]> git.proxmox.com Git - swtpm.git/blob - src/swtpm_setup/swtpm.c
projects / swtpm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
swtpm_setup: Use pidfile filename rather than fd (Cygwni, BSDs)
[swtpm.git] / src / swtpm_setup / swtpm.c
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3 * swtpm.c: Programming of a swtpm using communication via fd-passing
4 *
5 * Author: Stefan Berger, stefanb@linux.ibm.com
6 *
7 * Copyright (c) IBM Corporation, 2021
8 */
9
10 #include "config.h"
11
12 #include <errno.h>
13 #include <stdio.h>
14 #include <stdint.h>
15 #include <string.h>
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <sys/stat.h>
19 #include <sys/wait.h>
20 #include <unistd.h>
21
22 #include <glib.h>
23
24 #include <openssl/bn.h>
25 #include <openssl/evp.h>
26 #include <openssl/hmac.h>
27 #include <openssl/rsa.h>
28 #include <openssl/sha.h>
29 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
30 # include <openssl/core_names.h>
31 # include <openssl/param_build.h>
32 #else
33 # include <openssl/rsa.h>
34 #endif
35
36 #include "swtpm.h"
37 #include "swtpm_utils.h"
38 #include "tpm_ioctl.h"
39 #include "sys_dependencies.h"
40
41 #define AS2BE(VAL) (((VAL) >> 8) & 0xff), ((VAL) & 0xff)
42 #define AS4BE(VAL) AS2BE((VAL) >> 16), AS2BE(VAL)
43 #define AS8BE(VAL) AS4BE((VAL) >> 32), AS4BE(VAL)
44
45 struct tpm_req_header {
46 uint16_t tag;
47 uint32_t size;
48 uint32_t ordinal;
49 } __attribute__((packed));
50
51 struct tpm_resp_header {
52 uint16_t tag;
53 uint32_t size;
54 uint32_t errcode;
55 } __attribute__((packed));
56
57 static int swtpm_start(struct swtpm *self)
58 {
59 g_autofree gchar *tpmstate = g_strdup_printf("backend-uri=%s", self->state_path);
60 g_autofree gchar *pidfile_arg = NULL;
61 g_autofree gchar *server_fd = NULL;
62 g_autofree gchar *ctrl_fd = NULL;
63 g_autofree gchar *keyopts = NULL;
64 g_autofree gchar *logop = NULL;
65 g_autofree gchar **argv = NULL;
66 struct stat statbuf;
67 gboolean success;
68 GError *error = NULL;
69 unsigned ctr;
70 int pidfile_fd;
71 int ret = 1;
72 char pidfile[] = "/tmp/.swtpm_setup.pidfile.XXXXXX";
73
74 pidfile_fd = mkstemp(pidfile);
75 if (pidfile_fd < 0) {
76 logerr(self->logfile, "Could not create pidfile: %s\n", strerror(errno));
77 goto error;
78 }
79 // pass filename rather than fd (Cygwin)
80 pidfile_arg = g_strdup_printf("file=%s", pidfile);
81
82 argv = concat_arrays(self->swtpm_exec_l,
83 (gchar*[]){
84 "--flags", "not-need-init,startup-clear",
85 "--tpmstate", tpmstate,
86 "--pid", pidfile_arg,
87 #if 0
88 "--log", "file=/tmp/log,level=20",
89 #endif
90 NULL
91 }, FALSE);
92
93 if (self->is_tpm2)
94 argv = concat_arrays(argv, (gchar*[]){"--tpm2", NULL}, TRUE);
95
96 if (self->keyopts != NULL) {
97 keyopts = g_strdup(self->keyopts);
98 argv = concat_arrays(argv, (gchar*[]){"--key", keyopts, NULL}, TRUE);
99 }
100
101 if (gl_LOGFILE != NULL) {
102 logop = g_strdup_printf("file=%s", gl_LOGFILE);
103 argv = concat_arrays(argv, (gchar*[]){"--log", logop, NULL}, TRUE);
104 }
105
106 if (socketpair(AF_UNIX, SOCK_STREAM, 0, self->ctrl_fds) != 0) {
107 logerr(self->logfile, "Could not create socketpair: %s\n", strerror(errno));
108 goto error;
109 }
110 ctrl_fd = g_strdup_printf("type=unixio,clientfd=%d", self->ctrl_fds[1]);
111
112 if (socketpair(AF_UNIX, SOCK_STREAM, 0, self->data_fds) != 0) {
113 logerr(self->logfile, "Could not create socketpair: %s\n", strerror(errno));
114 goto error;
115 }
116 server_fd = g_strdup_printf("type=tcp,fd=%d", self->data_fds[1]);
117
118 argv = concat_arrays(argv, (gchar*[]){
119 "--server", server_fd,
120 "--ctrl", ctrl_fd,
121 NULL
122 }, TRUE);
123
124 #if 0
125 {
126 g_autofree gchar *join = g_strjoinv(" ", argv);
127 logit(self->logfile, "Starting swtpm: %s\n", join);
128 }
129 #endif
130
131 success = g_spawn_async(NULL, argv, NULL,
132 G_SPAWN_LEAVE_DESCRIPTORS_OPEN | G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
133 NULL, NULL, &self->pid, &error);
134 if (!success) {
135 logerr(self->logfile, "Could not start swtpm: %s\n", error->message);
136 g_error_free(error);
137 goto error;
138 }
139
140 /* wait until the pidfile is written to or swtpm terminates */
141 for (ctr = 0; ctr < 1000; ctr++) {
142 if (kill(self->pid, 0) < 0) {
143 /* swtpm terminated */
144 self->pid = 0;
145 logerr(self->logfile, "swtpm process terminated unexpectedly.\n");
146 self->cops->stop(self);
147 goto error;
148 }
149 if (fstat(pidfile_fd, &statbuf) == 0 && statbuf.st_size > 0) {
150 printf("TPM is listening on Unix socket.\n");
151 ret = 0;
152 break;
153 }
154 usleep(5000);
155 }
156
157 error:
158 close(pidfile_fd);
159 unlink(pidfile);
160 return ret;
161 }
162
163 /* Stop a running swtpm instance and close all the file descriptors connecting to it */
164 static void swtpm_stop(struct swtpm *self)
165 {
166 unsigned c;
167 gboolean ended = FALSE;
168
169 if (self->pid > 0) {
170 self->cops->ctrl_shutdown(self);
171 for (c = 0; c < 500; c++) {
172 if (kill(self->pid, 0) < 0) {
173 ended = TRUE;
174 break;
175 }
176 usleep(1000);
177 }
178 if (!ended)
179 kill(self->pid, SIGKILL);
180 waitpid(self->pid, NULL, 0);
181
182 self->pid = 0;
183 }
184
185 if (self->ctrl_fds[0] >= 0) {
186 close(self->ctrl_fds[0]);
187 close(self->ctrl_fds[1]);
188 self->ctrl_fds[0] = self->ctrl_fds[1] = -1;
189 }
190
191 if (self->data_fds[0] >= 0) {
192 close(self->data_fds[0]);
193 close(self->data_fds[1]);
194 self->data_fds[0] = self->data_fds[1] = -1;
195 }
196 }
197
198 /* Destroy a running swtpm instance */
199 static void swtpm_destroy(struct swtpm *self)
200 {
201 self->cops->stop(self);
202 }
203
204 /* Send a command to swtpm and receive the response either via control or data channel */
205 static int transfer(struct swtpm *self, void *buffer, size_t buffer_len,
206 const char *cmdname, gboolean use_ctrl,
207 void *respbuffer, size_t *respbuffer_len)
208 {
209 size_t offset;
210 int sockfd;
211 ssize_t n;
212 unsigned char resp[4096];
213 ssize_t resplen;
214 uint32_t returncode;
215
216 if (use_ctrl) {
217 sockfd = self->ctrl_fds[0];
218 offset = 0;
219 } else {
220 sockfd = self->data_fds[0];
221 offset = 6;
222 }
223
224 n = write(sockfd, buffer, buffer_len);
225 if (n < 0) {
226 logerr(self->logfile, "Could not send %s buffer to swtpm: %s\n",
227 cmdname, strerror(errno));
228 return 1;
229 }
230 if ((size_t)n != buffer_len) {
231 logerr(self->logfile, "Could not send all bytes to swtpm: %zu < %zu\n",
232 (size_t)n, buffer_len);
233 return 1;
234 }
235
236 resplen = read(sockfd, resp, sizeof(resp));
237 if (resplen < 0) {
238 logerr(self->logfile, "Could not receive response to %s from swtpm: %s\n",
239 cmdname, strerror(errno));
240 return 1;
241 }
242
243 if (!use_ctrl) {
244 if ((size_t)resplen < sizeof(struct tpm_resp_header)) {
245 logerr(self->logfile,
246 "Response for %s has only %d bytes.\n", cmdname, resplen);
247 return 1;
248 }
249 } else if ((size_t)resplen < 4) {
250 logerr(self->logfile,
251 "Response for %s has only %d bytes.\n", cmdname, resplen);
252 return 1;
253 }
254
255 memcpy(&returncode, &resp[offset], sizeof(returncode));
256 returncode = be32toh(returncode);
257 if (returncode != 0) {
258 logerr(self->logfile,
259 "%s failed: 0x%x\n", cmdname, returncode);
260 return 1;
261 }
262
263 if (respbuffer) {
264 *respbuffer_len = min((size_t)resplen, *respbuffer_len);
265 memcpy(respbuffer, resp, *respbuffer_len);
266 }
267
268 return 0;
269 }
270
271 /* Send a CMD_SHUTDOWN over the control channel */
272 static int swtpm_ctrl_shutdown(struct swtpm *self)
273 {
274 uint32_t cmd = htobe32(CMD_SHUTDOWN);
275
276 return transfer(self, &cmd, sizeof(cmd), "CMD_SHUTDOWN", TRUE, NULL, 0);
277 }
278
279 /* Get the TPM specification parameters over the control channel */
280 static int swtpm_ctrl_get_tpm_specs_and_attrs(struct swtpm *self, gchar **result)
281 {
282 unsigned char req[] = {AS4BE(CMD_GET_INFO),
283 AS8BE(SWTPM_INFO_TPMSPECIFICATION | SWTPM_INFO_TPMATTRIBUTES),
284 AS4BE(0), AS4BE(0)};
285 unsigned char tpmresp[1024];
286 size_t tpmresp_len = sizeof(tpmresp);
287 int ret;
288 uint32_t length;
289
290 ret = transfer(self, req, sizeof(req), "CMD_GET_INFO", TRUE, tpmresp, &tpmresp_len);
291 if (ret != 0)
292 return 1;
293
294 if (tpmresp_len < 8 + sizeof(length))
295 goto err_too_short;
296 memcpy(&length, &tpmresp[8], sizeof(length));
297 length = htobe32(length);
298
299 if (tpmresp_len < 12 + length)
300 goto err_too_short;
301 *result = g_strndup((gchar *)&tpmresp[12], length);
302
303 return 0;
304
305 err_too_short:
306 logerr(self->logfile, "Response from CMD_GET_INFO is too short!\n");
307
308 return 1;
309 }
310
311 static const struct swtpm_cops swtpm_cops = {
312 .start = swtpm_start,
313 .stop = swtpm_stop,
314 .destroy = swtpm_destroy,
315 .ctrl_shutdown = swtpm_ctrl_shutdown,
316 .ctrl_get_tpm_specs_and_attrs = swtpm_ctrl_get_tpm_specs_and_attrs,
317 };
318
319 /*
320 * TPM 2 support
321 */
322
323 #define TPM2_ST_NO_SESSIONS 0x8001
324 #define TPM2_ST_SESSIONS 0x8002
325
326 #define TPM2_CC_EVICTCONTROL 0x00000120
327 #define TPM2_CC_NV_DEFINESPACE 0x0000012a
328 #define TPM2_CC_PCR_ALLOCATE 0x0000012b
329 #define TPM2_CC_CREATEPRIMARY 0x00000131
330 #define TPM2_CC_NV_WRITE 0x00000137
331 #define TPM2_CC_NV_WRITELOCK 0x00000138
332 #define TPM2_CC_SHUTDOWN 0x00000145
333 #define TPM2_CC_GETCAPABILITY 0x0000017a
334
335 #define TPM2_SU_CLEAR 0x0000
336
337 #define TPM2_RH_OWNER 0x40000001
338 #define TPM2_RS_PW 0x40000009
339 #define TPM2_RH_ENDORSEMENT 0x4000000b
340 #define TPM2_RH_PLATFORM 0x4000000c
341
342 #define TPM2_ALG_RSA 0x0001
343 #define TPM2_ALG_SHA1 0x0004
344 #define TPM2_ALG_AES 0x0006
345 #define TPM2_ALG_SHA256 0x000b
346 #define TPM2_ALG_SHA384 0x000c
347 #define TPM2_ALG_SHA512 0x000d
348 #define TPM2_ALG_SHA3_256 0x0027
349 #define TPM2_ALG_SHA3_384 0x0028
350 #define TPM2_ALG_SHA3_512 0x0029
351 #define TPM2_ALG_NULL 0x0010
352 #define TPM2_ALG_SM3 0x0012
353 #define TPM2_ALG_ECC 0x0023
354 #define TPM2_ALG_CFB 0x0043
355
356 #define TPM2_CAP_PCRS 0x00000005
357
358 #define TPM2_ECC_NIST_P384 0x0004
359
360 #define TPMA_NV_PLATFORMCREATE 0x40000000
361 #define TPMA_NV_AUTHREAD 0x40000
362 #define TPMA_NV_NO_DA 0x2000000
363 #define TPMA_NV_PPWRITE 0x1
364 #define TPMA_NV_PPREAD 0x10000
365 #define TPMA_NV_OWNERREAD 0x20000
366 #define TPMA_NV_WRITEDEFINE 0x2000
367
368 // Use standard EK Cert NVRAM, EK and SRK handles per IWG spec.
369 // "TCG TPM v2.0 Provisioning Guide"; Version 1.0, Rev 1.0, March 15, 2017
370 // Table 2
371 #define TPM2_NV_INDEX_RSA2048_EKCERT 0x01c00002
372 #define TPM2_NV_INDEX_RSA2048_EKTEMPLATE 0x01c00004
373 #define TPM2_NV_INDEX_RSA3072_HI_EKCERT 0x01c0001c
374 #define TPM2_NV_INDEX_RSA3072_HI_EKTEMPLATE 0x01c0001d
375 // For ECC follow "TCG EK Credential Profile For TPM Family 2.0; Level 0"
376 // Specification Version 2.1; Revision 13; 10 December 2018
377 #define TPM2_NV_INDEX_PLATFORMCERT 0x01c08000
378
379 #define TPM2_NV_INDEX_ECC_SECP384R1_HI_EKCERT 0x01c00016
380 #define TPM2_NV_INDEX_ECC_SECP384R1_HI_EKTEMPLATE 0x01c00017
381
382 #define TPM2_EK_RSA_HANDLE 0x81010001
383 #define TPM2_EK_RSA3072_HANDLE 0x8101001c
384 #define TPM2_EK_ECC_SECP384R1_HANDLE 0x81010016
385 #define TPM2_SPK_HANDLE 0x81000001
386
387 #define TPM_REQ_HEADER_INITIALIZER(TAG, SIZE, ORD) \
388 { \
389 .tag = htobe16(TAG), \
390 .size = htobe32(SIZE), \
391 .ordinal = htobe32(ORD), \
392 }
393
394 struct tpm2_authblock {
395 uint32_t auth;
396 uint16_t foo; // FIXME
397 uint8_t continueSession;
398 uint16_t bar; // FIMXE
399 } __attribute__((packed));
400
401 #define TPM2_AUTHBLOCK_INITIALIZER(AUTH, FOO, CS, BAR) \
402 { \
403 .auth = htobe32(AUTH), \
404 .foo = htobe16(FOO), \
405 .continueSession = CS, \
406 .bar = htobe16(BAR), \
407 }
408
409 static const unsigned char NONCE_EMPTY[2] = {AS2BE(0)};
410 static const unsigned char NONCE_RSA2048[2+0x100] = {AS2BE(0x100), 0, };
411 static const unsigned char NONCE_RSA3072[2+0x180] = {AS2BE(0x180), 0, };
412 static const unsigned char NONCE_ECC_384[2+0x30] = {AS2BE(0x30), 0, };
413
414 static const struct bank_to_name {
415 uint16_t hashAlg;
416 const char *name;
417 } banks_to_names[] = {
418 {TPM2_ALG_SHA1, "sha1"},
419 {TPM2_ALG_SHA256, "sha256"},
420 {TPM2_ALG_SHA384, "sha384"},
421 {TPM2_ALG_SHA512, "sha512"},
422 {TPM2_ALG_SM3, "sm3-256"},
423 {TPM2_ALG_SHA3_256, "sha3-256"},
424 {TPM2_ALG_SHA3_384, "sha3-384"},
425 {TPM2_ALG_SHA3_512, "sha3-512"},
426 {0, NULL},
427 };
428
429 /* function prototypes */
430 static int swtpm_tpm2_createprimary_rsa(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
431 const unsigned char *symkeydata, size_t symkeydata_len,
432 const unsigned char *authpolicy, size_t authpolicy_len,
433 unsigned int rsa_keysize, gboolean havenonce, size_t off,
434 uint32_t *curr_handle,
435 unsigned char *ektemplate, size_t *ektemplate_len,
436 gchar **ekparam, const gchar **key_description);
437
438 static int swtpm_tpm2_write_nvram(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
439 const unsigned char *data, size_t data_len, gboolean lock_nvram,
440 const char *purpose);
441
442 /* Given a hash algo identifier, return the name of the hash bank */
443 static const char *get_name_for_bank(uint16_t hashAlg) {
444 size_t i;
445
446 for (i = 0; banks_to_names[i].name; i++) {
447 if (banks_to_names[i].hashAlg == hashAlg)
448 return banks_to_names[i].name;
449 }
450 return NULL;
451 }
452
453 /* Give the name of a hash bank, return its algo identifer */
454 static uint16_t get_hashalg_by_bankname(const char *name) {
455 size_t i;
456
457 for (i = 0; banks_to_names[i].name; i++) {
458 if (strcmp(banks_to_names[i].name, name) == 0)
459 return banks_to_names[i].hashAlg;
460 }
461 return 0;
462 }
463
464 /* Do an SU_CLEAR shutdown of the TPM 2 */
465 static int swtpm_tpm2_shutdown(struct swtpm *self)
466 {
467 struct tpm2_shutdown_req {
468 struct tpm_req_header hdr;
469 uint16_t shutdownType;
470 } __attribute__((packed)) req = {
471 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_NO_SESSIONS, sizeof(req), TPM2_CC_SHUTDOWN),
472 .shutdownType = htobe16(TPM2_SU_CLEAR)
473 };
474
475 return transfer(self, &req, sizeof(req), "TPM2_Shutdown", FALSE, NULL, NULL);
476 }
477
478 /* Get all available PCR banks */
479 static int swtpm_tpm2_get_all_pcr_banks(struct swtpm *self, gchar ***all_pcr_banks)
480 {
481 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_NO_SESSIONS, 0, TPM2_CC_GETCAPABILITY);
482 g_autofree unsigned char *req = NULL;
483 ssize_t req_len;
484 unsigned char tpmresp[256];
485 size_t tpmresp_len = sizeof(tpmresp);
486 uint16_t count, bank;
487 const char *name;
488 uint8_t length;
489 size_t offset;
490 size_t i;
491 int ret;
492
493 req_len = memconcat(&req,
494 &hdr, sizeof(hdr),
495 (unsigned char[]){AS4BE(TPM2_CAP_PCRS), AS4BE(0), AS4BE(64)}, (size_t)12,
496 NULL);
497 if (req_len < 0) {
498 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
499 return 1;
500 }
501 ((struct tpm_req_header *)req)->size = htobe32(req_len);
502
503 ret = transfer(self, req, req_len, "TPM2_GetCapability", FALSE, tpmresp, &tpmresp_len);
504 if (ret != 0)
505 return 1;
506
507 if (tpmresp_len < 17 + sizeof(count))
508 goto err_too_short;
509 memcpy(&count, &tpmresp[17], sizeof(count));
510 count = be16toh(count);
511
512 *all_pcr_banks = g_malloc0(sizeof(char *) * (count + 1));
513
514 offset = 19;
515
516 for (i = 0; i < count; i++) {
517 gchar *n;
518
519 if (tpmresp_len < offset + sizeof(bank))
520 goto err_too_short;
521 memcpy(&bank, &tpmresp[offset], sizeof(bank));
522 bank = be16toh(bank);
523
524 if (tpmresp_len < offset + 2 + sizeof(length))
525 goto err_too_short;
526 length = tpmresp[offset + 2];
527
528 name = get_name_for_bank(bank);
529 if (name != NULL)
530 n = g_strdup(name);
531 else
532 n = g_strdup_printf("%02x", bank);
533
534 (*all_pcr_banks)[i] = n;
535
536 offset += 2 + 1 + length;
537 }
538 return 0;
539
540 err_too_short:
541 logerr(self->logfile, "Response from TPM2_GetCapability is too short!\n");
542 return 1;
543 }
544
545 /* Activate all user-chosen PCR banks and deactivate all others */
546 static int swtpm_tpm2_set_active_pcr_banks(struct swtpm *self, gchar **pcr_banks,
547 gchar **all_pcr_banks, gchar ***active)
548 {
549 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_PCR_ALLOCATE);
550 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
551 unsigned char pcrselects[6 * 10]; // supports up to 10 PCR banks
552 ssize_t pcrselects_len = 0;
553 size_t count = 0;
554 size_t idx, j;
555 uint16_t hashAlg;
556 g_autofree unsigned char *req = NULL;
557 ssize_t req_len, len;
558 int ret;
559 uint64_t activated_mask = 0;
560
561 for (idx = 0; pcr_banks[idx] != NULL; idx++)
562 ;
563 *active = g_malloc0(sizeof(char *) * (idx + 1));
564
565 for (idx = 0; pcr_banks[idx] != NULL; idx++) {
566 hashAlg = 0;
567 // Is user-chosen pcr_banks[idx] available?
568 for (j = 0; all_pcr_banks[j] != NULL; j++) {
569 if (strcmp(pcr_banks[idx], all_pcr_banks[j]) == 0) {
570 hashAlg = get_hashalg_by_bankname(pcr_banks[idx]);
571 break;
572 }
573 }
574 if (hashAlg != 0 && (activated_mask & (1 << j)) == 0) {
575 (*active)[count] = g_strdup(pcr_banks[idx]);
576 len = concat(&pcrselects[pcrselects_len], sizeof(pcrselects) - pcrselects_len,
577 (unsigned char[]){AS2BE(hashAlg), 3, 0xff, 0xff, 0xff} , (size_t)6,
578 NULL);
579 if (len < 0) {
580 logerr(self->logfile, "Internal error in %s: pcrselects is too small\n", __func__);
581 return 1;
582 }
583 pcrselects_len += len;
584 count++;
585 activated_mask |= (1 << j);
586 }
587 }
588
589 if (count == 0) {
590 logerr(self->logfile,
591 "No PCR banks could be allocated. None of the selected algorithms are supported.\n");
592 goto error;
593 }
594
595 // disable all the other ones not chosen by the user
596 for (idx = 0; all_pcr_banks[idx] != NULL; idx++) {
597 gboolean found = FALSE;
598
599 for (j = 0; pcr_banks[j] != NULL; j++) {
600 if (strcmp(pcr_banks[j], all_pcr_banks[idx]) == 0) {
601 found = TRUE;
602 break;
603 }
604 }
605 if (found)
606 continue;
607
608 /* not found, so not chosen by user */
609 hashAlg = get_hashalg_by_bankname(all_pcr_banks[idx]);
610
611 len = concat(&pcrselects[pcrselects_len], sizeof(pcrselects) - pcrselects_len,
612 (unsigned char[]){AS2BE(hashAlg), 3, 0, 0, 0}, (size_t)6,
613 NULL);
614 if (len < 0) {
615 logerr(self->logfile, "Internal error in %s: pcrselects is too small\n", __func__);
616 goto error;
617 }
618 pcrselects_len += len;
619 count++;
620 }
621
622 req_len = memconcat(&req,
623 &hdr, sizeof(hdr),
624 (unsigned char[]){
625 AS4BE(TPM2_RH_PLATFORM), AS4BE(sizeof(authblock))
626 }, (size_t)8,
627 &authblock, sizeof(authblock),
628 (unsigned char[]){AS4BE(count)}, (size_t)4,
629 pcrselects, pcrselects_len,
630 NULL);
631 if (req_len < 0) {
632 logerr(self->logfile, "Internal error in %s: req is too small\n", __func__);
633 goto error;
634 }
635 ((struct tpm_req_header *)req)->size = htobe32(req_len);
636
637 ret = transfer(self, req, req_len, "TPM2_PCR_Allocate", FALSE, NULL, 0);
638 if (ret != 0)
639 goto error;
640
641 return 0;
642
643 error:
644 g_strfreev(*active);
645 *active = NULL;
646
647 return 1;
648 }
649
650 /* Make object at the curr_handler permanent with the perm_handle */
651 static int swtpm_tpm2_evictcontrol(struct swtpm *self, uint32_t curr_handle, uint32_t perm_handle)
652 {
653 struct tpm2_evictcontrol_req {
654 struct tpm_req_header hdr;
655 uint32_t auth;
656 uint32_t objectHandle;
657 uint32_t authblockLen;
658 struct tpm2_authblock authblock;
659 uint32_t persistentHandle;
660 } __attribute__((packed)) req = {
661 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, sizeof(req), TPM2_CC_EVICTCONTROL),
662 .auth = htobe32(TPM2_RH_OWNER),
663 .objectHandle = htobe32(curr_handle),
664 .authblockLen = htobe32(sizeof(req.authblock)),
665 .authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0),
666 .persistentHandle = htobe32(perm_handle),
667 };
668
669 return transfer(self, &req, sizeof(req), "TPM2_EvictControl", FALSE, NULL, 0);
670 }
671
672 /* Create an RSA EK */
673 static int swtpm_tpm2_createprimary_ek_rsa(struct swtpm *self, unsigned int rsa_keysize,
674 gboolean allowsigning, gboolean decryption,
675 uint32_t *curr_handle,
676 unsigned char *ektemplate, size_t *ektemplate_len,
677 gchar **ekparam, const gchar **key_description)
678 {
679 unsigned char authpolicy[48];
680 size_t authpolicy_len;
681 unsigned char symkeydata[6];
682 size_t symkeydata_len;
683 unsigned int keyflags;
684 unsigned int symkeylen;
685 gboolean havenonce;
686 size_t addlen, off;
687
688 if (rsa_keysize == 2048) {
689 authpolicy_len = 32;
690 memcpy(authpolicy, ((unsigned char []){
691 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xb3, 0xf8, 0x1a, 0x90, 0xcc, 0x8d,
692 0x46, 0xa5, 0xd7, 0x24, 0xfd, 0x52, 0xd7, 0x6e, 0x06, 0x52, 0x0b, 0x64,
693 0xf2, 0xa1, 0xda, 0x1b, 0x33, 0x14, 0x69, 0xaa
694 }), authpolicy_len);
695 keyflags = 0;
696 symkeylen = 128;
697 havenonce = TRUE;
698 addlen = 0;
699 } else if (rsa_keysize == 3072) {
700 authpolicy_len = 48;
701 memcpy(authpolicy, ((unsigned char []){
702 0xB2, 0x6E, 0x7D, 0x28, 0xD1, 0x1A, 0x50, 0xBC, 0x53, 0xD8, 0x82, 0xBC,
703 0xF5, 0xFD, 0x3A, 0x1A, 0x07, 0x41, 0x48, 0xBB, 0x35, 0xD3, 0xB4, 0xE4,
704 0xCB, 0x1C, 0x0A, 0xD9, 0xBD, 0xE4, 0x19, 0xCA, 0xCB, 0x47, 0xBA, 0x09,
705 0x69, 0x96, 0x46, 0x15, 0x0F, 0x9F, 0xC0, 0x00, 0xF3, 0xF8, 0x0E, 0x12
706 }), authpolicy_len);
707 keyflags = 0x40;
708 symkeylen = 256;
709 havenonce = FALSE;
710 addlen = 16;
711 } else {
712 logerr(self->logfile, "Internal error in %s: unsupported RSA keysize %d.\n",
713 __func__, rsa_keysize);
714 return 1;
715 }
716
717 if (allowsigning && decryption) {
718 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
719 // adminWithPolicy, sign, decrypt
720 keyflags |= 0x000600b2;
721 // symmetric: TPM_ALG_NULL
722 symkeydata_len = 2;
723 memcpy(symkeydata, ((unsigned char[]) {AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
724 off = 72 + addlen;
725 } else if (allowsigning) {
726 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
727 // adminWithPolicy, sign
728 keyflags |= 0x000400b2;
729 // symmetric: TPM_ALG_NULL
730 symkeydata_len = 2;
731 memcpy(symkeydata, ((unsigned char[]) {AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
732 off = 72 + addlen;
733 } else {
734 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
735 // adminWithPolicy, restricted, decrypt
736 keyflags |= 0x000300b2;
737 // symmetric: TPM_ALG_AES, 128bit or 256bit, TPM_ALG_CFB
738 symkeydata_len = 6;
739 memcpy(symkeydata,
740 ((unsigned char[]) {AS2BE(TPM2_ALG_AES), AS2BE(symkeylen), AS2BE(TPM2_ALG_CFB)}),
741 symkeydata_len);
742 off = 76 + addlen;
743 }
744
745 return swtpm_tpm2_createprimary_rsa(self, TPM2_RH_ENDORSEMENT, keyflags,
746 symkeydata, symkeydata_len,
747 authpolicy, authpolicy_len, rsa_keysize,
748 havenonce, off, curr_handle,
749 ektemplate, ektemplate_len, ekparam, key_description);
750 }
751
752 /* Create an RSA key with the given parameters */
753 static int swtpm_tpm2_createprimary_rsa(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
754 const unsigned char *symkeydata, size_t symkeydata_len,
755 const unsigned char *authpolicy, size_t authpolicy_len,
756 unsigned int rsa_keysize, gboolean havenonce, size_t off,
757 uint32_t *curr_handle,
758 unsigned char *ektemplate, size_t *ektemplate_len,
759 gchar **ekparam, const gchar **key_description)
760 {
761 const unsigned char *nonce;
762 size_t nonce_len;
763 uint16_t hashalg;
764 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_CREATEPRIMARY);
765 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
766 g_autofree unsigned char *public = NULL;
767 ssize_t public_len;
768 g_autofree unsigned char *createprimary = NULL;
769 ssize_t createprimary_len;
770 int ret;
771 unsigned char tpmresp[2048];
772 size_t tpmresp_len = sizeof(tpmresp);
773 uint16_t modlen;
774
775 if (rsa_keysize == 2048) {
776 nonce = NONCE_RSA2048;
777 nonce_len = sizeof(NONCE_RSA2048);
778 hashalg = TPM2_ALG_SHA256;
779 if (key_description)
780 *key_description = "rsa2048";
781 } else if (rsa_keysize == 3072) {
782 if (!havenonce) {
783 nonce = NONCE_EMPTY;
784 nonce_len = sizeof(NONCE_EMPTY);
785 } else {
786 nonce = NONCE_RSA3072;
787 nonce_len = sizeof(NONCE_RSA3072);
788 }
789 hashalg = TPM2_ALG_SHA384;
790 if (key_description)
791 *key_description = "rsa3072";
792 } else {
793 logerr(self->logfile, "Internal error in %s: unsupported RSA keysize %d.\n",
794 __func__, rsa_keysize);
795 return 1;
796 }
797
798 public_len =
799 memconcat(&public,
800 (unsigned char[]) {
801 AS2BE(TPM2_ALG_RSA), AS2BE(hashalg),
802 AS4BE(keyflags), AS2BE(authpolicy_len)
803 }, (size_t)10,
804 authpolicy, authpolicy_len,
805 symkeydata, symkeydata_len,
806 (unsigned char[]) {
807 AS2BE(TPM2_ALG_NULL), AS2BE(rsa_keysize), AS4BE(0)
808 }, (size_t)8,
809 nonce, nonce_len,
810 NULL);
811 if (public_len < 0) {
812 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
813 return 1;
814 }
815 if (ektemplate) {
816 if (*ektemplate_len < (size_t)public_len) {
817 logerr(self->logfile, "Internal error in %s: Need %zu bytes for ektemplate (rsa) but got only %zu\n",
818 __func__, public_len, *ektemplate_len);
819 return 1;
820 }
821 memcpy(ektemplate, public, public_len);
822 *ektemplate_len = public_len;
823 }
824
825 createprimary_len =
826 memconcat(&createprimary,
827 &hdr, sizeof(hdr),
828 (unsigned char[]) {AS4BE(primaryhandle), AS4BE(sizeof(authblock))}, (size_t)8,
829 &authblock, sizeof(authblock),
830 (unsigned char[]) {AS2BE(4), AS4BE(0), AS2BE(public_len)}, (size_t)8,
831 public, public_len,
832 (unsigned char[]) {AS4BE(0), AS2BE(0)}, (size_t)6,
833 NULL);
834 if (createprimary_len < 0) {
835 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
836 return 1;
837 }
838 ((struct tpm_req_header *)createprimary)->size = htobe32(createprimary_len);
839
840 ret = transfer(self, createprimary, createprimary_len, "TPM2_CreatePrimary(RSA)", FALSE,
841 tpmresp, &tpmresp_len);
842 if (ret != 0)
843 return 1;
844
845 if (curr_handle) {
846 if (tpmresp_len < 10 + sizeof(*curr_handle))
847 goto err_too_short;
848 memcpy(curr_handle, &tpmresp[10], sizeof(*curr_handle));
849 *curr_handle = be32toh(*curr_handle);
850 }
851
852 if (tpmresp_len < off + sizeof(modlen))
853 goto err_too_short;
854 memcpy(&modlen, &tpmresp[off], sizeof(modlen));
855 modlen = be16toh(modlen);
856 if (modlen != rsa_keysize >> 3) {
857 logerr(self->logfile, "Internal error in %s: Getting modulus from wrong offset %zu\n",
858 __func__, off);
859 return 1;
860 }
861 if (ekparam) {
862 if (tpmresp_len < off + 2 + modlen)
863 goto err_too_short;
864 *ekparam = print_as_hex(&tpmresp[off + 2], modlen);
865 }
866
867 return 0;
868
869 err_too_short:
870 logerr(self->logfile, "Response from TPM2_CreatePrimary(RSA) is too short!\n");
871 return 1;
872 }
873
874 /* Create an ECC key with the given parameters */
875 static int swtpm_tpm2_createprimary_ecc(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
876 const unsigned char *symkeydata, size_t symkeydata_len,
877 const unsigned char *authpolicy, size_t authpolicy_len,
878 unsigned short curveid, unsigned short hashalg,
879 const unsigned char *nonce, size_t nonce_len,
880 size_t off, uint32_t *curr_handle,
881 unsigned char *ektemplate, size_t *ektemplate_len,
882 gchar **ekparam, const gchar **key_description)
883 {
884 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_CREATEPRIMARY);
885 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
886 g_autofree unsigned char *public = NULL;
887 ssize_t public_len;
888 g_autofree unsigned char *createprimary = NULL;
889 ssize_t createprimary_len;
890 int ret;
891 unsigned char tpmresp[2048];
892 size_t tpmresp_len = sizeof(tpmresp);
893 size_t off2;
894 uint16_t exp_ksize, ksize1, ksize2;
895 const char *cid;
896
897 public_len =
898 memconcat(&public,
899 (unsigned char[]){
900 AS2BE(TPM2_ALG_ECC), AS2BE(hashalg), AS4BE(keyflags), AS2BE(authpolicy_len)
901 }, (size_t)10,
902 authpolicy, authpolicy_len,
903 symkeydata, symkeydata_len,
904 (unsigned char[]) {AS2BE(TPM2_ALG_NULL), AS2BE(curveid), AS2BE(TPM2_ALG_NULL)}, (size_t)6,
905 nonce, nonce_len,
906 nonce, nonce_len,
907 NULL);
908 if (public_len < 0) {
909 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
910 return 1;
911 }
912 if (ektemplate) {
913 if (*ektemplate_len < (size_t)public_len) {
914 logerr(self->logfile, "Internal error: Need %zu bytes for ektemplate (ecc) but got only %zu\n",
915 public_len, ektemplate_len);
916 return 1;
917 }
918 memcpy(ektemplate, public, public_len);
919 *ektemplate_len = public_len;
920 }
921
922 createprimary_len =
923 memconcat(&createprimary,
924 &hdr, sizeof(hdr),
925 (unsigned char[]) {AS4BE(primaryhandle), AS4BE(sizeof(authblock))}, (size_t)8,
926 &authblock, sizeof(authblock),
927 (unsigned char[]) {AS2BE(4), AS4BE(0), AS2BE(public_len)}, (size_t)8,
928 public, public_len,
929 (unsigned char[]) {AS4BE(0), AS2BE(0)}, (size_t)6,
930 NULL);
931 if (createprimary_len < 0) {
932 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
933 return 1;
934 }
935 ((struct tpm_req_header *)createprimary)->size = htobe32(createprimary_len);
936
937 ret = transfer(self, createprimary, createprimary_len, "TPM2_CreatePrimary(ECC)", FALSE,
938 tpmresp, &tpmresp_len);
939 if (ret != 0)
940 return 1;
941 if (curr_handle) {
942 if (tpmresp_len < 10 + sizeof(*curr_handle))
943 goto err_too_short;
944 memcpy(curr_handle, &tpmresp[10], sizeof(*curr_handle));
945 *curr_handle = be32toh(*curr_handle);
946 }
947
948 if (curveid == TPM2_ECC_NIST_P384) {
949 exp_ksize = 48;
950 cid = "secp384r1";
951 if (key_description)
952 *key_description = cid;
953 } else {
954 logerr(self->logfile, "Unknown curveid 0x%x\n", curveid);
955 return 1;
956 }
957
958 if (tpmresp_len < off + sizeof(ksize1))
959 goto err_too_short;
960 memcpy(&ksize1, &tpmresp[off], sizeof(ksize1));
961 ksize1 = be16toh(ksize1);
962 off2 = off + 2 + ksize1;
963
964 if (tpmresp_len < off2 + sizeof(ksize2))
965 goto err_too_short;
966 memcpy(&ksize2, &tpmresp[off2], sizeof(ksize2));
967 ksize2 = be16toh(ksize2);
968
969 if (ksize1 != exp_ksize || ksize2 != exp_ksize) {
970 logerr(self->logfile, "ECC: Getting key parameters from wrong offset\n");
971 return 1;
972 }
973
974 if (ekparam) {
975 unsigned char *xparam = &tpmresp[off + 2];
976 unsigned char *yparam = &tpmresp[off2 + 2];
977 if (tpmresp_len < off + 2 + ksize1 || tpmresp_len < off2 + 2 + ksize2)
978 goto err_too_short;
979 g_autofree gchar *xparam_str = print_as_hex(xparam, ksize1);
980 g_autofree gchar *yparam_str = print_as_hex(yparam, ksize2);
981
982 *ekparam = g_strdup_printf("x=%s,y=%s,id=%s", xparam_str, yparam_str, cid);
983 }
984
985 return 0;
986
987 err_too_short:
988 logerr(self->logfile, "Response from TPM2_CreatePrimary(ECC) is too short!\n");
989 return 1;
990 }
991
992 static int swtpm_tpm2_createprimary_spk_ecc_nist_p384(struct swtpm *self,
993 uint32_t *curr_handle)
994 {
995 unsigned int keyflags = 0x00030472;
996 const unsigned char authpolicy[0];
997 size_t authpolicy_len = sizeof(authpolicy);
998 const unsigned char symkeydata[] = {AS2BE(TPM2_ALG_AES), AS2BE(256), AS2BE(TPM2_ALG_CFB)};
999 size_t symkeydata_len = sizeof(symkeydata);
1000 size_t off = 42;
1001
1002 return swtpm_tpm2_createprimary_ecc(self, TPM2_RH_OWNER, keyflags, symkeydata, symkeydata_len,
1003 authpolicy, authpolicy_len, TPM2_ECC_NIST_P384, TPM2_ALG_SHA384,
1004 NONCE_ECC_384, sizeof(NONCE_ECC_384), off, curr_handle,
1005 NULL, 0, NULL, NULL);
1006 }
1007
1008 static int swtpm_tpm2_createprimary_spk_rsa(struct swtpm *self, unsigned int rsa_keysize,
1009 uint32_t *curr_handle)
1010 {
1011 unsigned int keyflags = 0x00030472;
1012 const unsigned char authpolicy[0];
1013 size_t authpolicy_len = sizeof(authpolicy);
1014 unsigned short symkeylen = 0;
1015 unsigned char symkeydata[6];
1016 size_t symkeydata_len;
1017 size_t off = 44;
1018
1019 if (rsa_keysize == 2048)
1020 symkeylen = 128;
1021 else if (rsa_keysize == 3072)
1022 symkeylen = 256;
1023
1024 symkeydata_len = 6;
1025 memcpy(symkeydata,
1026 ((unsigned char[]) {AS2BE(TPM2_ALG_AES), AS2BE(symkeylen), AS2BE(TPM2_ALG_CFB)}),
1027 symkeydata_len);
1028
1029 return swtpm_tpm2_createprimary_rsa(self, TPM2_RH_OWNER, keyflags,
1030 symkeydata, symkeydata_len,
1031 authpolicy, authpolicy_len, rsa_keysize, TRUE,
1032 off, curr_handle, NULL, 0, NULL, NULL);
1033 }
1034
1035 /* Create either an ECC or RSA storage primary key */
1036 static int swtpm_tpm2_create_spk(struct swtpm *self, gboolean isecc, unsigned int rsa_keysize)
1037 {
1038 int ret;
1039 uint32_t curr_handle;
1040
1041 if (isecc)
1042 ret = swtpm_tpm2_createprimary_spk_ecc_nist_p384(self, &curr_handle);
1043 else
1044 ret = swtpm_tpm2_createprimary_spk_rsa(self, rsa_keysize, &curr_handle);
1045
1046 if (ret != 0)
1047 return 1;
1048
1049 ret = swtpm_tpm2_evictcontrol(self, curr_handle, TPM2_SPK_HANDLE);
1050 if (ret == 0)
1051 logit(self->logfile,
1052 "Successfully created storage primary key with handle 0x%x.\n", TPM2_SPK_HANDLE);
1053
1054 return ret;
1055 }
1056
1057 /* Create an ECC EK key that may be allowed to sign and/or decrypt */
1058 static int swtpm_tpm2_createprimary_ek_ecc_nist_p384(struct swtpm *self, gboolean allowsigning,
1059 gboolean decryption, uint32_t *curr_handle,
1060 unsigned char *ektemplate, size_t *ektemplate_len,
1061 gchar **ekparam, const char **key_description)
1062 {
1063 unsigned char authpolicy[48]= {
1064 0xB2, 0x6E, 0x7D, 0x28, 0xD1, 0x1A, 0x50, 0xBC, 0x53, 0xD8, 0x82, 0xBC,
1065 0xF5, 0xFD, 0x3A, 0x1A, 0x07, 0x41, 0x48, 0xBB, 0x35, 0xD3, 0xB4, 0xE4,
1066 0xCB, 0x1C, 0x0A, 0xD9, 0xBD, 0xE4, 0x19, 0xCA, 0xCB, 0x47, 0xBA, 0x09,
1067 0x69, 0x96, 0x46, 0x15, 0x0F, 0x9F, 0xC0, 0x00, 0xF3, 0xF8, 0x0E, 0x12
1068 };
1069 size_t authpolicy_len = 48;
1070 unsigned char symkeydata[6];
1071 size_t symkeydata_len;
1072 unsigned int keyflags;
1073 size_t off;
1074 int ret;
1075
1076 if (allowsigning && decryption) {
1077 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1078 // userWithAuth, adminWithPolicy, sign, decrypt
1079 keyflags = 0x000600f2;
1080 // symmetric: TPM_ALG_NULL
1081 symkeydata_len = 2;
1082 memcpy(symkeydata, ((unsigned char[]){AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
1083 off = 86;
1084 } else if (allowsigning) {
1085 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1086 // userWithAuth, adminWithPolicy, sign
1087 keyflags = 0x000400f2;
1088 // symmetric: TPM_ALG_NULL
1089 symkeydata_len = 2;
1090 memcpy(symkeydata, ((unsigned char[]){AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
1091 off = 86;
1092 } else {
1093 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1094 // userWithAuth, adminWithPolicy, restricted, decrypt
1095 keyflags = 0x000300f2;
1096 // symmetric: TPM_ALG_AES, 256bit, TPM_ALG_CFB
1097 symkeydata_len = 6;
1098 memcpy(symkeydata,
1099 ((unsigned char[]){ AS2BE(TPM2_ALG_AES), AS2BE(256), AS2BE(TPM2_ALG_CFB)}),
1100 symkeydata_len);
1101 off = 90;
1102 }
1103
1104 ret = swtpm_tpm2_createprimary_ecc(self, TPM2_RH_ENDORSEMENT, keyflags, symkeydata, symkeydata_len,
1105 authpolicy, authpolicy_len, TPM2_ECC_NIST_P384, TPM2_ALG_SHA384,
1106 NONCE_EMPTY, sizeof(NONCE_EMPTY), off, curr_handle,
1107 ektemplate, ektemplate_len, ekparam, key_description);
1108 if (ret != 0)
1109 logerr(self->logfile, "%s failed\n", __func__);
1110
1111 return ret;
1112 }
1113
1114 /* Create an ECC or RSA EK */
1115 static int swtpm_tpm2_create_ek(struct swtpm *self, gboolean isecc, unsigned int rsa_keysize,
1116 gboolean allowsigning, gboolean decryption, gboolean lock_nvram,
1117 gchar **ekparam, const gchar **key_description)
1118 {
1119 uint32_t tpm2_ek_handle, nvindex, curr_handle;
1120 const char *keytype;
1121 int ret;
1122 unsigned char ektemplate[512];
1123 size_t ektemplate_len = sizeof(ektemplate);
1124
1125 if (isecc) {
1126 tpm2_ek_handle = TPM2_EK_ECC_SECP384R1_HANDLE;
1127 keytype = "ECC";
1128 nvindex = TPM2_NV_INDEX_ECC_SECP384R1_HI_EKTEMPLATE;
1129 } else {
1130 if (rsa_keysize == 2048) {
1131 tpm2_ek_handle = TPM2_EK_RSA_HANDLE;
1132 keytype = "RSA 2048";
1133 nvindex = TPM2_NV_INDEX_RSA2048_EKTEMPLATE;
1134 } else if (rsa_keysize == 3072) {
1135 tpm2_ek_handle = TPM2_EK_RSA3072_HANDLE;
1136 keytype = "RSA 3072";
1137 nvindex = TPM2_NV_INDEX_RSA3072_HI_EKTEMPLATE;
1138 } else {
1139 logerr(self->logfile, "Internal error: Unsupported RSA keysize %u.\n", rsa_keysize);
1140 return 1;
1141 }
1142 }
1143 if (isecc)
1144 ret = swtpm_tpm2_createprimary_ek_ecc_nist_p384(self, allowsigning, decryption, &curr_handle,
1145 ektemplate, &ektemplate_len, ekparam,
1146 key_description);
1147 else
1148 ret = swtpm_tpm2_createprimary_ek_rsa(self, rsa_keysize, allowsigning, decryption, &curr_handle,
1149 ektemplate, &ektemplate_len, ekparam, key_description);
1150
1151 if (ret == 0)
1152 ret = swtpm_tpm2_evictcontrol(self, curr_handle, tpm2_ek_handle);
1153 if (ret != 0) {
1154 logerr(self->logfile, "create_ek failed: 0x%x\n", ret);
1155 return 1;
1156 }
1157
1158 logit(self->logfile,
1159 "Successfully created %s EK with handle 0x%x.\n", keytype, tpm2_ek_handle);
1160
1161 if (allowsigning) {
1162 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE | \
1163 TPMA_NV_AUTHREAD | \
1164 TPMA_NV_OWNERREAD | \
1165 TPMA_NV_PPREAD | \
1166 TPMA_NV_PPWRITE | \
1167 TPMA_NV_NO_DA | \
1168 TPMA_NV_WRITEDEFINE;
1169 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, ektemplate, ektemplate_len,
1170 lock_nvram, "EK template");
1171 if (ret == 0)
1172 logit(self->logfile,
1173 "Successfully created NVRAM area 0x%x for %s EK template.\n",
1174 nvindex, keytype);
1175 }
1176
1177 return ret;
1178 }
1179
1180 static int swtpm_tpm2_nvdefinespace(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
1181 uint16_t data_len)
1182 {
1183 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_DEFINESPACE);
1184 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1185 g_autofree unsigned char *nvpublic = NULL;
1186 ssize_t nvpublic_len;
1187 g_autofree unsigned char *req = NULL;
1188 ssize_t req_len;
1189
1190 nvpublic_len = memconcat(&nvpublic,
1191 (unsigned char[]){
1192 AS4BE(nvindex), AS2BE(TPM2_ALG_SHA256), AS4BE(nvindexattrs),
1193 AS2BE(0), AS2BE(data_len)}, (size_t)14,
1194 NULL);
1195 if (nvpublic_len < 0) {
1196 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1197 return 1;
1198 }
1199
1200 req_len = memconcat(&req,
1201 &hdr, sizeof(hdr),
1202 (unsigned char[]){AS4BE(TPM2_RH_PLATFORM), AS4BE(sizeof(authblock))}, (size_t)8,
1203 &authblock, sizeof(authblock),
1204 (unsigned char[]){AS2BE(0), AS2BE(nvpublic_len)}, (size_t)4,
1205 nvpublic, nvpublic_len,
1206 NULL);
1207 if (req_len < 0) {
1208 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1209 return 1;
1210 }
1211
1212 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1213
1214 return transfer(self, req, req_len, "TPM2_NV_DefineSpace", FALSE, NULL, 0);
1215 }
1216
1217 /* Write the data into the given NVIndex */
1218 static int swtpm_tpm2_nv_write(struct swtpm *self, uint32_t nvindex,
1219 const unsigned char *data, size_t data_len)
1220 {
1221 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_WRITE);
1222 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1223 g_autofree unsigned char *req = NULL;
1224 ssize_t req_len;
1225 size_t offset = 0, txlen;
1226 int ret;
1227
1228 while (offset < data_len) {
1229 txlen = min(data_len - offset, 1024);
1230
1231 g_free(req);
1232 req_len = memconcat(&req,
1233 &hdr, sizeof(hdr),
1234 (unsigned char[]){
1235 AS4BE(TPM2_RH_PLATFORM), AS4BE(nvindex), AS4BE(sizeof(authblock))
1236 }, (size_t)12,
1237 &authblock, sizeof(authblock),
1238 (unsigned char[]){AS2BE(txlen)}, (size_t)2,
1239 &data[offset], txlen,
1240 (unsigned char[]){AS2BE(offset)}, (size_t)2,
1241 NULL);
1242 if (req_len < 0) {
1243 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1244 return 1;
1245 }
1246 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1247
1248 ret = transfer(self, req, req_len, "TPM2_NV_Write", FALSE, NULL, 0);
1249 if (ret != 0)
1250 return 1;
1251
1252 offset += txlen;
1253 }
1254 return 0;
1255 }
1256
1257 static int swtpm_tpm2_nv_writelock(struct swtpm *self, uint32_t nvindex)
1258 {
1259 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_WRITELOCK);
1260 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1261 g_autofree unsigned char *req;
1262 ssize_t req_len;
1263
1264 req_len = memconcat(&req,
1265 &hdr, sizeof(hdr),
1266 (unsigned char[]){
1267 AS4BE(TPM2_RH_PLATFORM), AS4BE(nvindex), AS4BE(sizeof(authblock))
1268 }, (size_t)12,
1269 &authblock, sizeof(authblock),
1270 NULL);
1271 if (req_len < 0) {
1272 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1273 return 1;
1274 }
1275
1276 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1277
1278 return transfer(self, req, req_len, "TPM2_NV_WriteLock", FALSE, NULL, 0);
1279 }
1280
1281 static int swtpm_tpm2_write_nvram(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
1282 const unsigned char *data, size_t data_len, gboolean lock_nvram,
1283 const char *purpose)
1284 {
1285 int ret = swtpm_tpm2_nvdefinespace(self, nvindex, nvindexattrs, data_len);
1286 if (ret != 0) {
1287 logerr(self->logfile, "Could not create NVRAM area 0x%x for %s.\n", nvindex, purpose);
1288 return 1;
1289 }
1290
1291 ret = swtpm_tpm2_nv_write(self, nvindex, data, data_len);
1292 if (ret != 0) {
1293 logerr(self->logfile,
1294 "Could not write %s into NVRAM area 0x%x.\n", purpose, nvindex);
1295 return 1;
1296 }
1297
1298 if (lock_nvram) {
1299 ret = swtpm_tpm2_nv_writelock(self, nvindex);
1300 if (ret != 0) {
1301 logerr(self->logfile, "Could not lock EK template NVRAM area 0x%x.\n", nvindex);
1302 return 1;
1303 }
1304 }
1305
1306 return 0;
1307 }
1308
1309 /* Write the platform certificate into an NVRAM area */
1310 static int swtpm_tpm2_write_ek_cert_nvram(struct swtpm *self, gboolean isecc,
1311 unsigned int rsa_keysize, gboolean lock_nvram,
1312 const unsigned char *data, size_t data_len)
1313 {
1314 uint32_t nvindex = 0;
1315 g_autofree gchar *keytype = NULL;
1316 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE |
1317 TPMA_NV_AUTHREAD |
1318 TPMA_NV_OWNERREAD |
1319 TPMA_NV_PPREAD |
1320 TPMA_NV_PPWRITE |
1321 TPMA_NV_NO_DA |
1322 TPMA_NV_WRITEDEFINE;
1323 int ret;
1324
1325 if (!isecc) {
1326 if (rsa_keysize == 2048)
1327 nvindex = TPM2_NV_INDEX_RSA2048_EKCERT;
1328 else if (rsa_keysize == 3072)
1329 nvindex = TPM2_NV_INDEX_RSA3072_HI_EKCERT;
1330 keytype = g_strdup_printf("RSA %d", rsa_keysize);
1331 } else {
1332 nvindex = TPM2_NV_INDEX_ECC_SECP384R1_HI_EKCERT;
1333 keytype = g_strdup("ECC");
1334 }
1335
1336 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, data, data_len, lock_nvram,
1337 "EK Certificate");
1338 if (ret == 0)
1339 logit(self->logfile,
1340 "Successfully created NVRAM area 0x%x for %s EK certificate.\n",
1341 nvindex, keytype);
1342 else
1343 logerr(self->logfile,
1344 "Could not create NVRAM area 0x%x for %s EK certificate.\n",
1345 nvindex, keytype);
1346 return ret;
1347 }
1348
1349 static int swtpm_tpm2_write_platform_cert_nvram(struct swtpm *self, gboolean lock_nvram,
1350 const unsigned char *data, size_t data_len)
1351 {
1352 uint32_t nvindex = TPM2_NV_INDEX_PLATFORMCERT;
1353 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE |
1354 TPMA_NV_AUTHREAD |
1355 TPMA_NV_OWNERREAD |
1356 TPMA_NV_PPREAD |
1357 TPMA_NV_PPWRITE |
1358 TPMA_NV_NO_DA |
1359 TPMA_NV_WRITEDEFINE;
1360 int ret;
1361
1362 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, data, data_len, lock_nvram,
1363 "Platform Certificate");
1364 if (ret == 0)
1365 logit(self->logfile,
1366 "Successfully created NVRAM area 0x%x for platform certificate.\n", nvindex);
1367 else
1368 logerr(self->logfile,
1369 "Could not create NVRAM area 0x%x for platform certificate.\n", nvindex);
1370
1371 return ret;
1372 }
1373
1374 static const struct swtpm2_ops swtpm_tpm2_ops = {
1375 .shutdown = swtpm_tpm2_shutdown,
1376 .create_spk = swtpm_tpm2_create_spk,
1377 .create_ek = swtpm_tpm2_create_ek,
1378 .get_all_pcr_banks = swtpm_tpm2_get_all_pcr_banks,
1379 .set_active_pcr_banks = swtpm_tpm2_set_active_pcr_banks,
1380 .write_ek_cert_nvram = swtpm_tpm2_write_ek_cert_nvram,
1381 .write_platform_cert_nvram = swtpm_tpm2_write_platform_cert_nvram,
1382 };
1383
1384 /*
1385 * TPM 1.2 support
1386 */
1387 #define TPM_TAG_RQU_COMMAND 0x00c1
1388 #define TPM_TAG_RQU_AUTH1_COMMAND 0x00c2
1389
1390 #define TPM_ORD_OIAP 0x0000000A
1391 #define TPM_ORD_TAKE_OWNERSHIP 0x0000000D
1392 #define TPM_ORD_PHYSICAL_ENABLE 0x0000006F
1393 #define TPM_ORD_PHYSICAL_SET_DEACTIVATED 0x00000072
1394 #define TPM_ORD_NV_DEFINE_SPACE 0x000000CC
1395 #define TPM_ORD_NV_WRITE_VALUE 0x000000CD
1396 #define TSC_ORD_PHYSICAL_PRESENCE 0x4000000A
1397
1398 #define TPM_ST_CLEAR 0x0001
1399
1400 #define TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020
1401 #define TPM_PHYSICAL_PRESENCE_PRESENT 0x0008
1402
1403 #define TPM_ALG_RSA 0x00000001
1404
1405 #define TPM_KEY_STORAGE 0x0011
1406
1407 #define TPM_AUTH_ALWAYS 0x01
1408
1409 #define TPM_PID_OWNER 0x0005
1410
1411 #define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
1412 #define TPM_SS_NONE 0x0001
1413
1414 #define TPM_TAG_PCR_INFO_LONG 0x0006
1415 #define TPM_TAG_NV_ATTRIBUTES 0x0017
1416 #define TPM_TAG_NV_DATA_PUBLIC 0x0018
1417 #define TPM_TAG_KEY12 0x0028
1418
1419 #define TPM_LOC_ZERO 0x01
1420 #define TPM_LOC_ALL 0x1f
1421
1422 #define TPM_NV_INDEX_D_BIT 0x10000000
1423 #define TPM_NV_INDEX_EKCERT 0xF000
1424 #define TPM_NV_INDEX_PLATFORMCERT 0xF002
1425
1426 #define TPM_NV_INDEX_LOCK 0xFFFFFFFF
1427
1428 #define TPM_NV_PER_OWNERREAD 0x00020000
1429 #define TPM_NV_PER_OWNERWRITE 0x00000002
1430
1431 #define TPM_ET_OWNER 0x02
1432 #define TPM_ET_NV 0x0b
1433
1434 #define TPM_KH_EK 0x40000006
1435
1436
1437 static int swtpm_tpm12_tsc_physicalpresence(struct swtpm *self, uint16_t physicalpresence)
1438 {
1439 struct tpm12_tsc_physicalpresence {
1440 struct tpm_req_header hdr;
1441 uint16_t pp;
1442 } req = {
1443 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TSC_ORD_PHYSICAL_PRESENCE),
1444 .pp = htobe16(physicalpresence),
1445 };
1446
1447 return transfer(self, &req, sizeof(req), "TSC_PhysicalPresence", FALSE, NULL, NULL);
1448 }
1449
1450 static int swtpm_tpm12_physical_enable(struct swtpm *self)
1451 {
1452 struct tpm_req_header req = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_PHYSICAL_ENABLE);
1453
1454 return transfer(self, &req, sizeof(req), "TPM_PhysicalEnable", FALSE, NULL, NULL);
1455 }
1456
1457 static int swtpm_tpm12_physical_set_deactivated(struct swtpm *self, uint8_t state)
1458 {
1459 struct tpm12_tsc_physical_set_deactivated {
1460 struct tpm_req_header hdr;
1461 uint8_t state;
1462 } req = {
1463 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_PHYSICAL_SET_DEACTIVATED),
1464 .state = state,
1465 };
1466
1467 return transfer(self, &req, sizeof(req), "TSC_PhysicalSetDeactivated", FALSE, NULL, NULL);
1468 }
1469
1470 /* Initialize the TPM1.2 */
1471 static int swtpm_tpm12_run_swtpm_bios(struct swtpm *self)
1472 {
1473 if (swtpm_tpm12_tsc_physicalpresence(self, TPM_PHYSICAL_PRESENCE_CMD_ENABLE) ||
1474 swtpm_tpm12_tsc_physicalpresence(self, TPM_PHYSICAL_PRESENCE_PRESENT) ||
1475 swtpm_tpm12_physical_enable(self) ||
1476 swtpm_tpm12_physical_set_deactivated(self, 0))
1477 return 1;
1478
1479 return 0;
1480 }
1481
1482 static int swptm_tpm12_create_endorsement_keypair(struct swtpm *self,
1483 gchar **pubek, size_t *pubek_len)
1484 {
1485 unsigned char req[] = {
1486 0x00, 0xc1, 0x00, 0x00, 0x00, 0x36, 0x00, 0x00, 0x00, 0x78, 0x38, 0xf0, 0x30, 0x81, 0x07, 0x2b,
1487 0x0c, 0xa9, 0x10, 0x98, 0x08, 0xc0, 0x4B, 0x05, 0x11, 0xc9, 0x50, 0x23, 0x52, 0xc4, 0x00, 0x00,
1488 0x00, 0x01, 0x00, 0x03, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
1489 0x00, 0x02, 0x00, 0x00, 0x00, 0x00
1490 };
1491 unsigned char tpmresp[512];
1492 size_t tpmresp_len = sizeof(tpmresp);
1493 uint32_t length;
1494 int ret;
1495
1496 ret = transfer(self, &req, sizeof(req), "TPM_CreateEndorsementKeyPair", FALSE, &tpmresp, &tpmresp_len);
1497 if (ret != 0)
1498 return 1;
1499
1500 if (tpmresp_len < 34 + sizeof(length))
1501 goto err_too_short;
1502 memcpy(&length, &tpmresp[34], sizeof(length));
1503 length = be32toh(length);
1504 if (length != 256) {
1505 logerr(self->logfile, "Offset to EK Public key is wrong.\n");
1506 return 1;
1507 }
1508
1509 *pubek_len = 256;
1510 if (tpmresp_len < 38 + *pubek_len)
1511 goto err_too_short;
1512 *pubek = g_malloc(256);
1513 memcpy(*pubek, &tpmresp[38], *pubek_len);
1514
1515 return 0;
1516
1517 err_too_short:
1518 logerr(self->logfile, "Response from TPM_CreateEndorsementKeyPair is too short!\n");
1519 return 1;
1520 }
1521
1522 /* Create an OIAP session */
1523 static int swtpm_tpm12_oiap(struct swtpm *self, uint32_t *authhandle, unsigned char nonce_even[SHA_DIGEST_LENGTH])
1524 {
1525 struct tpm_req_header req = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_OIAP);
1526 unsigned char tpmresp[64];
1527 size_t tpmresp_len = sizeof(tpmresp);
1528 int ret;
1529
1530 ret = transfer(self, &req, sizeof(req), "TPM_OIAP", FALSE, &tpmresp, &tpmresp_len);
1531 if (ret != 0)
1532 return ret;
1533
1534 if (tpmresp_len < 10 + sizeof(*authhandle) || tpmresp_len < 14 + SHA_DIGEST_LENGTH)
1535 goto err_too_short;
1536 memcpy(authhandle, &tpmresp[10], sizeof(*authhandle));
1537 *authhandle = be32toh(*authhandle);
1538 memcpy(nonce_even, &tpmresp[14], SHA_DIGEST_LENGTH);
1539
1540 return 0;
1541
1542 err_too_short:
1543 logerr(self->logfile, "Response from TPM_OIAP is too short!\n");
1544 return 1;
1545 }
1546
1547 static int swtpm_tpm12_take_ownership(struct swtpm *self, const unsigned char ownerpass_digest[SHA_DIGEST_LENGTH],
1548 const unsigned char srkpass_digest[SHA_DIGEST_LENGTH],
1549 const unsigned char *pubek, size_t pubek_len)
1550 {
1551 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_AUTH1_COMMAND, 0, TPM_ORD_TAKE_OWNERSHIP);
1552 EVP_PKEY *pkey = NULL;
1553 EVP_PKEY_CTX *ctx = NULL;
1554 BIGNUM *exp = BN_new();
1555 BIGNUM *mod = NULL;
1556 #if OPENSSL_VERSION_NUMBER < 0x30000000L
1557 RSA *rsakey = RSA_new();
1558 #endif
1559 int ret = 1;
1560 const EVP_MD *sha1 = EVP_sha1();
1561 g_autofree unsigned char *enc_owner_auth = g_malloc(pubek_len);
1562 size_t enc_owner_auth_len = pubek_len;
1563 g_autofree unsigned char *enc_srk_auth = g_malloc(pubek_len);
1564 size_t enc_srk_auth_len = pubek_len;
1565 uint32_t auth_handle;
1566 unsigned char nonce_even[SHA_DIGEST_LENGTH];
1567 unsigned char nonce_odd[SHA_DIGEST_LENGTH] = {1, 2, 3, 4, 5, 6, };
1568 g_autofree unsigned char *tpm_rsa_key_parms = NULL;
1569 ssize_t tpm_rsa_key_parms_len;
1570 g_autofree unsigned char *tpm_key_parms = NULL;
1571 ssize_t tpm_key_parms_len;
1572 g_autofree unsigned char *tpm_key12 = NULL;
1573 ssize_t tpm_key12_len;
1574 g_autofree unsigned char *in_auth_setup_params = NULL;
1575 ssize_t in_auth_setup_params_len;
1576 g_autofree unsigned char *macinput = NULL;
1577 ssize_t macinput_len;
1578 unsigned char in_param_digest[SHA_DIGEST_LENGTH];
1579 unsigned char owner_auth[SHA_DIGEST_LENGTH];
1580 unsigned int owner_auth_len = sizeof(owner_auth);
1581 uint8_t continue_auth_session = 0;
1582 unsigned char req[1024];
1583 ssize_t req_len, len;
1584 struct tpm_req_header *trh;
1585
1586 mod = BN_bin2bn((const unsigned char *)pubek, pubek_len, NULL);
1587 if (exp == NULL || mod == NULL ||
1588 BN_hex2bn(&exp, "10001") == 0) {
1589 logerr(self->logfile, "Could not create public RSA key!\n");
1590 goto error_free_bn;
1591 }
1592
1593 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1594 ctx = EVP_PKEY_CTX_new_from_name(NULL, "rsa", NULL);
1595 if (ctx != NULL) {
1596 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
1597 OSSL_PARAM *params;
1598
1599 if (bld == NULL ||
1600 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, exp) != 1 ||
1601 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, mod) != 1 ||
1602 (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) {
1603 OSSL_PARAM_BLD_free(bld);
1604 goto error_free_bn;
1605 }
1606 OSSL_PARAM_BLD_free(bld);
1607
1608 if (EVP_PKEY_fromdata_init(ctx) != 1 ||
1609 EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) != 1) {
1610 logerr(self->logfile, "Could not set pkey parameters!\n");
1611 OSSL_PARAM_free(params);
1612 goto error_free_bn;
1613 }
1614 OSSL_PARAM_free(params);
1615
1616 EVP_PKEY_CTX_free(ctx);
1617 } else {
1618 logerr(self->logfile, "Could not create key creation context!\n");
1619 goto error_free_bn;
1620 }
1621 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
1622 if (ctx == NULL)
1623 goto error_free_bn;
1624 #else
1625 pkey = EVP_PKEY_new();
1626 if (pkey == NULL) {
1627 logerr(self->logfile, "Could not allocate pkey!\n");
1628 goto error_free_bn;
1629 }
1630
1631 # if OPENSSL_VERSION_NUMBER < 0x10100000
1632 rsakey->n = mod;
1633 rsakey->e = exp;
1634 # else
1635 if (RSA_set0_key(rsakey, mod, exp, NULL) != 1) {
1636 logerr(self->logfile, "Could not create public RSA key!\n");
1637 goto error_free_bn;
1638 }
1639 # endif
1640 if (EVP_PKEY_assign_RSA(pkey, rsakey) != 1) {
1641 logerr(self->logfile, "Could not create public RSA key!\n");
1642 goto error_free_pkey_and_rsa;
1643 }
1644
1645 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1646 if (ctx == NULL)
1647 goto error_free_pkey;
1648 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1649
1650 if (EVP_PKEY_encrypt_init(ctx) < 1 ||
1651 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) < 1 ||
1652 EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sha1) < 1 ||
1653 EVP_PKEY_CTX_set_rsa_oaep_md(ctx, sha1) < 1 ||
1654 EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, strdup("TCPA"), 4) < 1 ||
1655 EVP_PKEY_encrypt(ctx, enc_owner_auth, &enc_owner_auth_len,
1656 ownerpass_digest, SHA_DIGEST_LENGTH) < 1||
1657 EVP_PKEY_encrypt(ctx, enc_srk_auth, &enc_srk_auth_len,
1658 srkpass_digest, SHA_DIGEST_LENGTH) < 1) {
1659 logerr(self->logfile, "Internal error in %s: encryption failed\n", __func__);
1660 goto error;
1661 }
1662 ret = swtpm_tpm12_oiap(self, &auth_handle, nonce_even);
1663 if (ret != 0)
1664 goto error;
1665
1666 tpm_rsa_key_parms_len = memconcat(&tpm_rsa_key_parms,
1667 (unsigned char[]){
1668 AS4BE(2048), AS4BE(2), AS4BE(0)
1669 }, (size_t)12,
1670 NULL);
1671 if (tpm_rsa_key_parms_len < 0) {
1672 logerr(self->logfile, "Internal error in %s: out of memory\n");
1673 goto error;
1674 }
1675
1676 tpm_key_parms_len = memconcat(&tpm_key_parms,
1677 (unsigned char[]){
1678 AS4BE(TPM_ALG_RSA),
1679 AS2BE(TPM_ES_RSAESOAEP_SHA1_MGF1),
1680 AS2BE(TPM_SS_NONE),
1681 AS4BE(tpm_rsa_key_parms_len)}, (size_t)12,
1682 tpm_rsa_key_parms, tpm_rsa_key_parms_len,
1683 NULL);
1684 if (tpm_key_parms_len < 0) {
1685 logerr(self->logfile, "Internal error in %s: out of memory\n");
1686 goto error;
1687 }
1688
1689 tpm_key12_len = memconcat(&tpm_key12,
1690 (unsigned char[]){
1691 AS2BE(TPM_TAG_KEY12), AS2BE(0),
1692 AS2BE(TPM_KEY_STORAGE), AS4BE(0), TPM_AUTH_ALWAYS
1693 }, (size_t)11,
1694 tpm_key_parms, tpm_key_parms_len,
1695 (unsigned char[]){AS4BE(0), AS4BE(0), AS4BE(0)}, (size_t)12,
1696 NULL);
1697 if (tpm_key12_len < 0) {
1698 logerr(self->logfile, "Internal error in %s: out of memory\n");
1699 goto error;
1700 }
1701
1702 req_len = concat(req, sizeof(req),
1703 &hdr, sizeof(hdr),
1704 (unsigned char[]){AS2BE(TPM_PID_OWNER), AS4BE(enc_owner_auth_len)}, (size_t)6,
1705 enc_owner_auth, enc_owner_auth_len,
1706 (unsigned char[]){AS4BE(enc_srk_auth_len)}, (size_t)4,
1707 enc_srk_auth, enc_srk_auth_len,
1708 tpm_key12, tpm_key12_len,
1709 NULL);
1710 if (req_len < 0) {
1711 logerr(self->logfile, "Internal error in %s: req is too small\n");
1712 goto error;
1713 }
1714 SHA1(&req[6], req_len - 6, in_param_digest);
1715
1716 in_auth_setup_params_len = memconcat(&in_auth_setup_params,
1717 nonce_even, sizeof(nonce_even),
1718 nonce_odd, sizeof(nonce_odd),
1719 &continue_auth_session, (size_t)1,
1720 NULL);
1721 if (in_auth_setup_params_len < 0) {
1722 logerr(self->logfile, "Internal error in %s: out of memory\n");
1723 goto error;
1724 }
1725
1726 macinput_len = memconcat(&macinput,
1727 in_param_digest, sizeof(in_param_digest),
1728 in_auth_setup_params, in_auth_setup_params_len,
1729 NULL);
1730 if (macinput_len < 0) {
1731 logerr(self->logfile, "Internal error in %s: out of memory\n");
1732 goto error;
1733 }
1734
1735 HMAC(sha1, ownerpass_digest, SHA_DIGEST_LENGTH, macinput, macinput_len,
1736 owner_auth, &owner_auth_len);
1737
1738 len = concat(&req[req_len], sizeof(req) - req_len,
1739 (unsigned char[]){AS4BE(auth_handle)}, (size_t)4,
1740 nonce_odd, sizeof(nonce_odd),
1741 &continue_auth_session, (size_t)1,
1742 owner_auth, owner_auth_len,
1743 NULL);
1744 if (len < 0) {
1745 logerr(self->logfile, "Internal error in %s: req is too small\n");
1746 goto error;
1747 }
1748 req_len += len;
1749
1750 trh = (struct tpm_req_header *)req; /* old gcc type-punned pointer */
1751 trh->size = htobe32(req_len);
1752
1753 ret = transfer(self, req, req_len, "TPM_TakeOwnership", FALSE, NULL, 0);
1754
1755 error:
1756 EVP_PKEY_free(pkey);
1757 EVP_PKEY_CTX_free(ctx);
1758 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1759 BN_free(exp);
1760 BN_free(mod);
1761 #endif
1762 return ret;
1763
1764 error_free_bn:
1765 BN_free(exp);
1766 BN_free(mod);
1767
1768 #if OPENSSL_VERSION_NUMBER < 0x30000000L
1769 error_free_pkey_and_rsa:
1770 RSA_free(rsakey);
1771 error_free_pkey:
1772 #else
1773 EVP_PKEY_CTX_free(ctx);
1774 #endif
1775 EVP_PKEY_free(pkey);
1776
1777 return 1;
1778 }
1779
1780 static int swtpm_tpm12_nv_define_space(struct swtpm *self, uint32_t nvindex,
1781 uint32_t nvindexattrs, size_t size)
1782 {
1783 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, 0, TPM_ORD_NV_DEFINE_SPACE);
1784 g_autofree unsigned char *pcr_info_short = NULL;
1785 ssize_t pcr_info_short_len;
1786 g_autofree unsigned char *nv_data_public = NULL;
1787 ssize_t nv_data_public_len;
1788 g_autofree unsigned char *req = NULL;
1789 ssize_t req_len;
1790 unsigned char zeroes[SHA_DIGEST_LENGTH] = {0, };
1791
1792 pcr_info_short_len = memconcat(&pcr_info_short,
1793 (unsigned char[]){AS2BE(3), 0, 0, 0, TPM_LOC_ALL}, (size_t)6,
1794 zeroes, sizeof(zeroes),
1795 NULL);
1796 if (pcr_info_short_len < 0) {
1797 logerr(self->logfile, "Internal error in %s: out of memory\n");
1798 return 1;
1799 }
1800
1801 nv_data_public_len = memconcat(&nv_data_public,
1802 (unsigned char[]){
1803 AS2BE(TPM_TAG_NV_DATA_PUBLIC), AS4BE(nvindex)
1804 }, (size_t)6,
1805 pcr_info_short, pcr_info_short_len,
1806 pcr_info_short, pcr_info_short_len,
1807 (unsigned char[]){
1808 AS2BE(TPM_TAG_NV_ATTRIBUTES), AS4BE(nvindexattrs),
1809 0, 0, 0, AS4BE(size)
1810 }, (size_t)13,
1811 NULL);
1812 if (nv_data_public_len < 0) {
1813 logerr(self->logfile, "Internal error in %s: out of memory\n");
1814 return 1;
1815 }
1816
1817 req_len = memconcat(&req,
1818 &hdr, sizeof(hdr),
1819 nv_data_public, nv_data_public_len,
1820 zeroes, sizeof(zeroes),
1821 NULL);
1822 if (req_len < 0) {
1823 logerr(self->logfile, "Internal error in %s: out of memory\n");
1824 return 1;
1825 }
1826
1827 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1828
1829 return transfer(self, req, req_len, "TPM_NV_DefineSpace", FALSE, NULL, 0);
1830 }
1831
1832 static int swtpm_tpm12_nv_write_value(struct swtpm *self, uint32_t nvindex,
1833 const unsigned char *data, size_t data_len)
1834 {
1835 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, 0, TPM_ORD_NV_WRITE_VALUE);
1836 g_autofree unsigned char *req = NULL;
1837 ssize_t req_len;
1838
1839 req_len = memconcat(&req,
1840 &hdr, sizeof(hdr),
1841 (unsigned char[]){AS4BE(nvindex), AS4BE(0), AS4BE(data_len)}, (size_t)12,
1842 data, data_len,
1843 NULL);
1844 if (req_len < 0) {
1845 logerr(self->logfile, "Internal error in %s: out of memory\n");
1846 return 1;
1847 }
1848
1849 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1850
1851 return transfer(self, req, req_len, "TPM_NV_DefineSpace", FALSE, NULL, 0);
1852 }
1853
1854 /* Write the EK Certificate into NVRAM */
1855 static int swtpm_tpm12_write_ek_cert_nvram(struct swtpm *self,
1856 const unsigned char *data, size_t data_len)
1857 {
1858 uint32_t nvindex = TPM_NV_INDEX_EKCERT | TPM_NV_INDEX_D_BIT;
1859 int ret = swtpm_tpm12_nv_define_space(self, nvindex,
1860 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE, data_len);
1861 if (ret != 0)
1862 return 1;
1863
1864 ret = swtpm_tpm12_nv_write_value(self, nvindex, data, data_len);
1865 if (ret != 0)
1866 return 1;
1867
1868 return 0;
1869 }
1870
1871 /* Write the Platform Certificate into NVRAM */
1872 static int swtpm_tpm12_write_platform_cert_nvram(struct swtpm *self,
1873 const unsigned char *data, size_t data_len)
1874 {
1875 uint32_t nvindex = TPM_NV_INDEX_PLATFORMCERT | TPM_NV_INDEX_D_BIT;
1876 int ret = swtpm_tpm12_nv_define_space(self, nvindex,
1877 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE, data_len);
1878 if (ret != 0)
1879 return 1;
1880
1881 ret = swtpm_tpm12_nv_write_value(self, nvindex, data, data_len);
1882 if (ret != 0)
1883 return 1;
1884
1885 return 0;
1886 }
1887
1888 static int swtpm_tpm12_nv_lock(struct swtpm *self)
1889 {
1890 return swtpm_tpm12_nv_define_space(self, TPM_NV_INDEX_LOCK, 0, 0);
1891 }
1892
1893 static const struct swtpm12_ops swtpm_tpm12_ops = {
1894 .run_swtpm_bios = swtpm_tpm12_run_swtpm_bios,
1895 .create_endorsement_key_pair = swptm_tpm12_create_endorsement_keypair,
1896 .take_ownership = swtpm_tpm12_take_ownership,
1897 .write_ek_cert_nvram = swtpm_tpm12_write_ek_cert_nvram,
1898 .write_platform_cert_nvram = swtpm_tpm12_write_platform_cert_nvram,
1899 .nv_lock = swtpm_tpm12_nv_lock,
1900 };
1901
1902 static void swtpm_init(struct swtpm *swtpm,
1903 gchar **swtpm_exec_l, const gchar *state_path,
1904 const gchar *keyopts, const gchar *logfile,
1905 int *fds_to_pass, size_t n_fds_to_pass,
1906 gboolean is_tpm2)
1907 {
1908 swtpm->cops = &swtpm_cops;
1909 swtpm->swtpm_exec_l = swtpm_exec_l;
1910 swtpm->state_path = state_path;
1911 swtpm->keyopts = keyopts;
1912 swtpm->logfile = logfile;
1913 swtpm->fds_to_pass = fds_to_pass;
1914 swtpm->n_fds_to_pass = n_fds_to_pass;
1915 swtpm->is_tpm2 = is_tpm2;
1916
1917 swtpm->pid = -1;
1918 swtpm->ctrl_fds[0] = swtpm->ctrl_fds[1] = -1;
1919 swtpm->data_fds[0] = swtpm->data_fds[1] = -1;
1920 }
1921
1922 struct swtpm12 *swtpm12_new(gchar **swtpm_exec_l, const gchar *state_path,
1923 const gchar *keyopts, const gchar *logfile,
1924 int *fds_to_pass, size_t n_fds_to_pass)
1925 {
1926 struct swtpm12 *swtpm12 = g_malloc0(sizeof(struct swtpm12));
1927
1928 swtpm_init(&swtpm12->swtpm, swtpm_exec_l, state_path, keyopts, logfile,
1929 fds_to_pass, n_fds_to_pass, FALSE);
1930 swtpm12->ops = &swtpm_tpm12_ops;
1931
1932 return swtpm12;
1933 }
1934
1935 struct swtpm2 *swtpm2_new(gchar **swtpm_exec_l, const gchar *state_path,
1936 const gchar *keyopts, const gchar *logfile,
1937 int *fds_to_pass, size_t n_fds_to_pass)
1938 {
1939 struct swtpm2 *swtpm2 = g_malloc0(sizeof(struct swtpm2));
1940
1941 swtpm_init(&swtpm2->swtpm, swtpm_exec_l, state_path, keyopts, logfile,
1942 fds_to_pass, n_fds_to_pass, TRUE);
1943 swtpm2->ops = &swtpm_tpm2_ops;
1944
1945 return swtpm2;
1946 }
1947
1948 void swtpm_free(struct swtpm *swtpm) {
1949 if (!swtpm)
1950 return;
1951 g_free(swtpm);
1952 }
1953
Software TPM used for PVE's Virtual Machines