File: tpm_challenge_key_result.cc

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (185 lines) | stat: -rw-r--r-- 7,982 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/ash/attestation/tpm_challenge_key_result.h"

#include <ostream>

#include "base/base64.h"
#include "base/check_op.h"
#include "base/notreached.h"
#include "base/values.h"

namespace ash {
namespace attestation {
namespace {
std::string Base64EncodeStr(const std::string& str) {
  return base::Base64Encode(str);
}
}  // namespace

// These messages are exposed to the extensions that using
// chrome.enterprise.platformKeys API. Someone can rely on exectly these
// strings. Should be changed carefully.
const char TpmChallengeKeyResult::kDevicePolicyDisabledErrorMsg[] =
    "Remote attestation is not enabled for your device.";
const char TpmChallengeKeyResult::kSignChallengeFailedErrorMsg[] =
    "Failed to sign the challenge.";
const char TpmChallengeKeyResult::kUserNotManagedErrorMsg[] =
    "The user account is not enterprise managed.";
const char TpmChallengeKeyResult::kKeyRegistrationFailedErrorMsg[] =
    "Key registration failed.";
const char TpmChallengeKeyResult::kUserPolicyDisabledErrorMsg[] =
    "Remote attestation is not enabled for your account.";
const char TpmChallengeKeyResult::kUserKeyNotAvailableErrorMsg[] =
    "User keys cannot be challenged in this profile.";
const char TpmChallengeKeyResult::kNonEnterpriseDeviceErrorMsg[] =
    "The device is not enterprise enrolled.";

const char TpmChallengeKeyResult::kDbusErrorMsg[] =
    "Failed to get Enterprise certificate. Error code = 1";
const char TpmChallengeKeyResult::kUserRejectedErrorMsg[] =
    "Failed to get Enterprise certificate. Error code = 2";
const char TpmChallengeKeyResult::kGetCertificateFailedErrorMsg[] =
    "Failed to get Enterprise certificate. Error code = 3";
const char TpmChallengeKeyResult::kResetRequiredErrorMsg[] =
    "Failed to get Enterprise certificate. Error code = 4";
const char TpmChallengeKeyResult::kAttestationUnsupportedErrorMsg[] =
    "Failed to get Enterprise certificate. Error code = 5";

const char TpmChallengeKeyResult::kTimeoutErrorMsg[] =
    "Device web based attestation failed with timeout error.";
const char TpmChallengeKeyResult::kDeviceWebBasedAttestationUrlErrorMsg[] =
    "Device web based attestation is not enabled for the provided URL.";
const char TpmChallengeKeyResult::kExtensionNotAllowedErrorMsg[] =
    "The extension does not have permission to call this function.";
const char TpmChallengeKeyResult::kChallengeBadBase64ErrorMsg[] =
    "Challenge is not base64 encoded.";
const char TpmChallengeKeyResult::kDeviceWebBasedAttestationNotOobeErrorMsg[] =
    "Device web based attestation is only available on the OOBE screen.";
const char TpmChallengeKeyResult::kGetPublicKeyFailedErrorMsg[] =
    "Failed to get public key.";
const char TpmChallengeKeyResult::kMarkCorporateKeyFailedErrorMsg[] =
    "Failed to mark key as corporate.";
const char TpmChallengeKeyResult::kAttestationServiceInternalErrorMsg[] =
    "OS platform service internal error.";
const char TpmChallengeKeyResult::kUploadCertificateFailedErrorMsg[] =
    "Failed to upload machine certificate.";
const char TpmChallengeKeyResult::kDeviceTrustURLConflictError[] =
    "Both policies DeviceContextAwareAccessSignalsAllowlist and "
    "DeviceWebBasedAttestationAllowedUrls are enabled for this URL.";
const char TpmChallengeKeyResult::kVerifiedAccessFlowUnsupportedErrorMsg[] =
    "Verified Access flow type is not supported on ChromeOS.";

// static
TpmChallengeKeyResult TpmChallengeKeyResult::MakeChallengeResponse(
    const std::string& challenge_response) {
  return TpmChallengeKeyResult{
      /*result_code=*/TpmChallengeKeyResultCode::kSuccess,
      /*public_key=*/"",
      /*challenge_response=*/challenge_response};
}

// static
TpmChallengeKeyResult TpmChallengeKeyResult::MakePublicKey(
    const std::string& public_key) {
  return TpmChallengeKeyResult{
      /*result_code=*/TpmChallengeKeyResultCode::kSuccess,
      /*public_key=*/public_key,
      /*challenge_response=*/""};
}

// static
TpmChallengeKeyResult TpmChallengeKeyResult::MakeSuccess() {
  return TpmChallengeKeyResult{
      /*result_code=*/TpmChallengeKeyResultCode::kSuccess,
      /*public_key=*/"",
      /*challenge_response=*/""};
}

// static
TpmChallengeKeyResult TpmChallengeKeyResult::MakeError(
    TpmChallengeKeyResultCode error_code) {
  DCHECK_NE(error_code, TpmChallengeKeyResultCode::kSuccess);
  return TpmChallengeKeyResult{/*result_code=*/error_code,
                               /*public_key=*/"",
                               /*challenge_response=*/""};
}

const char* TpmChallengeKeyResult::GetErrorMessage() const {
  switch (result_code) {
    case TpmChallengeKeyResultCode::kDevicePolicyDisabledError:
      return kDevicePolicyDisabledErrorMsg;
    case TpmChallengeKeyResultCode::kSignChallengeFailedError:
      return kSignChallengeFailedErrorMsg;
    case TpmChallengeKeyResultCode::kUserNotManagedError:
      return kUserNotManagedErrorMsg;
    case TpmChallengeKeyResultCode::kKeyRegistrationFailedError:
      return kKeyRegistrationFailedErrorMsg;
    case TpmChallengeKeyResultCode::kUserKeyNotAvailableError:
      return kUserKeyNotAvailableErrorMsg;
    case TpmChallengeKeyResultCode::kUserPolicyDisabledError:
      return kUserPolicyDisabledErrorMsg;
    case TpmChallengeKeyResultCode::kNonEnterpriseDeviceError:
      return kNonEnterpriseDeviceErrorMsg;
    case TpmChallengeKeyResultCode::kDbusError:
      return kDbusErrorMsg;
    case TpmChallengeKeyResultCode::kUserRejectedError:
      return kUserRejectedErrorMsg;
    case TpmChallengeKeyResultCode::kGetCertificateFailedError:
      return kGetCertificateFailedErrorMsg;
    case TpmChallengeKeyResultCode::kResetRequiredError:
      return kResetRequiredErrorMsg;
    case TpmChallengeKeyResultCode::kAttestationUnsupportedError:
      return kAttestationUnsupportedErrorMsg;
    case TpmChallengeKeyResultCode::kTimeoutError:
      return kTimeoutErrorMsg;
    case TpmChallengeKeyResultCode::kDeviceWebBasedAttestationUrlError:
      return kDeviceWebBasedAttestationUrlErrorMsg;
    case TpmChallengeKeyResultCode::kExtensionNotAllowedError:
      return kExtensionNotAllowedErrorMsg;
    case TpmChallengeKeyResultCode::kChallengeBadBase64Error:
      return kChallengeBadBase64ErrorMsg;
    case TpmChallengeKeyResultCode::kDeviceWebBasedAttestationNotOobeError:
      return kDeviceWebBasedAttestationNotOobeErrorMsg;
    case TpmChallengeKeyResultCode::kGetPublicKeyFailedError:
      return kGetPublicKeyFailedErrorMsg;
    case TpmChallengeKeyResultCode::kMarkCorporateKeyFailedError:
      return kMarkCorporateKeyFailedErrorMsg;
    case TpmChallengeKeyResultCode::kAttestationServiceInternalError:
      return kAttestationServiceInternalErrorMsg;
    case TpmChallengeKeyResultCode::kUploadCertificateFailedError:
      return kUploadCertificateFailedErrorMsg;
    case TpmChallengeKeyResultCode::kDeviceTrustURLConflictError:
      return kDeviceTrustURLConflictError;
    case TpmChallengeKeyResultCode::kVerifiedAccessFlowUnsupportedError:
      return kVerifiedAccessFlowUnsupportedErrorMsg;
    case TpmChallengeKeyResultCode::kSuccess:
      // Not an error message.
      NOTREACHED();
  }
  NOTREACHED() << static_cast<int>(result_code);
}

bool TpmChallengeKeyResult::IsSuccess() const {
  return result_code == TpmChallengeKeyResultCode::kSuccess;
}

std::ostream& operator<<(std::ostream& os,
                         const TpmChallengeKeyResult& result) {
  base::Value::Dict value;

  value.Set("result_code", static_cast<int>(result.result_code));
  if (!result.IsSuccess()) {
    value.Set("error_message", result.GetErrorMessage());
  }
  value.Set("public_key", Base64EncodeStr(result.public_key));
  value.Set("challenge_response", Base64EncodeStr(result.challenge_response));

  os << value;
  return os;
}

}  // namespace attestation
}  // namespace ash