvent event(true, false);
     MountTaskResetTpmContext* mount_task =
         new MountTaskResetTpmContext(NULL, mount_);
     mount_task->set_result(&ignored_result);
     mount_task->set_complete_event(&event);
     mount_thread_.message_loop()->PostTask(FROM_HERE, mount_task);
     event.Wait();
+    // Initialize the install-time locked attributes since we
+    // can't do it prior to ownership.
+    InitializeInstallAttributes(true);
   }
   // The event source will free this object
   TpmInitStatus* tpm_init_status = new TpmInitStatus();
   tpm_init_status->set_status(status);
   tpm_init_status->set_took_ownership(took_ownership);
   event_source_.AddEvent(tpm_init_status);
 }
 
 gboolean Service::CheckKey(gchar *userid,
                            gchar *key,
@@ skipping 125 matching lines @@
     } else {
       if (!mount_->UnmountCryptohome()) {
         LOG(ERROR) << "Could not unmount cryptohome from previous user";
         *OUT_error_code = Mount::MOUNT_ERROR_MOUNT_POINT_BUSY;
         *OUT_result = FALSE;
         return TRUE;
       }
     }
   }
 
+  // Any non-guest mount attempt triggers InstallAttributes finalization.
+  // The return value is ignored as it is possible we're pre-ownership.
+  // The next login will assure finalization if possible.
+  if (install_attrs_->is_first_install())
+    install_attrs_->Finalize();
+
   MountTaskResult result;
   base::WaitableEvent event(true, false);
   Mount::MountArgs mount_args;
   mount_args.create_if_missing = create_if_missing;
   MountTaskMount* mount_task = new MountTaskMount(NULL,
                                                   mount_,
                                                   credentials,
                                                   mount_args);
   mount_task->set_result(&result);
   mount_task->set_complete_event(&event);
@@ skipping 29 matching lines @@
         mount_task->result()->set_return_code(
             Mount::MOUNT_ERROR_MOUNT_POINT_BUSY);
         mount_task->result()->set_return_status(false);
         *OUT_async_id = mount_task->sequence_id();
         mount_thread_.message_loop()->PostTask(FROM_HERE, mount_task);
         return TRUE;
       }
     }
   }
 
+  // See Mount for a relevant comment.
+  if (install_attrs_->is_first_install())
+    install_attrs_->Finalize();
+
   Mount::MountArgs mount_args;
   mount_args.create_if_missing = create_if_missing;
   MountTaskMount* mount_task = new MountTaskMount(this,
                                                   mount_,
                                                   credentials,
                                                   mount_args);
   *OUT_async_id = mount_task->sequence_id();
   mount_thread_.message_loop()->PostTask(FROM_HERE, mount_task);
   return TRUE;
 }
@@ skipping 148 matching lines @@
 }
 
 gboolean Service::Pkcs11GetTpmTokenInfo(gchar** OUT_label,
                                         gchar** OUT_user_pin,
                                         GError** error) {
   pkcs11_init_->GetTpmTokenInfo(OUT_label,
                                 OUT_user_pin);
   return TRUE;
 }
 
+gboolean Service::InstallAttributesGet(gchar* name,
+                                       GArray** OUT_value,
+                                       gboolean* OUT_successful,
+                                       GError** error) {
+  chromeos::Blob value;
+  *OUT_successful = install_attrs_->Get(name, &value);
+  // TODO(wad) can g_array_new return NULL.
+  *OUT_value = g_array_new(false, false, sizeof(char));
+  if (*OUT_successful)
+    g_array_append_vals(*OUT_value, &value.front(), value.size());
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesSet(gchar* name,
+                                       GArray* value,
+                                       gboolean* OUT_successful,
+                                       GError** error) {
+  // Convert from GArray to vector
+  chromeos::Blob value_blob;
+  value_blob.assign(value->data, value->data + value->len);
+  *OUT_successful = install_attrs_->Set(name, value_blob);
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesFinalize(gboolean* OUT_finalized,
+                                            GError** error) {
+  *OUT_finalized = install_attrs_->Finalize();
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesCount(gint* OUT_count, GError** error) {
+  // TODO(wad) for all of these functions return error on uninit.
+  // Follow the CHROMEOS_LOGIN_ERROR quark example in chromeos/dbus/
+  *OUT_count = install_attrs_->Count();
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesIsReady(gboolean* OUT_ready,
+                                           GError** error) {
+  *OUT_ready = (install_attrs_->IsReady() == true);
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesIsSecure(gboolean* OUT_is_secure,
+                                            GError** error) {
+  *OUT_is_secure = (install_attrs_->is_secure() == true);
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesIsInvalid(gboolean* OUT_is_invalid,
+                                             GError** error) {
+  // Is true after a failed init or prior to Init().
+  *OUT_is_invalid = (install_attrs_->is_invalid() == true);
+  return TRUE;
+}
+
+gboolean Service::InstallAttributesIsFirstInstall(
+    gboolean* OUT_is_first_install,
+    GError** error) {
+  *OUT_is_first_install = (install_attrs_->is_first_install() == true);
+  return TRUE;
+}
+
 gboolean Service::GetStatusString(gchar** OUT_status, GError** error) {
   Tpm::TpmStatusInfo tpm_status;
   mount_->get_crypto()->EnsureTpm(false);
   Tpm* tpm = const_cast<Tpm*>(mount_->get_crypto()->get_tpm());
 
   if (tpm) {
     tpm->GetStatus(true, &tpm_status);
   } else {
     Tpm::GetSingleton()->GetStatus(true, &tpm_status);
   }
@@ skipping 40 matching lines @@
           " (UTC)\n",
           ((serialized.flags() &
             cryptohome::SerializedVaultKeyset::TPM_WRAPPED) ? "1" : "0"),
           ((serialized.flags() &
             cryptohome::SerializedVaultKeyset::SCRYPT_WRAPPED) ? "1" : "0"),
           exploded.month, exploded.day_of_month, exploded.year,
           exploded.hour, exploded.minute, exploded.second);
 
     } while(false);
   }
+  int install_attrs_size = install_attrs_->Count();
+  std::string install_attrs_data("InstallAttributes Contents:\n");
+  if (install_attrs_->Count()) {
+    std::string name;
+    chromeos::Blob value;
+    for (int pair = 0; pair < install_attrs_size; ++pair) {
+      install_attrs_data.append(StringPrintf(
+        "  Index...........................: %d\n", pair));
+      if (install_attrs_->GetByIndex(pair, &name, &value)) {
+        std::string value_str(reinterpret_cast<const char*>(&value[0]),
+                              value.size());
+        install_attrs_data.append(StringPrintf(
+          "  Name............................: %s\n"
+          "  Value...........................: %s\n",
+          name.c_str(),
+          value_str.c_str()));
+      }
+    }
+  }
 
   *OUT_status = g_strdup_printf(
       "TPM Status:\n"
       "  Enabled.........................: %s\n"
       "  Owned...........................: %s\n"
       "  Being Owned.....................: %s\n"
       "  Can Connect.....................: %s\n"
       "  Can Load SRK....................: %s\n"
       "  Can Load SRK Public.............: %s\n"
       "  Has Cryptohome Key..............: %s\n"
       "  Can Encrypt.....................: %s\n"
       "  Can Decrypt.....................: %s\n"
       "  Instance Context................: %s\n"
       "  Instance Key Handle.............: %s\n"
       "  Last Error......................: %08x\n"
       "%s"
       "Mount Status:\n"
-      "  Vault Is Mounted................: %s\n",
+      "  Vault Is Mounted................: %s\n"
+      "InstallAttributes Status:\n"
+      "  Initialized.....................: %s\n"
+      "  Version.........................: %"PRIx64"\n"
+      "  Lockbox Index...................: 0x%x\n"
+      "  Secure..........................: %s\n"
+      "  Invalid.........................: %s\n"
+      "  First Install / Unlocked........: %s\n"
+      "  Entries.........................: %d\n"
+      "%s",
       (tpm_status.Enabled ? "1" : "0"),
       (tpm_status.Owned ? "1" : "0"),
       (tpm_status.BeingOwned ? "1" : "0"),
       (tpm_status.CanConnect ? "1" : "0"),
       (tpm_status.CanLoadSrk ? "1" : "0"),
       (tpm_status.CanLoadSrkPublicKey ? "1" : "0"),
       (tpm_status.HasCryptohomeKey ? "1" : "0"),
       (tpm_status.CanEncrypt ? "1" : "0"),
       (tpm_status.CanDecrypt ? "1" : "0"),
       (tpm_status.ThisInstanceHasContext ? "1" : "0"),
       (tpm_status.ThisInstanceHasKeyHandle ? "1" : "0"),
       tpm_status.LastTpmError,
       user_data.c_str(),
-      (mount_->IsCryptohomeMounted() ? "1" : "0"));
+      (mount_->IsCryptohomeMounted() ? "1" : "0"),
+      (install_attrs_->is_initialized() ? "1" : "0"),
+      install_attrs_->version(),
+      InstallAttributes::kLockboxIndex,
+      (install_attrs_->is_secure() ? "1" : "0"),
+      (install_attrs_->is_invalid() ? "1" : "0"),
+      (install_attrs_->is_first_install() ? "1" : "0"),
+      install_attrs_size,
+      install_attrs_data.c_str());
   return TRUE;
 }
 
 // Called on Mount thread.
 void Service::AutoCleanupCallback() {
   static int ticks;
 
   // Update current user's activity timestamp every day.
   if (++ticks > update_user_activity_period_) {
     mount_->UpdateUserActivityTimestamp();
     ticks = 0;
   }
 
   mount_->DoAutomaticFreeDiskSpaceControl();
 
   // Schedule our next call. If the thread is terminating, we would
   // not be called.
   mount_thread_.message_loop()->PostDelayedTask(
       FROM_HERE, NewRunnableMethod(this, &Service::AutoCleanupCallback),
       auto_cleanup_period_);
 }
 
 }  // namespace cryptohome
 
 // We do not want AutoCleanupCallback() to refer the class and make it
 // wait for its execution.  If Mount thread terminates, it will delete
 // our pending task or wait for it to finish.
 DISABLE_RUNNABLE_METHOD_REFCOUNT(cryptohome::Service);