use AttestationClient to get key info for tpm challenge key.

We are deprecating attestation methods by CryptohomeClient. This CL also includes a simplied flow by consolidating TpmAttestationDoesKeyExist and TpmAttestationGetCertificate, of which results come from the same methods of attestation service anyway. BUG=b:158955123 TEST=unit_tests. Change-Id: Ib1f9de5a6db041e8c3a86c5d90a0f55b8e4d8285 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515800 Commit-Queue: Leo Lai <cylai@google.com> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#823889}

use AttestationClient to get key info for tpm challenge key.
We are deprecating attestation methods by CryptohomeClient. This CL also includes a simplied flow by consolidating TpmAttestationDoesKeyExist and TpmAttestationGetCertificate, of which results come from the same methods of attestation service anyway. BUG=b:158955123 TEST=unit_tests. Change-Id: Ib1f9de5a6db041e8c3a86c5d90a0f55b8e4d8285 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515800 Commit-Queue: Leo Lai <cylai@google.com> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#823889}
c59455d1 · Leo Lai · Commit Bot · ac30f205 · c59455d1 · c59455d1
Commit c59455d1 authored Nov 04, 2020 by Leo Lai Committed by Commit Bot Nov 04, 2020
4 changed files
--- a/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.cc
+++ b/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.cc
@@ -26,6 +26,8 @@
 #include "chrome/common/pref_names.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
+#include "chromeos/dbus/attestation/attestation_client.h"
+#include "chromeos/dbus/attestation/interface.pb.h"
 #include "chromeos/dbus/constants/attestation_constants.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "chromeos/tpm/install_attributes.h"
@@ -402,13 +404,14 @@ void TpmChallengeKeySubtleImpl::GetEnrollmentPreparationsCallback(
    return;
  }

-  // Attestation is available, see if the key we need already exists.
-  CryptohomeClient::Get()->TpmAttestationDoesKeyExist(
-      key_type_,
-      cryptohome::CreateAccountIdentifierFromAccountId(GetAccountId()),
-      key_name_,
-      base::BindOnce(&TpmChallengeKeySubtleImpl::DoesKeyExistCallback,
-                     weak_factory_.GetWeakPtr()));
+  ::attestation::GetKeyInfoRequest request;
+  request.set_username(
+      cryptohome::CreateAccountIdentifierFromAccountId(GetAccountId())
+          .account_id());
+  request.set_key_label(key_name_);
+  AttestationClient::Get()->GetKeyInfo(
+      request, base::BindOnce(&TpmChallengeKeySubtleImpl::DoesKeyExistCallback,
+                              weak_factory_.GetWeakPtr()));
 }

 void TpmChallengeKeySubtleImpl::PrepareKeyErrorHandlerCallback(
@@ -430,17 +433,21 @@ void TpmChallengeKeySubtleImpl::PrepareKeyErrorHandlerCallback(
 }

 void TpmChallengeKeySubtleImpl::DoesKeyExistCallback(
-    base::Optional<bool> result) {
+    const ::attestation::GetKeyInfoReply& reply) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

-  if (!result.has_value()) {
-    std::move(callback_).Run(Result::MakeError(ResultCode::kDbusError));
+  if (reply.status() != ::attestation::STATUS_SUCCESS &&
+      reply.status() != ::attestation::STATUS_INVALID_PARAMETER) {
+    std::move(callback_).Run(
+        Result::MakeError(reply.status() == ::attestation::STATUS_DBUS_ERROR
+                              ? ResultCode::kDbusError
+                              : ResultCode::kAttestationServiceInternalError));
    return;
  }

-  if (result.value()) {
+  if (reply.status() == ::attestation::STATUS_SUCCESS) {
    // The key exists. Do nothing more.
-    GetPublicKey();
+    PrepareKeyFinished(reply);
    return;
  }

@@ -501,30 +508,31 @@ void TpmChallengeKeySubtleImpl::GetCertificateCallback(
 void TpmChallengeKeySubtleImpl::GetPublicKey() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

-  CryptohomeClient::Get()->TpmAttestationGetPublicKey(
-      key_type_,
-      cryptohome::CreateAccountIdentifierFromAccountId(GetAccountId()),
-      key_name_,
-      base::BindOnce(&TpmChallengeKeySubtleImpl::PrepareKeyFinished,
-                     weak_factory_.GetWeakPtr()));
+  ::attestation::GetKeyInfoRequest request;
+  request.set_username(
+      cryptohome::CreateAccountIdentifierFromAccountId(GetAccountId())
+          .account_id());
+  request.set_key_label(key_name_);
+  AttestationClient::Get()->GetKeyInfo(
+      request, base::BindOnce(&TpmChallengeKeySubtleImpl::PrepareKeyFinished,
+                              weak_factory_.GetWeakPtr()));
 }

 void TpmChallengeKeySubtleImpl::PrepareKeyFinished(
-    base::Optional<CryptohomeClient::TpmAttestationDataResult>
-        prepare_key_result) {
+    const ::attestation::GetKeyInfoReply& reply) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

-  if (!prepare_key_result.has_value() || !prepare_key_result->success) {
+  if (reply.status() != ::attestation::STATUS_SUCCESS) {
    std::move(callback_).Run(
        Result::MakeError(ResultCode::kGetPublicKeyFailedError));
    return;
  }

  if (profile_ && will_register_key_) {
-    public_key_ = prepare_key_result->data;
+    public_key_ = reply.public_key();
  }

-  std::move(callback_).Run(Result::MakePublicKey(prepare_key_result->data));
+  std::move(callback_).Run(Result::MakePublicKey(reply.public_key()));
 }

 void TpmChallengeKeySubtleImpl::StartSignChallengeStep(

--- a/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.h
+++ b/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle.h
@@ -177,13 +177,11 @@ class TpmChallengeKeySubtleImpl final : public TpmChallengeKeySubtle {
  // EmptyAccountId() if GetUser() returns nullptr.
  AccountId GetAccountId() const;

-  // Actually prepares a key after all checks are passed and if |can_continue|
+  // Actually prepares a key after all checks are passed and if `can_continue`
  // is true.
  void PrepareKey(bool can_continue);
-  // Returns a public key (or an error) via |prepare_key_callback_|.
-  void PrepareKeyFinished(
-      base::Optional<CryptohomeClient::TpmAttestationDataResult>
-          prepare_key_result);
+  // Returns a public key (or an error) via `callback_`.
+  void PrepareKeyFinished(const ::attestation::GetKeyInfoReply& reply);

  void SignChallengeCallback(
      const ::attestation::SignEnterpriseChallengeReply& reply);
@@ -201,7 +199,7 @@ class TpmChallengeKeySubtleImpl final : public TpmChallengeKeySubtle {
  void GetEnrollmentPreparationsCallback(
      const ::attestation::GetEnrollmentPreparationsReply& reply);
  void PrepareKeyErrorHandlerCallback(base::Optional<bool> is_tpm_enabled);
-  void DoesKeyExistCallback(base::Optional<bool> result);
+  void DoesKeyExistCallback(const ::attestation::GetKeyInfoReply& reply);
  void AskForUserConsent(base::OnceCallback<void(bool)> callback) const;
  void AskForUserConsentCallback(bool result);
  void GetCertificateCallback(AttestationStatus status,

--- a/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle_unittest.cc
+++ b/chrome/browser/chromeos/attestation/tpm_challenge_key_subtle_unittest.cc
--- a/chrome/browser/chromeos/login/saml/saml_browsertest.cc
+++ b/chrome/browser/chromeos/login/saml/saml_browsertest.cc
@@ -1874,6 +1874,13 @@ INSTANTIATE_TEST_SUITE_P(All, SAMLPasswordAttributesTest, testing::Bool());

 void FakeGetCertificateCallbackTrue(
    attestation::AttestationFlow::CertificateCallback callback) {
+  // In reality, attestation service holds the certificate after a successful
+  // attestation flow.
+  AttestationClient::Get()
+      ->GetTestInterface()
+      ->GetMutableKeyInfoReply(/*username=*/"",
+                               attestation::kEnterpriseMachineKey)
+      ->set_certificate("certificate");
  std::move(callback).Run(attestation::ATTESTATION_SUCCESS, "certificate");
 }