From ac2286e8f8337a6ced00f219ec59aab52a2ac6d7 Mon Sep 17 00:00:00 2001 From: Mattias Nissler Date: Mon, 27 Nov 2017 15:35:10 +0100 Subject: tpm_lite: Implement TakeOwnership support Add the ability to take TPM ownership. This requires two new commands: TPM_OIAP to start an auth session and TPM_TakeOwnership to establish ownership. TPM_TakeOwnership requires an auth session and proper command authentication to work, which is also added. BRANCH=None BUG=chromium:788719 TEST=new unit tests Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e Reviewed-on: https://chromium-review.googlesource.com/790414 Reviewed-by: Andrey Pronin Tested-by: Mattias Nissler Trybot-Ready: ChromeOS CL Exonerator Bot Trybot-Ready: Mattias Nissler --- Makefile | 4 + firmware/include/tlcl.h | 9 + firmware/include/tpm1_tss_constants.h | 11 +- firmware/lib/tpm_lite/include/tlcl_internal.h | 3 + firmware/lib/tpm_lite/include/tlcl_structures.h | 12 ++ firmware/lib/tpm_lite/tlcl.c | 224 ++++++++++++++++++++++++ tests/tlcl_tests.c | 150 ++++++++++++++++ utility/tlcl_generator.c | 78 ++++++++- 8 files changed, 488 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 95a4d3fd..995850e6 100644 --- a/Makefile +++ b/Makefile @@ -490,8 +490,12 @@ HOSTLIB_SRCS = \ cgpt/cgpt_prioritize.c \ firmware/2lib/2common.c \ firmware/2lib/2crc8.c \ + firmware/2lib/2hmac.c \ firmware/2lib/2nvstorage.c \ firmware/2lib/2sha1.c \ + firmware/2lib/2sha256.c \ + firmware/2lib/2sha512.c \ + firmware/2lib/2sha_utility.c \ firmware/2lib/2stub.c \ firmware/lib/cgptlib/cgptlib_internal.c \ firmware/lib/cgptlib/crc32.c \ diff --git a/firmware/include/tlcl.h b/firmware/include/tlcl.h index 685925f4..acb65309 100644 --- a/firmware/include/tlcl.h +++ b/firmware/include/tlcl.h @@ -240,6 +240,15 @@ uint32_t TlclReadPubek(uint32_t* public_exponent, uint8_t* modulus, uint32_t* modulus_size); +/** + * Takes ownership of the TPM. [enc_owner_auth] and [enc_srk_auth] are the owner + * and SRK authorization secrets encrypted under the endorsement key. The clear + * text [owner_auth] needs to be passed as well for command auth. + */ +uint32_t TlclTakeOwnership(uint8_t enc_owner_auth[TPM_RSA_2048_LEN], + uint8_t enc_srk_auth[TPM_RSA_2048_LEN], + uint8_t owner_auth[TPM_AUTH_DATA_LEN]); + #endif /* TPM2_MODE */ #endif /* CHROMEOS_ENVIRONMENT */ diff --git a/firmware/include/tpm1_tss_constants.h b/firmware/include/tpm1_tss_constants.h index f915fb53..625b9aea 100644 --- a/firmware/include/tpm1_tss_constants.h +++ b/firmware/include/tpm1_tss_constants.h @@ -25,6 +25,7 @@ #define TPM_TAG_NV_ATTRIBUTES ((uint16_t) 0x0017) #define TPM_TAG_NV_DATA_PUBLIC ((uint16_t) 0x0018) +#define TPM_TAG_KEY12 ((uint16_t) 0x0028) #define TPM_TAG_RQU_COMMAND ((uint16_t) 0xc1) #define TPM_TAG_RQU_AUTH1_COMMAND ((uint16_t) 0xc2) @@ -55,12 +56,18 @@ typedef uint32_t TPM_CAPABILITY_AREA; #define TPM_CAP_NV_INDEX ((uint32_t) 0x00000011) #define TPM_CAP_GET_VERSION_VAL ((uint32_t) 0x0000001a) +#define TPM_AUTH_ALWAYS ((uint8_t) 0x01) + +#define TPM_KEY_USAGE_STORAGE ((uint16_t) 0x0011) + #define TPM_ALG_RSA ((uint16_t)0x0001) #define TPM_ES_RSAESOAEP_SHA1_MGF1 ((uint16_t)0x0003) #define TPM_SS_NONE ((uint16_t)0x0001) +#define TPM_PID_OWNER ((uint16_t) 0x0005) + #define TPM_ST_CLEAR ((uint16_t) 0x0001) #define TPM_ST_STATE ((uint16_t) 0x0002) #define TPM_ST_DEACTIVATED ((uint16_t) 0x0003) @@ -187,12 +194,14 @@ typedef struct tdTPM_IFX_FIELDUPGRADEINFO #define TPM_ORD_ContinueSelfTest ((uint32_t) 0x00000053) #define TPM_ORD_Extend ((uint32_t) 0x00000014) +#define TPM_ORD_FieldUpgrade ((uint32_t) 0x000000AA) #define TPM_ORD_ForceClear ((uint32_t) 0x0000005D) #define TPM_ORD_GetCapability ((uint32_t) 0x00000065) #define TPM_ORD_GetRandom ((uint32_t) 0x00000046) #define TPM_ORD_NV_DefineSpace ((uint32_t) 0x000000CC) #define TPM_ORD_NV_ReadValue ((uint32_t) 0x000000CF) #define TPM_ORD_NV_WriteValue ((uint32_t) 0x000000CD) +#define TPM_ORD_OIAP ((uint32_t) 0x0000000A) #define TPM_ORD_PcrRead ((uint32_t) 0x00000015) #define TPM_ORD_PhysicalEnable ((uint32_t) 0x0000006F) #define TPM_ORD_PhysicalDisable ((uint32_t) 0x00000070) @@ -202,6 +211,6 @@ typedef struct tdTPM_IFX_FIELDUPGRADEINFO #define TPM_ORD_SaveState ((uint32_t) 0x00000098) #define TPM_ORD_SelfTestFull ((uint32_t) 0x00000050) #define TPM_ORD_Startup ((uint32_t) 0x00000099) -#define TPM_ORD_FieldUpgrade ((uint32_t) 0x000000AA) +#define TPM_ORD_TakeOwnership ((uint32_t) 0x0000000D) #endif /* ! __VBOOT_REFERENCE_FIRMWARE_INCLUDE_TPM1_TSS_CONSTANTS_H */ diff --git a/firmware/lib/tpm_lite/include/tlcl_internal.h b/firmware/lib/tpm_lite/include/tlcl_internal.h index 99932d67..5db556a8 100644 --- a/firmware/lib/tpm_lite/include/tlcl_internal.h +++ b/firmware/lib/tpm_lite/include/tlcl_internal.h @@ -15,6 +15,9 @@ #define kTpmReadInfoLength 12 #define kEncAuthLength 20 #define kPcrDigestLength 20 +#define kTpmRequestAuthBlockLength \ + (sizeof(uint32_t) + sizeof(TPM_NONCE) + 1 + TPM_AUTH_DATA_LEN) +#define kTpmResponseAuthBlockLength (sizeof(TPM_NONCE) + 1 + TPM_AUTH_DATA_LEN) /* diff --git a/firmware/lib/tpm_lite/include/tlcl_structures.h b/firmware/lib/tpm_lite/include/tlcl_structures.h index b4ff1f5f..192fe355 100644 --- a/firmware/lib/tpm_lite/include/tlcl_structures.h +++ b/firmware/lib/tpm_lite/include/tlcl_structures.h @@ -1,5 +1,17 @@ /* This file is automatically generated */ +const struct s_tpm_takeownership_cmd{ + uint8_t buffer[624]; + uint16_t encOwnerAuth; + uint16_t encSrkAuth; +} tpm_takeownership_cmd = {{0x0, 0xc2, 0x0, 0x0, 0x2, 0x70, 0x0, 0x0, 0x0, 0xd, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x0, 0x1, 0x0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, }, +16, 276, }; + +const struct s_tpm_oiap_cmd{ + uint8_t buffer[10]; +} tpm_oiap_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa, }, +}; + const struct s_tpm_ifx_fieldupgradeinforequest2_cmd{ uint8_t buffer[13]; } tpm_ifx_fieldupgradeinforequest2_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0xaa, 0x11, 0x0, 0x0, }, diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index 493bf84e..8f17380f 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -16,6 +16,7 @@ #include "2sysincludes.h" #include "2common.h" +#include "2hmac.h" #include "2sha.h" #include "sysincludes.h" @@ -149,6 +150,187 @@ static uint32_t Send(const uint8_t* command) return TlclSendReceive(command, response, sizeof(response)); } +#ifdef CHROMEOS_ENVIRONMENT + +struct auth_session +{ + uint32_t handle; + TPM_NONCE nonce_even; + TPM_NONCE nonce_odd; + uint8_t shared_secret[TPM_AUTH_DATA_LEN]; + uint8_t valid; +}; + +static uint32_t StartOIAPSession(struct auth_session* session, + const uint8_t secret[TPM_AUTH_DATA_LEN]) +{ + session->valid = 0; + + uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE]; + uint32_t result = TlclSendReceive(tpm_oiap_cmd.buffer, response, + sizeof(response)); + if (result != TPM_SUCCESS) { + return result; + } + + uint32_t size; + FromTpmUint32(response + sizeof(uint16_t), &size); + if (size < kTpmResponseHeaderLength + sizeof(uint32_t) + + sizeof(TPM_NONCE)) { + return TPM_E_INVALID_RESPONSE; + } + + const uint8_t* cursor = response + kTpmResponseHeaderLength; + session->handle = ReadTpmUint32(&cursor); + memcpy(session->nonce_even.nonce, cursor, sizeof(TPM_NONCE)); + cursor += sizeof(TPM_NONCE); + VbAssert(cursor - response <= TPM_LARGE_ENOUGH_COMMAND_SIZE); + + memcpy(session->shared_secret, secret, TPM_AUTH_DATA_LEN); + session->valid = 1; + + return result; +} + +/* Fills in the authentication block at the end of the command. The command body + * should already be initialized in |command_buffer|, and the included command + * size should account for the auth block that gets filled in. */ +uint32_t AddRequestAuthBlock(struct auth_session* auth_session, + uint8_t* command_buffer, + uint32_t command_buffer_size, + uint8_t continue_auth_session) +{ + if (!auth_session->valid) { + return TPM_E_AUTHFAIL; + } + + /* Sanity check to make sure the command buffer has sufficient space to + * add the auth block at the end of the command. */ + if (command_buffer_size < kTpmRequestHeaderLength) { + return TPM_E_BUFFER_SIZE; + } + const uint32_t size = TpmCommandSize(command_buffer); + if (size < kTpmResponseHeaderLength + kTpmRequestAuthBlockLength || + size > command_buffer_size) { + return TPM_E_INTERNAL_ERROR; + } + const uint32_t auth_offset = size - kTpmRequestAuthBlockLength; + + /* + * The digest of the command is computed over the command buffer, but + * excluding the leading tag and paramSize fields. + */ + struct vb2_sha1_context sha1_ctx; + vb2_sha1_init(&sha1_ctx); + vb2_sha1_update(&sha1_ctx, + command_buffer + sizeof(uint16_t) + sizeof(uint32_t), + auth_offset - sizeof(uint16_t) - sizeof(uint32_t)); + uint8_t buf[TPM_SHA1_160_HASH_LEN + 2 * sizeof(TPM_NONCE) + 1]; + vb2_sha1_finalize(&sha1_ctx, buf); + + /* Generate a fresh nonce. */ + if (VbExTpmGetRandom(auth_session->nonce_odd.nonce, + sizeof(TPM_NONCE)) != VB2_SUCCESS) { + return TPM_E_INTERNAL_ERROR; + } + + /* Append the authentication block to the command buffer. */ + uint8_t* cursor = command_buffer + auth_offset; + ToTpmUint32(cursor, auth_session->handle); + cursor += sizeof(uint32_t); + memcpy(cursor, auth_session->nonce_odd.nonce, sizeof(TPM_NONCE)); + cursor += sizeof(TPM_NONCE); + *cursor++ = continue_auth_session; + + /* Compute and append the MAC. */ + memcpy(buf + TPM_SHA1_160_HASH_LEN, auth_session->nonce_even.nonce, + sizeof(TPM_NONCE)); + memcpy(buf + TPM_SHA1_160_HASH_LEN + sizeof(TPM_NONCE), + auth_session->nonce_odd.nonce, sizeof(TPM_NONCE)); + buf[TPM_SHA1_160_HASH_LEN + 2 * sizeof(TPM_NONCE)] = + continue_auth_session; + if (hmac(VB2_HASH_SHA1, auth_session->shared_secret, + sizeof(auth_session->shared_secret), buf, sizeof(buf), cursor, + TPM_SHA1_160_HASH_LEN)) { + return TPM_E_AUTHFAIL; + } + cursor += TPM_SHA1_160_HASH_LEN; + + return TPM_SUCCESS; +} + +uint32_t CheckResponseAuthBlock(struct auth_session* auth_session, + TPM_COMMAND_CODE ordinal, + uint8_t* response_buffer, + uint32_t response_buffer_size) +{ + if (!auth_session->valid) { + return TPM_E_AUTHFAIL; + } + + if (response_buffer_size < kTpmResponseHeaderLength) { + return TPM_E_INVALID_RESPONSE; + } + + /* Parse and validate the actual response size from the response. */ + uint32_t size; + FromTpmUint32(response_buffer + sizeof(uint16_t), &size); + if (size >= response_buffer_size || + size < kTpmResponseHeaderLength + kTpmResponseAuthBlockLength) { + return TPM_E_INVALID_RESPONSE; + } + uint32_t auth_offset = size - kTpmResponseAuthBlockLength; + + /* + * The digest of the response is computed over the return code, ordinal, + * response payload. + */ + struct vb2_sha1_context sha1_ctx; + vb2_sha1_init(&sha1_ctx); + vb2_sha1_update(&sha1_ctx, + response_buffer + sizeof(uint16_t) + sizeof(uint32_t), + sizeof(uint32_t)); + uint8_t ordinal_buf[sizeof(ordinal)]; + ToTpmUint32(ordinal_buf, ordinal); + vb2_sha1_update(&sha1_ctx, ordinal_buf, sizeof(ordinal_buf)); + vb2_sha1_update(&sha1_ctx, + response_buffer + kTpmResponseHeaderLength, + auth_offset - kTpmResponseHeaderLength); + uint8_t hmac_input[TPM_SHA1_160_HASH_LEN + 2 * sizeof(TPM_NONCE) + 1]; + vb2_sha1_finalize(&sha1_ctx, hmac_input); + + /* Compute the MAC. */ + uint8_t* cursor = response_buffer + auth_offset; + memcpy(hmac_input + TPM_SHA1_160_HASH_LEN, cursor, sizeof(TPM_NONCE)); + cursor += sizeof(TPM_NONCE); + memcpy(hmac_input + TPM_SHA1_160_HASH_LEN + sizeof(TPM_NONCE), + auth_session->nonce_odd.nonce, sizeof(TPM_NONCE)); + auth_session->valid = *cursor++; + hmac_input[TPM_SHA1_160_HASH_LEN + 2 * sizeof(TPM_NONCE)] = + auth_session->valid; + uint8_t mac[TPM_SHA1_160_HASH_LEN]; + if (hmac(VB2_HASH_SHA1, auth_session->shared_secret, + sizeof(auth_session->shared_secret), hmac_input, + sizeof(hmac_input), mac, sizeof(mac))) { + auth_session->valid = 0; + return TPM_E_AUTHFAIL; + } + + /* Check the MAC. */ + if (vb2_safe_memcmp(mac, cursor, sizeof(mac))) { + auth_session->valid = 0; + return TPM_E_AUTHFAIL; + } + + /* Success, save the even nonce. */ + memcpy(auth_session->nonce_even.nonce, response_buffer + auth_offset, + sizeof(TPM_NONCE)); + + return TPM_SUCCESS; +} + +#endif /* CHROMEOS_ENVIRONMENT */ + /* Exported functions. */ uint32_t TlclLibInit(void) @@ -781,4 +963,46 @@ uint32_t TlclReadPubek(uint32_t* public_exponent, return result; } +uint32_t TlclTakeOwnership(uint8_t enc_owner_auth[TPM_RSA_2048_LEN], + uint8_t enc_srk_auth[TPM_RSA_2048_LEN], + uint8_t owner_auth[TPM_AUTH_DATA_LEN]) +{ + /* Start an OAIP session. */ + struct auth_session auth_session; + uint32_t result = StartOIAPSession(&auth_session, owner_auth); + if (result != TPM_SUCCESS) { + return result; + } + + /* Build the TakeOwnership command. */ + struct s_tpm_takeownership_cmd cmd; + memcpy(&cmd, &tpm_takeownership_cmd, sizeof(cmd)); + memcpy(cmd.buffer + tpm_takeownership_cmd.encOwnerAuth, enc_owner_auth, + TPM_RSA_2048_LEN); + memcpy(cmd.buffer + tpm_takeownership_cmd.encSrkAuth, enc_srk_auth, + TPM_RSA_2048_LEN); + result = AddRequestAuthBlock(&auth_session, cmd.buffer, + sizeof(cmd.buffer), 0); + if (result != TPM_SUCCESS) { + return result; + } + + /* The response buffer needs to be large to hold the public half of the + * generated SRK. */ + uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE + TPM_RSA_2048_LEN]; + result = TlclSendReceive(cmd.buffer, response, sizeof(response)); + if (result != TPM_SUCCESS) { + return result; + } + + /* Check the auth tag on the response. */ + result = CheckResponseAuthBlock(&auth_session, TPM_ORD_TakeOwnership, + response, sizeof(response)); + if (result != TPM_SUCCESS) { + return result; + } + + return TPM_SUCCESS; +} + #endif /* CHROMEOS_ENVIRONMENT */ diff --git a/tests/tlcl_tests.c b/tests/tlcl_tests.c index 135311a4..31df17a9 100644 --- a/tests/tlcl_tests.c +++ b/tests/tlcl_tests.c @@ -664,6 +664,155 @@ void ReadPubekTest(void) { response[294] = 0x60; } +/** + * Test TakeOwnership + */ +void TakeOwnershipTest(void) { + uint8_t oiap_response[] = { + 0x00, 0xc4, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x4c, 0x04, 0x1a, 0x18, 0xa9, + 0xf7, 0x9b, 0x2e, 0xe1, 0xf2, 0x16, 0x99, 0xa0, + 0x27, 0x5f, 0x0c, 0x8f, 0x24, 0x55, 0x1d, 0xaf, + 0x96, 0x49, + }; + uint8_t take_ownership_response[] = { + 0x00, 0xc5, 0x00, 0x00, 0x01, 0x62, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x11, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x03, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x92, 0x61, 0xa5, + 0x30, 0x5f, 0x39, 0xb7, 0xc3, 0x51, 0x53, 0x84, + 0xaf, 0x51, 0x64, 0x65, 0xd7, 0x58, 0xda, 0x15, + 0xb0, 0xb8, 0xe8, 0xea, 0xf5, 0xb2, 0x21, 0x34, + 0x09, 0x71, 0xa0, 0xd5, 0x2b, 0x21, 0xd6, 0x16, + 0xbd, 0x03, 0xc3, 0x83, 0x7e, 0x48, 0x36, 0xd7, + 0xfa, 0xc7, 0x5e, 0x5e, 0xb4, 0xc3, 0x9f, 0x00, + 0xcc, 0x7a, 0x3e, 0x0a, 0x00, 0x34, 0xbd, 0xbc, + 0x7b, 0x28, 0x0e, 0x4a, 0xef, 0xa5, 0x86, 0x50, + 0xa5, 0xfe, 0x8f, 0x7d, 0xbc, 0x86, 0xf3, 0x3d, + 0x8c, 0x65, 0x4c, 0x3b, 0x29, 0x3b, 0x40, 0x8b, + 0xca, 0xf9, 0xa1, 0xc8, 0x62, 0x52, 0xe1, 0x1f, + 0x0d, 0x89, 0x71, 0xca, 0xbb, 0x64, 0xef, 0x3f, + 0x97, 0x97, 0xed, 0x57, 0xb3, 0xd8, 0x67, 0x4c, + 0x46, 0x1c, 0x35, 0x0c, 0xba, 0x12, 0xae, 0x2e, + 0x6d, 0xa7, 0x48, 0xd6, 0x9a, 0x8a, 0x60, 0x22, + 0xd9, 0xe5, 0x97, 0x50, 0xc1, 0x24, 0xaf, 0xb6, + 0x41, 0xfe, 0x6d, 0xfe, 0x28, 0x3f, 0xce, 0x35, + 0x9b, 0x77, 0xe9, 0xd5, 0x36, 0xdb, 0x70, 0x5e, + 0xd7, 0xb9, 0x89, 0xac, 0xae, 0x55, 0x59, 0x00, + 0x7d, 0x47, 0x5d, 0x73, 0x4f, 0x1b, 0x17, 0xfa, + 0xae, 0xb0, 0xf7, 0xb7, 0x63, 0x4d, 0xa9, 0x94, + 0x0c, 0x1e, 0x02, 0x59, 0x8d, 0x34, 0x1f, 0x01, + 0x6d, 0xa7, 0x05, 0xa7, 0xae, 0xbd, 0x9b, 0xfa, + 0xed, 0xe6, 0xe3, 0xf2, 0xc0, 0xa9, 0x16, 0xb6, + 0xd2, 0x23, 0x37, 0x2e, 0x43, 0x5e, 0x5f, 0xe6, + 0x77, 0x0d, 0x49, 0x48, 0x07, 0x57, 0x64, 0xd2, + 0xd9, 0x60, 0xff, 0xe3, 0x60, 0xb6, 0xd7, 0xa5, + 0xe3, 0xd8, 0xa3, 0x93, 0xb3, 0xe9, 0xeb, 0x1c, + 0x53, 0x42, 0x08, 0x9f, 0x0c, 0x13, 0x72, 0x3c, + 0x80, 0xf8, 0xa1, 0x8c, 0x4d, 0xe5, 0x1e, 0xe7, + 0xef, 0x2b, 0x33, 0x23, 0x1e, 0x5a, 0xf6, 0xc1, + 0x46, 0x78, 0x06, 0x7e, 0xe7, 0x00, 0x00, 0x00, + 0x00, 0xef, 0x84, 0x26, 0xd3, 0xb6, 0x27, 0x4a, + 0x4a, 0x0f, 0x84, 0x65, 0x4b, 0xff, 0x80, 0x7e, + 0xb5, 0xf6, 0xbe, 0x8c, 0xed, 0x00, 0xad, 0xd1, + 0x73, 0x8a, 0x55, 0x9f, 0x50, 0xb4, 0x34, 0xba, + 0x2d, 0x6d, 0x80, 0x3a, 0xdc, 0x82, 0x94, 0x3b, + 0x96, 0x58, + }; + uint8_t encrypted_secret[] = { + 0x46, 0x9a, 0x17, 0x31, 0x04, 0x72, 0x58, 0xcd, + 0xac, 0xe7, 0xa4, 0x1f, 0x48, 0xa3, 0x89, 0x10, + 0xac, 0x40, 0xe2, 0x66, 0xfa, 0xfd, 0xe9, 0xab, + 0x7a, 0x55, 0xd3, 0xc0, 0x61, 0xca, 0x28, 0x0d, + 0x29, 0x4a, 0xe4, 0x9a, 0xbe, 0x62, 0x51, 0xe8, + 0x3f, 0xbf, 0x84, 0xae, 0x4e, 0x6c, 0x0e, 0x11, + 0x2b, 0xba, 0x62, 0x5d, 0xf5, 0x9d, 0xf8, 0xcd, + 0x5c, 0x9d, 0x5b, 0xee, 0x5e, 0xdc, 0xaf, 0xc1, + 0xbf, 0x22, 0x14, 0x0d, 0x68, 0xdf, 0xe1, 0x94, + 0x6b, 0x06, 0xc4, 0x5b, 0xdd, 0xee, 0xd3, 0xef, + 0x67, 0xb5, 0xb0, 0xee, 0x58, 0x88, 0x2d, 0x5c, + 0x7d, 0xda, 0x83, 0xd5, 0xb5, 0x72, 0x43, 0x33, + 0xf7, 0x9e, 0xf0, 0x52, 0x8c, 0xc1, 0xf1, 0xea, + 0xcf, 0x9f, 0x0e, 0xfb, 0xb3, 0x03, 0xfe, 0xb3, + 0xb4, 0x38, 0xa2, 0xfb, 0x2f, 0x64, 0xb6, 0x42, + 0x4c, 0x76, 0x70, 0xfa, 0x67, 0xc0, 0x48, 0x98, + 0x52, 0x3e, 0xdb, 0xe6, 0xfe, 0x44, 0x96, 0x14, + 0x5a, 0x6a, 0x19, 0x53, 0x46, 0x13, 0xe6, 0xc9, + 0x21, 0xee, 0x8e, 0xc2, 0xf2, 0x39, 0x2d, 0xba, + 0x6f, 0xeb, 0x80, 0x89, 0xf3, 0xea, 0xfa, 0x5c, + 0x9c, 0x88, 0xe0, 0xb1, 0x53, 0xa0, 0xe5, 0xe0, + 0x90, 0x33, 0x9d, 0x9d, 0x5f, 0xba, 0x6d, 0x68, + 0xb2, 0x9f, 0x4f, 0xa1, 0x28, 0xf9, 0xc4, 0x53, + 0x72, 0x51, 0x48, 0x4b, 0xb3, 0xf9, 0x18, 0x43, + 0x3a, 0x85, 0xdc, 0x70, 0x46, 0x0c, 0x3c, 0xe1, + 0x17, 0x1c, 0x18, 0x6f, 0xfd, 0xff, 0x77, 0x8d, + 0x04, 0xfc, 0xb3, 0xc0, 0x9a, 0x03, 0x74, 0x1d, + 0x06, 0x8f, 0xb6, 0x0a, 0x3e, 0xea, 0x91, 0x87, + 0xa9, 0x68, 0x26, 0x91, 0x81, 0x02, 0xe4, 0x10, + 0x66, 0xb6, 0x5f, 0x43, 0x47, 0x55, 0x25, 0xe0, + 0xbd, 0xd3, 0xab, 0xbd, 0xfd, 0x15, 0x85, 0x39, + 0x22, 0x93, 0xfc, 0x9d, 0x74, 0x0e, 0xcf, 0x5a, + }; + uint8_t owner_secret[TPM_AUTH_DATA_LEN] = { 0 }; + + ResetMocks(); + calls[0].rsp = oiap_response; + calls[0].rsp_size = sizeof(oiap_response); + calls[1].rsp = take_ownership_response; + calls[1].rsp_size = sizeof(take_ownership_response); + TEST_EQ(TlclTakeOwnership(encrypted_secret, encrypted_secret, + owner_secret), TPM_SUCCESS, "TakeOwnership"); + TEST_EQ(calls[0].req_cmd, TPM_ORD_OIAP, " oiap cmd"); + TEST_EQ(calls[1].req_cmd, TPM_ORD_TakeOwnership, " takeownership cmd"); + + /* Verify that the response gets authenticated. */ + ResetMocks(); + calls[0].rsp = oiap_response; + calls[0].rsp_size = sizeof(oiap_response); + calls[1].rsp = take_ownership_response; + calls[1].rsp_size = sizeof(take_ownership_response); + take_ownership_response[334] = 0; + TEST_EQ(TlclTakeOwnership(encrypted_secret, encrypted_secret, + owner_secret), + TPM_E_AUTHFAIL, "TakeOwnership - response auth"); + TEST_EQ(calls[0].req_cmd, TPM_ORD_OIAP, " oiap cmd"); + TEST_EQ(calls[1].req_cmd, TPM_ORD_TakeOwnership, " takeownership cmd"); + take_ownership_response[334] = 0xad; + + /* Verify that a short OIAP response gets caught. */ + ResetMocks(); + calls[0].rsp = oiap_response; + calls[0].rsp_size = sizeof(oiap_response); + ToTpmUint32(oiap_response + sizeof(uint16_t), + kTpmRequestHeaderLength + sizeof(uint32_t) + + sizeof(TPM_NONCE) - 1); + TEST_EQ(TlclTakeOwnership(encrypted_secret, encrypted_secret, + owner_secret), + TPM_E_INVALID_RESPONSE, "TakeOwnership - short OIAP response"); + TEST_EQ(calls[0].req_cmd, TPM_ORD_OIAP, " oiap cmd"); + ToTpmUint32(oiap_response + sizeof(uint16_t), sizeof(oiap_response)); + + /* Verify that a short TakeOwnership response gets caught. */ + ResetMocks(); + calls[0].rsp = oiap_response; + calls[0].rsp_size = sizeof(oiap_response); + calls[1].rsp = take_ownership_response; + calls[1].rsp_size = sizeof(take_ownership_response); + ToTpmUint32(take_ownership_response + sizeof(uint16_t), + kTpmResponseHeaderLength + kTpmResponseAuthBlockLength - 1); + TEST_EQ(TlclTakeOwnership(encrypted_secret, encrypted_secret, + owner_secret), + TPM_E_INVALID_RESPONSE, + "TakeOwnership - short TakeOwnership response"); + TEST_EQ(calls[0].req_cmd, TPM_ORD_OIAP, " oiap cmd"); + TEST_EQ(calls[1].req_cmd, TPM_ORD_TakeOwnership, " takeownership cmd"); + ToTpmUint32(take_ownership_response + sizeof(uint16_t), + sizeof(take_ownership_response)); +} + int main(void) { TlclTest(); @@ -675,6 +824,7 @@ int main(void) GetVersionTest(); IFXFieldUpgradeInfoTest(); ReadPubekTest(); + TakeOwnershipTest(); return gTestSuccess ? 0 : 255; } diff --git a/utility/tlcl_generator.c b/utility/tlcl_generator.c index 5673c38b..972892f8 100644 --- a/utility/tlcl_generator.c +++ b/utility/tlcl_generator.c @@ -82,16 +82,20 @@ static void AddInitializedField(Command* cmd, int offset, /* Create a structure representing a TPM command datagram. */ -Command* newCommand(TPM_COMMAND_CODE code, int size) { +Command* newCommandWithTag(TPM_COMMAND_CODE code, int size, TPM_TAG tag) { Command* cmd = (Command*) calloc(1, sizeof(Command)); cmd->size = size; - AddInitializedField(cmd, 0, sizeof(TPM_TAG), TPM_TAG_RQU_COMMAND); + AddInitializedField(cmd, 0, sizeof(TPM_TAG), tag); AddInitializedField(cmd, sizeof(TPM_TAG), sizeof(uint32_t), size); AddInitializedField(cmd, sizeof(TPM_TAG) + sizeof(uint32_t), sizeof(TPM_COMMAND_CODE), code); return cmd; } +Command* newCommand(TPM_COMMAND_CODE code, int size) { + return newCommandWithTag(code, size, TPM_TAG_RQU_COMMAND); +} + /* The TPM_PCR_SELECTION structure in /usr/include/tss/tpm.h contains a pointer * instead of an array[3] of bytes, so we need to adjust sizes and offsets * accordingly. @@ -420,6 +424,74 @@ Command* BuildIFXFieldUpgradeInfoRequest2Command(void) { return cmd; } +Command* BuildOIAPCommand(void) { + int size = kTpmRequestHeaderLength; + Command* cmd = newCommand(TPM_ORD_OIAP, size); + cmd->name = "tpm_oiap_cmd"; + return cmd; +} + +Command* BuildTakeOwnershipCommand(void) { + Command* cmd = newCommandWithTag(TPM_ORD_TakeOwnership, 624, + TPM_TAG_RQU_AUTH1_COMMAND); + cmd->name = "tpm_takeownership_cmd"; + int offset = kTpmRequestHeaderLength; + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_PID_OWNER); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_RSA_2048_LEN); + offset += sizeof(uint32_t); + AddVisibleField(cmd, "encOwnerAuth", offset); + offset += sizeof(uint8_t[TPM_RSA_2048_LEN]); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_RSA_2048_LEN); + offset += sizeof(uint32_t); + AddVisibleField(cmd, "encSrkAuth", offset); + offset += sizeof(uint8_t[TPM_RSA_2048_LEN]); + + /* The remainder are the srkParams struct TPM_KEY12 contents. */ + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_TAG_KEY12); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), 0); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_KEY_USAGE_STORAGE); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* keyFlags */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint8_t), TPM_AUTH_ALWAYS); + offset += sizeof(uint8_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), TPM_ALG_RSA); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), + TPM_ES_RSAESOAEP_SHA1_MGF1); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint16_t), TPM_SS_NONE); + offset += sizeof(uint16_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 3 * sizeof(uint32_t) /* algorithmParams.parmSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 2048 /* algorithmParms.parms.keyLength */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 2 /* algorithmParms.parms.numPrimes */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), + 0 /* algorithmParms.parms.exponentSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* PCRInfoSize */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* pubkey.keyLength */); + offset += sizeof(uint32_t); + AddInitializedField(cmd, offset, sizeof(uint32_t), 0 /* encDataSize */); + offset += sizeof(uint32_t); + + /* Allocate space for the auth block. */ + offset += kTpmRequestAuthBlockLength; + + assert(offset == cmd->size); + + return cmd; +} + /* Output the fields of a structure. */ void OutputFields(Field* fld) { @@ -543,6 +615,8 @@ Command* (*builders[])(void) = { BuildExtendCommand, BuildGetVersionValCommand, BuildIFXFieldUpgradeInfoRequest2Command, + BuildOIAPCommand, + BuildTakeOwnershipCommand, }; static void FreeFields(Field* fld) { -- cgit v1.2.1