]> git.proxmox.com Git - swtpm.git/blob - src/swtpm_setup/swtpm.c
projects / swtpm.git / blob
? search:


77871d7586f359c45a31ca1a27ddd6cb614e11a6
[swtpm.git] / src / swtpm_setup / swtpm.c
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3 * swtpm.c: Programming of a swtpm using communication via fd-passing
4 *
5 * Author: Stefan Berger, stefanb@linux.ibm.com
6 *
7 * Copyright (c) IBM Corporation, 2021
8 */
9
10 #include "config.h"
11
12 #include <errno.h>
13 #include <stdio.h>
14 #include <stdint.h>
15 #include <string.h>
16 #include <sys/types.h>
17 #include <sys/socket.h>
18 #include <sys/stat.h>
19 #include <sys/wait.h>
20 #include <unistd.h>
21
22 #include <glib.h>
23
24 #include <openssl/bn.h>
25 #include <openssl/evp.h>
26 #include <openssl/hmac.h>
27 #include <openssl/rsa.h>
28 #include <openssl/sha.h>
29 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
30 # include <openssl/core_names.h>
31 # include <openssl/param_build.h>
32 #else
33 # include <openssl/rsa.h>
34 #endif
35
36 #include "swtpm.h"
37 #include "swtpm_utils.h"
38 #include "tpm_ioctl.h"
39 #include "sys_dependencies.h"
40
41 #define AS2BE(VAL) (((VAL) >> 8) & 0xff), ((VAL) & 0xff)
42 #define AS4BE(VAL) AS2BE((VAL) >> 16), AS2BE(VAL)
43 #define AS8BE(VAL) AS4BE((VAL) >> 32), AS4BE(VAL)
44
45 struct tpm_req_header {
46 uint16_t tag;
47 uint32_t size;
48 uint32_t ordinal;
49 } __attribute__((packed));
50
51 struct tpm_resp_header {
52 uint16_t tag;
53 uint32_t size;
54 uint32_t errcode;
55 } __attribute__((packed));
56
57 static int swtpm_start(struct swtpm *self)
58 {
59 g_autofree gchar *tpmstate = g_strdup_printf("backend-uri=%s", self->state_path);
60 g_autofree gchar *pidfile_arg = NULL;
61 g_autofree gchar *server_fd = NULL;
62 g_autofree gchar *ctrl_fd = NULL;
63 g_autofree gchar *keyopts = NULL;
64 g_autofree gchar *logop = NULL;
65 g_autofree gchar **argv = NULL;
66 struct stat statbuf;
67 gboolean success;
68 GError *error = NULL;
69 unsigned ctr;
70 int pidfile_fd;
71 int ret = 1;
72 char pidfile[] = "/tmp/.swtpm_setup.pidfile.XXXXXX";
73
74 pidfile_fd = mkstemp(pidfile);
75 if (pidfile_fd < 0) {
76 logerr(self->logfile, "Could not create pidfile: %s\n", strerror(errno));
77 goto error_no_pidfile;
78 }
79 // pass filename rather than fd (Cygwin)
80 pidfile_arg = g_strdup_printf("file=%s", pidfile);
81
82 argv = concat_arrays(self->swtpm_exec_l,
83 (gchar*[]){
84 "--flags", "not-need-init,startup-clear",
85 "--tpmstate", tpmstate,
86 "--pid", pidfile_arg,
87 #if 0
88 "--log", "file=/tmp/log,level=20",
89 #endif
90 NULL
91 }, FALSE);
92
93 if (self->is_tpm2)
94 argv = concat_arrays(argv, (gchar*[]){"--tpm2", NULL}, TRUE);
95
96 if (self->keyopts != NULL) {
97 keyopts = g_strdup(self->keyopts);
98 argv = concat_arrays(argv, (gchar*[]){"--key", keyopts, NULL}, TRUE);
99 }
100
101 if (gl_LOGFILE != NULL) {
102 logop = g_strdup_printf("file=%s", gl_LOGFILE);
103 argv = concat_arrays(argv, (gchar*[]){"--log", logop, NULL}, TRUE);
104 }
105
106 if (socketpair(AF_UNIX, SOCK_STREAM, 0, self->ctrl_fds) != 0) {
107 logerr(self->logfile, "Could not create socketpair: %s\n", strerror(errno));
108 goto error;
109 }
110 ctrl_fd = g_strdup_printf("type=unixio,clientfd=%d", self->ctrl_fds[1]);
111
112 if (socketpair(AF_UNIX, SOCK_STREAM, 0, self->data_fds) != 0) {
113 logerr(self->logfile, "Could not create socketpair: %s\n", strerror(errno));
114 goto error;
115 }
116 server_fd = g_strdup_printf("type=tcp,fd=%d", self->data_fds[1]);
117
118 argv = concat_arrays(argv, (gchar*[]){
119 "--server", server_fd,
120 "--ctrl", ctrl_fd,
121 NULL
122 }, TRUE);
123
124 #if 0
125 {
126 g_autofree gchar *join = g_strjoinv(" ", argv);
127 logit(self->logfile, "Starting swtpm: %s\n", join);
128 }
129 #endif
130
131 success = g_spawn_async(NULL, argv, NULL,
132 G_SPAWN_LEAVE_DESCRIPTORS_OPEN | G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL,
133 NULL, NULL, &self->pid, &error);
134 if (!success) {
135 logerr(self->logfile, "Could not start swtpm: %s\n", error->message);
136 g_error_free(error);
137 goto error;
138 }
139
140 /* wait until the pidfile is written to or swtpm terminates */
141 for (ctr = 0; ctr < 1000; ctr++) {
142 if (kill(self->pid, 0) < 0) {
143 /* swtpm terminated */
144 self->pid = 0;
145 logerr(self->logfile, "swtpm process terminated unexpectedly.\n");
146 self->cops->stop(self);
147 goto error;
148 }
149 if (fstat(pidfile_fd, &statbuf) == 0 && statbuf.st_size > 0) {
150 printf("TPM is listening on Unix socket.\n");
151 ret = 0;
152 break;
153 }
154 usleep(5000);
155 }
156
157 error:
158 close(pidfile_fd);
159 unlink(pidfile);
160
161 error_no_pidfile:
162 return ret;
163 }
164
165 /* Stop a running swtpm instance and close all the file descriptors connecting to it */
166 static void swtpm_stop(struct swtpm *self)
167 {
168 unsigned c;
169 gboolean ended = FALSE;
170
171 if (self->pid > 0) {
172 self->cops->ctrl_shutdown(self);
173 for (c = 0; c < 500; c++) {
174 if (kill(self->pid, 0) < 0) {
175 ended = TRUE;
176 break;
177 }
178 usleep(1000);
179 }
180 if (!ended)
181 kill(self->pid, SIGKILL);
182 waitpid(self->pid, NULL, 0);
183
184 self->pid = 0;
185 }
186
187 if (self->ctrl_fds[0] >= 0) {
188 close(self->ctrl_fds[0]);
189 close(self->ctrl_fds[1]);
190 self->ctrl_fds[0] = self->ctrl_fds[1] = -1;
191 }
192
193 if (self->data_fds[0] >= 0) {
194 close(self->data_fds[0]);
195 close(self->data_fds[1]);
196 self->data_fds[0] = self->data_fds[1] = -1;
197 }
198 }
199
200 /* Destroy a running swtpm instance */
201 static void swtpm_destroy(struct swtpm *self)
202 {
203 self->cops->stop(self);
204 }
205
206 /* Send a command to swtpm and receive the response either via control or data channel */
207 static int transfer(struct swtpm *self, void *buffer, size_t buffer_len,
208 const char *cmdname, gboolean use_ctrl,
209 void *respbuffer, size_t *respbuffer_len)
210 {
211 size_t offset;
212 int sockfd;
213 ssize_t n;
214 unsigned char resp[4096];
215 ssize_t resplen;
216 uint32_t returncode;
217
218 if (use_ctrl) {
219 sockfd = self->ctrl_fds[0];
220 offset = 0;
221 } else {
222 sockfd = self->data_fds[0];
223 offset = 6;
224 }
225
226 n = write(sockfd, buffer, buffer_len);
227 if (n < 0) {
228 logerr(self->logfile, "Could not send %s buffer to swtpm: %s\n",
229 cmdname, strerror(errno));
230 return 1;
231 }
232 if ((size_t)n != buffer_len) {
233 logerr(self->logfile, "Could not send all bytes to swtpm: %zu < %zu\n",
234 (size_t)n, buffer_len);
235 return 1;
236 }
237
238 resplen = read(sockfd, resp, sizeof(resp));
239 if (resplen < 0) {
240 logerr(self->logfile, "Could not receive response to %s from swtpm: %s\n",
241 cmdname, strerror(errno));
242 return 1;
243 }
244
245 if (!use_ctrl) {
246 if ((size_t)resplen < sizeof(struct tpm_resp_header)) {
247 logerr(self->logfile,
248 "Response for %s has only %d bytes.\n", cmdname, resplen);
249 return 1;
250 }
251 } else if ((size_t)resplen < 4) {
252 logerr(self->logfile,
253 "Response for %s has only %d bytes.\n", cmdname, resplen);
254 return 1;
255 }
256
257 memcpy(&returncode, &resp[offset], sizeof(returncode));
258 returncode = be32toh(returncode);
259 if (returncode != 0) {
260 logerr(self->logfile,
261 "%s failed: 0x%x\n", cmdname, returncode);
262 return 1;
263 }
264
265 if (respbuffer) {
266 *respbuffer_len = min((size_t)resplen, *respbuffer_len);
267 memcpy(respbuffer, resp, *respbuffer_len);
268 }
269
270 return 0;
271 }
272
273 /* Send a CMD_SHUTDOWN over the control channel */
274 static int swtpm_ctrl_shutdown(struct swtpm *self)
275 {
276 uint32_t cmd = htobe32(CMD_SHUTDOWN);
277
278 return transfer(self, &cmd, sizeof(cmd), "CMD_SHUTDOWN", TRUE, NULL, 0);
279 }
280
281 /* Get the TPM specification parameters over the control channel */
282 static int swtpm_ctrl_get_tpm_specs_and_attrs(struct swtpm *self, gchar **result)
283 {
284 unsigned char req[] = {AS4BE(CMD_GET_INFO),
285 AS8BE(SWTPM_INFO_TPMSPECIFICATION | SWTPM_INFO_TPMATTRIBUTES),
286 AS4BE(0), AS4BE(0)};
287 unsigned char tpmresp[1024];
288 size_t tpmresp_len = sizeof(tpmresp);
289 int ret;
290 uint32_t length;
291
292 ret = transfer(self, req, sizeof(req), "CMD_GET_INFO", TRUE, tpmresp, &tpmresp_len);
293 if (ret != 0)
294 return 1;
295
296 if (tpmresp_len < 8 + sizeof(length))
297 goto err_too_short;
298 memcpy(&length, &tpmresp[8], sizeof(length));
299 length = htobe32(length);
300
301 if (tpmresp_len < 12 + length)
302 goto err_too_short;
303 *result = g_strndup((gchar *)&tpmresp[12], length);
304
305 return 0;
306
307 err_too_short:
308 logerr(self->logfile, "Response from CMD_GET_INFO is too short!\n");
309
310 return 1;
311 }
312
313 static const struct swtpm_cops swtpm_cops = {
314 .start = swtpm_start,
315 .stop = swtpm_stop,
316 .destroy = swtpm_destroy,
317 .ctrl_shutdown = swtpm_ctrl_shutdown,
318 .ctrl_get_tpm_specs_and_attrs = swtpm_ctrl_get_tpm_specs_and_attrs,
319 };
320
321 /*
322 * TPM 2 support
323 */
324
325 #define TPM2_ST_NO_SESSIONS 0x8001
326 #define TPM2_ST_SESSIONS 0x8002
327
328 #define TPM2_CC_EVICTCONTROL 0x00000120
329 #define TPM2_CC_NV_DEFINESPACE 0x0000012a
330 #define TPM2_CC_PCR_ALLOCATE 0x0000012b
331 #define TPM2_CC_CREATEPRIMARY 0x00000131
332 #define TPM2_CC_NV_WRITE 0x00000137
333 #define TPM2_CC_NV_WRITELOCK 0x00000138
334 #define TPM2_CC_SHUTDOWN 0x00000145
335 #define TPM2_CC_GETCAPABILITY 0x0000017a
336
337 #define TPM2_SU_CLEAR 0x0000
338
339 #define TPM2_RH_OWNER 0x40000001
340 #define TPM2_RS_PW 0x40000009
341 #define TPM2_RH_ENDORSEMENT 0x4000000b
342 #define TPM2_RH_PLATFORM 0x4000000c
343
344 #define TPM2_ALG_RSA 0x0001
345 #define TPM2_ALG_SHA1 0x0004
346 #define TPM2_ALG_AES 0x0006
347 #define TPM2_ALG_SHA256 0x000b
348 #define TPM2_ALG_SHA384 0x000c
349 #define TPM2_ALG_SHA512 0x000d
350 #define TPM2_ALG_SHA3_256 0x0027
351 #define TPM2_ALG_SHA3_384 0x0028
352 #define TPM2_ALG_SHA3_512 0x0029
353 #define TPM2_ALG_NULL 0x0010
354 #define TPM2_ALG_SM3 0x0012
355 #define TPM2_ALG_ECC 0x0023
356 #define TPM2_ALG_CFB 0x0043
357
358 #define TPM2_CAP_PCRS 0x00000005
359
360 #define TPM2_ECC_NIST_P384 0x0004
361
362 #define TPMA_NV_PLATFORMCREATE 0x40000000
363 #define TPMA_NV_AUTHREAD 0x40000
364 #define TPMA_NV_NO_DA 0x2000000
365 #define TPMA_NV_PPWRITE 0x1
366 #define TPMA_NV_PPREAD 0x10000
367 #define TPMA_NV_OWNERREAD 0x20000
368 #define TPMA_NV_WRITEDEFINE 0x2000
369
370 // Use standard EK Cert NVRAM, EK and SRK handles per IWG spec.
371 // "TCG TPM v2.0 Provisioning Guide"; Version 1.0, Rev 1.0, March 15, 2017
372 // Table 2
373 #define TPM2_NV_INDEX_RSA2048_EKCERT 0x01c00002
374 #define TPM2_NV_INDEX_RSA2048_EKTEMPLATE 0x01c00004
375 #define TPM2_NV_INDEX_RSA3072_HI_EKCERT 0x01c0001c
376 #define TPM2_NV_INDEX_RSA3072_HI_EKTEMPLATE 0x01c0001d
377 // For ECC follow "TCG EK Credential Profile For TPM Family 2.0; Level 0"
378 // Specification Version 2.1; Revision 13; 10 December 2018
379 #define TPM2_NV_INDEX_PLATFORMCERT 0x01c08000
380
381 #define TPM2_NV_INDEX_ECC_SECP384R1_HI_EKCERT 0x01c00016
382 #define TPM2_NV_INDEX_ECC_SECP384R1_HI_EKTEMPLATE 0x01c00017
383
384 #define TPM2_EK_RSA_HANDLE 0x81010001
385 #define TPM2_EK_RSA3072_HANDLE 0x8101001c
386 #define TPM2_EK_ECC_SECP384R1_HANDLE 0x81010016
387 #define TPM2_SPK_HANDLE 0x81000001
388
389 #define TPM_REQ_HEADER_INITIALIZER(TAG, SIZE, ORD) \
390 { \
391 .tag = htobe16(TAG), \
392 .size = htobe32(SIZE), \
393 .ordinal = htobe32(ORD), \
394 }
395
396 struct tpm2_authblock {
397 uint32_t auth;
398 uint16_t foo; // FIXME
399 uint8_t continueSession;
400 uint16_t bar; // FIMXE
401 } __attribute__((packed));
402
403 #define TPM2_AUTHBLOCK_INITIALIZER(AUTH, FOO, CS, BAR) \
404 { \
405 .auth = htobe32(AUTH), \
406 .foo = htobe16(FOO), \
407 .continueSession = CS, \
408 .bar = htobe16(BAR), \
409 }
410
411 static const unsigned char NONCE_EMPTY[2] = {AS2BE(0)};
412 static const unsigned char NONCE_RSA2048[2+0x100] = {AS2BE(0x100), 0, };
413 static const unsigned char NONCE_RSA3072[2+0x180] = {AS2BE(0x180), 0, };
414 static const unsigned char NONCE_ECC_384[2+0x30] = {AS2BE(0x30), 0, };
415
416 static const struct bank_to_name {
417 uint16_t hashAlg;
418 const char *name;
419 } banks_to_names[] = {
420 {TPM2_ALG_SHA1, "sha1"},
421 {TPM2_ALG_SHA256, "sha256"},
422 {TPM2_ALG_SHA384, "sha384"},
423 {TPM2_ALG_SHA512, "sha512"},
424 {TPM2_ALG_SM3, "sm3-256"},
425 {TPM2_ALG_SHA3_256, "sha3-256"},
426 {TPM2_ALG_SHA3_384, "sha3-384"},
427 {TPM2_ALG_SHA3_512, "sha3-512"},
428 {0, NULL},
429 };
430
431 /* function prototypes */
432 static int swtpm_tpm2_createprimary_rsa(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
433 const unsigned char *symkeydata, size_t symkeydata_len,
434 const unsigned char *authpolicy, size_t authpolicy_len,
435 unsigned int rsa_keysize, gboolean havenonce, size_t off,
436 uint32_t *curr_handle,
437 unsigned char *ektemplate, size_t *ektemplate_len,
438 gchar **ekparam, const gchar **key_description);
439
440 static int swtpm_tpm2_write_nvram(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
441 const unsigned char *data, size_t data_len, gboolean lock_nvram,
442 const char *purpose);
443
444 /* Given a hash algo identifier, return the name of the hash bank */
445 static const char *get_name_for_bank(uint16_t hashAlg) {
446 size_t i;
447
448 for (i = 0; banks_to_names[i].name; i++) {
449 if (banks_to_names[i].hashAlg == hashAlg)
450 return banks_to_names[i].name;
451 }
452 return NULL;
453 }
454
455 /* Give the name of a hash bank, return its algo identifer */
456 static uint16_t get_hashalg_by_bankname(const char *name) {
457 size_t i;
458
459 for (i = 0; banks_to_names[i].name; i++) {
460 if (strcmp(banks_to_names[i].name, name) == 0)
461 return banks_to_names[i].hashAlg;
462 }
463 return 0;
464 }
465
466 /* Do an SU_CLEAR shutdown of the TPM 2 */
467 static int swtpm_tpm2_shutdown(struct swtpm *self)
468 {
469 struct tpm2_shutdown_req {
470 struct tpm_req_header hdr;
471 uint16_t shutdownType;
472 } __attribute__((packed)) req = {
473 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_NO_SESSIONS, sizeof(req), TPM2_CC_SHUTDOWN),
474 .shutdownType = htobe16(TPM2_SU_CLEAR)
475 };
476
477 return transfer(self, &req, sizeof(req), "TPM2_Shutdown", FALSE, NULL, NULL);
478 }
479
480 /* Get all available PCR banks */
481 static int swtpm_tpm2_get_all_pcr_banks(struct swtpm *self, gchar ***all_pcr_banks)
482 {
483 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_NO_SESSIONS, 0, TPM2_CC_GETCAPABILITY);
484 g_autofree unsigned char *req = NULL;
485 ssize_t req_len;
486 unsigned char tpmresp[256];
487 size_t tpmresp_len = sizeof(tpmresp);
488 uint16_t count, bank;
489 const char *name;
490 uint8_t length;
491 size_t offset;
492 size_t i;
493 int ret;
494
495 req_len = memconcat(&req,
496 &hdr, sizeof(hdr),
497 (unsigned char[]){AS4BE(TPM2_CAP_PCRS), AS4BE(0), AS4BE(64)}, (size_t)12,
498 NULL);
499 if (req_len < 0) {
500 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
501 return 1;
502 }
503 ((struct tpm_req_header *)req)->size = htobe32(req_len);
504
505 ret = transfer(self, req, req_len, "TPM2_GetCapability", FALSE, tpmresp, &tpmresp_len);
506 if (ret != 0)
507 return 1;
508
509 *all_pcr_banks = NULL;
510
511 if (tpmresp_len < 17 + sizeof(count))
512 goto err_too_short;
513 memcpy(&count, &tpmresp[17], sizeof(count));
514 count = be16toh(count);
515
516 /* unreasonable number of PCR banks ? */
517 if (count > 20)
518 goto err_num_pcrbanks;
519
520 *all_pcr_banks = g_malloc0(sizeof(char *) * (count + 1));
521
522 offset = 19;
523
524 for (i = 0; i < count; i++) {
525 gchar *n;
526
527 if (tpmresp_len < offset + sizeof(bank))
528 goto err_too_short;
529 memcpy(&bank, &tpmresp[offset], sizeof(bank));
530 bank = be16toh(bank);
531
532 if (tpmresp_len < offset + 2 + sizeof(length))
533 goto err_too_short;
534 length = tpmresp[offset + 2];
535
536 name = get_name_for_bank(bank);
537 if (name != NULL)
538 n = g_strdup(name);
539 else
540 n = g_strdup_printf("%02x", bank);
541
542 (*all_pcr_banks)[i] = n;
543
544 offset += 2 + 1 + length;
545 }
546 return 0;
547
548 err_num_pcrbanks:
549 logerr(self->logfile, "Unreasonable number of PCR banks (%u) returned.\n", count);
550 goto err_exit;
551
552 err_too_short:
553 logerr(self->logfile, "Response from TPM2_GetCapability is too short!\n");
554
555 err_exit:
556 g_strfreev(*all_pcr_banks);
557 *all_pcr_banks = NULL;
558
559 return 1;
560 }
561
562 /* Activate all user-chosen PCR banks and deactivate all others */
563 static int swtpm_tpm2_set_active_pcr_banks(struct swtpm *self, gchar **pcr_banks,
564 gchar **all_pcr_banks, gchar ***active)
565 {
566 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_PCR_ALLOCATE);
567 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
568 unsigned char pcrselects[6 * 10]; // supports up to 10 PCR banks
569 ssize_t pcrselects_len = 0;
570 size_t count = 0;
571 size_t idx, j;
572 uint16_t hashAlg;
573 g_autofree unsigned char *req = NULL;
574 ssize_t req_len, len;
575 int ret;
576 uint64_t activated_mask = 0;
577
578 for (idx = 0; pcr_banks[idx] != NULL; idx++)
579 ;
580 *active = g_malloc0(sizeof(char *) * (idx + 1));
581
582 for (idx = 0; pcr_banks[idx] != NULL; idx++) {
583 hashAlg = 0;
584 // Is user-chosen pcr_banks[idx] available?
585 for (j = 0; all_pcr_banks[j] != NULL; j++) {
586 if (strcmp(pcr_banks[idx], all_pcr_banks[j]) == 0) {
587 hashAlg = get_hashalg_by_bankname(pcr_banks[idx]);
588 break;
589 }
590 }
591 if (hashAlg != 0 && (activated_mask & ((uint64_t)1 << j)) == 0) {
592 (*active)[count] = g_strdup(pcr_banks[idx]);
593 len = concat(&pcrselects[pcrselects_len], sizeof(pcrselects) - pcrselects_len,
594 (unsigned char[]){AS2BE(hashAlg), 3, 0xff, 0xff, 0xff} , (size_t)6,
595 NULL);
596 if (len < 0) {
597 logerr(self->logfile, "Internal error in %s: pcrselects is too small\n", __func__);
598 return 1;
599 }
600 pcrselects_len += len;
601 count++;
602 activated_mask |= ((uint64_t)1 << j);
603 }
604 }
605
606 if (count == 0) {
607 logerr(self->logfile,
608 "No PCR banks could be allocated. None of the selected algorithms are supported.\n");
609 goto error;
610 }
611
612 // disable all the other ones not chosen by the user
613 for (idx = 0; all_pcr_banks[idx] != NULL; idx++) {
614 gboolean found = FALSE;
615
616 for (j = 0; pcr_banks[j] != NULL; j++) {
617 if (strcmp(pcr_banks[j], all_pcr_banks[idx]) == 0) {
618 found = TRUE;
619 break;
620 }
621 }
622 if (found)
623 continue;
624
625 /* not found, so not chosen by user */
626 hashAlg = get_hashalg_by_bankname(all_pcr_banks[idx]);
627
628 len = concat(&pcrselects[pcrselects_len], sizeof(pcrselects) - pcrselects_len,
629 (unsigned char[]){AS2BE(hashAlg), 3, 0, 0, 0}, (size_t)6,
630 NULL);
631 if (len < 0) {
632 logerr(self->logfile, "Internal error in %s: pcrselects is too small\n", __func__);
633 goto error;
634 }
635 pcrselects_len += len;
636 count++;
637 }
638
639 req_len = memconcat(&req,
640 &hdr, sizeof(hdr),
641 (unsigned char[]){
642 AS4BE(TPM2_RH_PLATFORM), AS4BE(sizeof(authblock))
643 }, (size_t)8,
644 &authblock, sizeof(authblock),
645 (unsigned char[]){AS4BE(count)}, (size_t)4,
646 pcrselects, pcrselects_len,
647 NULL);
648 if (req_len < 0) {
649 logerr(self->logfile, "Internal error in %s: req is too small\n", __func__);
650 goto error;
651 }
652 ((struct tpm_req_header *)req)->size = htobe32(req_len);
653
654 ret = transfer(self, req, req_len, "TPM2_PCR_Allocate", FALSE, NULL, 0);
655 if (ret != 0)
656 goto error;
657
658 return 0;
659
660 error:
661 g_strfreev(*active);
662 *active = NULL;
663
664 return 1;
665 }
666
667 /* Make object at the curr_handler permanent with the perm_handle */
668 static int swtpm_tpm2_evictcontrol(struct swtpm *self, uint32_t curr_handle, uint32_t perm_handle)
669 {
670 struct tpm2_evictcontrol_req {
671 struct tpm_req_header hdr;
672 uint32_t auth;
673 uint32_t objectHandle;
674 uint32_t authblockLen;
675 struct tpm2_authblock authblock;
676 uint32_t persistentHandle;
677 } __attribute__((packed)) req = {
678 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, sizeof(req), TPM2_CC_EVICTCONTROL),
679 .auth = htobe32(TPM2_RH_OWNER),
680 .objectHandle = htobe32(curr_handle),
681 .authblockLen = htobe32(sizeof(req.authblock)),
682 .authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0),
683 .persistentHandle = htobe32(perm_handle),
684 };
685
686 return transfer(self, &req, sizeof(req), "TPM2_EvictControl", FALSE, NULL, 0);
687 }
688
689 /* Create an RSA EK */
690 static int swtpm_tpm2_createprimary_ek_rsa(struct swtpm *self, unsigned int rsa_keysize,
691 gboolean allowsigning, gboolean decryption,
692 uint32_t *curr_handle,
693 unsigned char *ektemplate, size_t *ektemplate_len,
694 gchar **ekparam, const gchar **key_description)
695 {
696 unsigned char authpolicy[48];
697 size_t authpolicy_len;
698 unsigned char symkeydata[6];
699 size_t symkeydata_len;
700 unsigned int keyflags;
701 unsigned int symkeylen;
702 gboolean havenonce;
703 size_t addlen, off;
704
705 if (rsa_keysize == 2048) {
706 authpolicy_len = 32;
707 memcpy(authpolicy, ((unsigned char []){
708 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xb3, 0xf8, 0x1a, 0x90, 0xcc, 0x8d,
709 0x46, 0xa5, 0xd7, 0x24, 0xfd, 0x52, 0xd7, 0x6e, 0x06, 0x52, 0x0b, 0x64,
710 0xf2, 0xa1, 0xda, 0x1b, 0x33, 0x14, 0x69, 0xaa
711 }), authpolicy_len);
712 keyflags = 0;
713 symkeylen = 128;
714 havenonce = TRUE;
715 addlen = 0;
716 } else if (rsa_keysize == 3072) {
717 authpolicy_len = 48;
718 memcpy(authpolicy, ((unsigned char []){
719 0xB2, 0x6E, 0x7D, 0x28, 0xD1, 0x1A, 0x50, 0xBC, 0x53, 0xD8, 0x82, 0xBC,
720 0xF5, 0xFD, 0x3A, 0x1A, 0x07, 0x41, 0x48, 0xBB, 0x35, 0xD3, 0xB4, 0xE4,
721 0xCB, 0x1C, 0x0A, 0xD9, 0xBD, 0xE4, 0x19, 0xCA, 0xCB, 0x47, 0xBA, 0x09,
722 0x69, 0x96, 0x46, 0x15, 0x0F, 0x9F, 0xC0, 0x00, 0xF3, 0xF8, 0x0E, 0x12
723 }), authpolicy_len);
724 keyflags = 0x40;
725 symkeylen = 256;
726 havenonce = FALSE;
727 addlen = 16;
728 } else {
729 logerr(self->logfile, "Internal error in %s: unsupported RSA keysize %d.\n",
730 __func__, rsa_keysize);
731 return 1;
732 }
733
734 if (allowsigning && decryption) {
735 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
736 // adminWithPolicy, sign, decrypt
737 keyflags |= 0x000600b2;
738 // symmetric: TPM_ALG_NULL
739 symkeydata_len = 2;
740 memcpy(symkeydata, ((unsigned char[]) {AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
741 off = 72 + addlen;
742 } else if (allowsigning) {
743 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
744 // adminWithPolicy, sign
745 keyflags |= 0x000400b2;
746 // symmetric: TPM_ALG_NULL
747 symkeydata_len = 2;
748 memcpy(symkeydata, ((unsigned char[]) {AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
749 off = 72 + addlen;
750 } else {
751 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
752 // adminWithPolicy, restricted, decrypt
753 keyflags |= 0x000300b2;
754 // symmetric: TPM_ALG_AES, 128bit or 256bit, TPM_ALG_CFB
755 symkeydata_len = 6;
756 memcpy(symkeydata,
757 ((unsigned char[]) {AS2BE(TPM2_ALG_AES), AS2BE(symkeylen), AS2BE(TPM2_ALG_CFB)}),
758 symkeydata_len);
759 off = 76 + addlen;
760 }
761
762 return swtpm_tpm2_createprimary_rsa(self, TPM2_RH_ENDORSEMENT, keyflags,
763 symkeydata, symkeydata_len,
764 authpolicy, authpolicy_len, rsa_keysize,
765 havenonce, off, curr_handle,
766 ektemplate, ektemplate_len, ekparam, key_description);
767 }
768
769 /* Create an RSA key with the given parameters */
770 static int swtpm_tpm2_createprimary_rsa(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
771 const unsigned char *symkeydata, size_t symkeydata_len,
772 const unsigned char *authpolicy, size_t authpolicy_len,
773 unsigned int rsa_keysize, gboolean havenonce, size_t off,
774 uint32_t *curr_handle,
775 unsigned char *ektemplate, size_t *ektemplate_len,
776 gchar **ekparam, const gchar **key_description)
777 {
778 const unsigned char *nonce;
779 size_t nonce_len;
780 uint16_t hashalg;
781 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_CREATEPRIMARY);
782 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
783 g_autofree unsigned char *public = NULL;
784 ssize_t public_len;
785 g_autofree unsigned char *createprimary = NULL;
786 ssize_t createprimary_len;
787 int ret;
788 unsigned char tpmresp[2048];
789 size_t tpmresp_len = sizeof(tpmresp);
790 uint16_t modlen;
791
792 if (rsa_keysize == 2048) {
793 nonce = NONCE_RSA2048;
794 nonce_len = sizeof(NONCE_RSA2048);
795 hashalg = TPM2_ALG_SHA256;
796 if (key_description)
797 *key_description = "rsa2048";
798 } else if (rsa_keysize == 3072) {
799 if (!havenonce) {
800 nonce = NONCE_EMPTY;
801 nonce_len = sizeof(NONCE_EMPTY);
802 } else {
803 nonce = NONCE_RSA3072;
804 nonce_len = sizeof(NONCE_RSA3072);
805 }
806 hashalg = TPM2_ALG_SHA384;
807 if (key_description)
808 *key_description = "rsa3072";
809 } else {
810 logerr(self->logfile, "Internal error in %s: unsupported RSA keysize %d.\n",
811 __func__, rsa_keysize);
812 return 1;
813 }
814
815 public_len =
816 memconcat(&public,
817 (unsigned char[]) {
818 AS2BE(TPM2_ALG_RSA), AS2BE(hashalg),
819 AS4BE(keyflags), AS2BE(authpolicy_len)
820 }, (size_t)10,
821 authpolicy, authpolicy_len,
822 symkeydata, symkeydata_len,
823 (unsigned char[]) {
824 AS2BE(TPM2_ALG_NULL), AS2BE(rsa_keysize), AS4BE(0)
825 }, (size_t)8,
826 nonce, nonce_len,
827 NULL);
828 if (public_len < 0) {
829 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
830 return 1;
831 }
832 if (ektemplate) {
833 if (*ektemplate_len < (size_t)public_len) {
834 logerr(self->logfile, "Internal error in %s: Need %zu bytes for ektemplate (rsa) but got only %zu\n",
835 __func__, public_len, *ektemplate_len);
836 return 1;
837 }
838 memcpy(ektemplate, public, public_len);
839 *ektemplate_len = public_len;
840 }
841
842 createprimary_len =
843 memconcat(&createprimary,
844 &hdr, sizeof(hdr),
845 (unsigned char[]) {AS4BE(primaryhandle), AS4BE(sizeof(authblock))}, (size_t)8,
846 &authblock, sizeof(authblock),
847 (unsigned char[]) {AS2BE(4), AS4BE(0), AS2BE(public_len)}, (size_t)8,
848 public, public_len,
849 (unsigned char[]) {AS4BE(0), AS2BE(0)}, (size_t)6,
850 NULL);
851 if (createprimary_len < 0) {
852 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
853 return 1;
854 }
855 ((struct tpm_req_header *)createprimary)->size = htobe32(createprimary_len);
856
857 ret = transfer(self, createprimary, createprimary_len, "TPM2_CreatePrimary(RSA)", FALSE,
858 tpmresp, &tpmresp_len);
859 if (ret != 0)
860 return 1;
861
862 if (curr_handle) {
863 if (tpmresp_len < 10 + sizeof(*curr_handle))
864 goto err_too_short;
865 memcpy(curr_handle, &tpmresp[10], sizeof(*curr_handle));
866 *curr_handle = be32toh(*curr_handle);
867 }
868
869 if (tpmresp_len < off + sizeof(modlen))
870 goto err_too_short;
871 memcpy(&modlen, &tpmresp[off], sizeof(modlen));
872 modlen = be16toh(modlen);
873 if (modlen != rsa_keysize >> 3) {
874 logerr(self->logfile, "Internal error in %s: Getting modulus from wrong offset %zu\n",
875 __func__, off);
876 return 1;
877 }
878 if (ekparam) {
879 if (tpmresp_len < off + 2 + modlen)
880 goto err_too_short;
881 *ekparam = print_as_hex(&tpmresp[off + 2], modlen);
882 }
883
884 return 0;
885
886 err_too_short:
887 logerr(self->logfile, "Response from TPM2_CreatePrimary(RSA) is too short!\n");
888 return 1;
889 }
890
891 /* Create an ECC key with the given parameters */
892 static int swtpm_tpm2_createprimary_ecc(struct swtpm *self, uint32_t primaryhandle, unsigned int keyflags,
893 const unsigned char *symkeydata, size_t symkeydata_len,
894 const unsigned char *authpolicy, size_t authpolicy_len,
895 unsigned short curveid, unsigned short hashalg,
896 const unsigned char *nonce, size_t nonce_len,
897 size_t off, uint32_t *curr_handle,
898 unsigned char *ektemplate, size_t *ektemplate_len,
899 gchar **ekparam, const gchar **key_description)
900 {
901 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_CREATEPRIMARY);
902 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
903 g_autofree unsigned char *public = NULL;
904 ssize_t public_len;
905 g_autofree unsigned char *createprimary = NULL;
906 ssize_t createprimary_len;
907 int ret;
908 unsigned char tpmresp[2048];
909 size_t tpmresp_len = sizeof(tpmresp);
910 size_t off2;
911 uint16_t exp_ksize, ksize1, ksize2;
912 const char *cid;
913
914 public_len =
915 memconcat(&public,
916 (unsigned char[]){
917 AS2BE(TPM2_ALG_ECC), AS2BE(hashalg), AS4BE(keyflags), AS2BE(authpolicy_len)
918 }, (size_t)10,
919 authpolicy, authpolicy_len,
920 symkeydata, symkeydata_len,
921 (unsigned char[]) {AS2BE(TPM2_ALG_NULL), AS2BE(curveid), AS2BE(TPM2_ALG_NULL)}, (size_t)6,
922 nonce, nonce_len,
923 nonce, nonce_len,
924 NULL);
925 if (public_len < 0) {
926 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
927 return 1;
928 }
929 if (ektemplate) {
930 if (*ektemplate_len < (size_t)public_len) {
931 logerr(self->logfile, "Internal error: Need %zu bytes for ektemplate (ecc) but got only %zu\n",
932 public_len, ektemplate_len);
933 return 1;
934 }
935 memcpy(ektemplate, public, public_len);
936 *ektemplate_len = public_len;
937 }
938
939 createprimary_len =
940 memconcat(&createprimary,
941 &hdr, sizeof(hdr),
942 (unsigned char[]) {AS4BE(primaryhandle), AS4BE(sizeof(authblock))}, (size_t)8,
943 &authblock, sizeof(authblock),
944 (unsigned char[]) {AS2BE(4), AS4BE(0), AS2BE(public_len)}, (size_t)8,
945 public, public_len,
946 (unsigned char[]) {AS4BE(0), AS2BE(0)}, (size_t)6,
947 NULL);
948 if (createprimary_len < 0) {
949 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
950 return 1;
951 }
952 ((struct tpm_req_header *)createprimary)->size = htobe32(createprimary_len);
953
954 ret = transfer(self, createprimary, createprimary_len, "TPM2_CreatePrimary(ECC)", FALSE,
955 tpmresp, &tpmresp_len);
956 if (ret != 0)
957 return 1;
958 if (curr_handle) {
959 if (tpmresp_len < 10 + sizeof(*curr_handle))
960 goto err_too_short;
961 memcpy(curr_handle, &tpmresp[10], sizeof(*curr_handle));
962 *curr_handle = be32toh(*curr_handle);
963 }
964
965 if (curveid == TPM2_ECC_NIST_P384) {
966 exp_ksize = 48;
967 cid = "secp384r1";
968 if (key_description)
969 *key_description = cid;
970 } else {
971 logerr(self->logfile, "Unknown curveid 0x%x\n", curveid);
972 return 1;
973 }
974
975 if (tpmresp_len < off + sizeof(ksize1))
976 goto err_too_short;
977 memcpy(&ksize1, &tpmresp[off], sizeof(ksize1));
978 ksize1 = be16toh(ksize1);
979 off2 = off + 2 + ksize1;
980
981 if (tpmresp_len < off2 + sizeof(ksize2))
982 goto err_too_short;
983 memcpy(&ksize2, &tpmresp[off2], sizeof(ksize2));
984 ksize2 = be16toh(ksize2);
985
986 if (ksize1 != exp_ksize || ksize2 != exp_ksize) {
987 logerr(self->logfile, "ECC: Getting key parameters from wrong offset\n");
988 return 1;
989 }
990
991 if (ekparam) {
992 unsigned char *xparam = &tpmresp[off + 2];
993 unsigned char *yparam = &tpmresp[off2 + 2];
994 if (tpmresp_len < off + 2 + ksize1 || tpmresp_len < off2 + 2 + ksize2)
995 goto err_too_short;
996 g_autofree gchar *xparam_str = print_as_hex(xparam, ksize1);
997 g_autofree gchar *yparam_str = print_as_hex(yparam, ksize2);
998
999 *ekparam = g_strdup_printf("x=%s,y=%s,id=%s", xparam_str, yparam_str, cid);
1000 }
1001
1002 return 0;
1003
1004 err_too_short:
1005 logerr(self->logfile, "Response from TPM2_CreatePrimary(ECC) is too short!\n");
1006 return 1;
1007 }
1008
1009 static int swtpm_tpm2_createprimary_spk_ecc_nist_p384(struct swtpm *self,
1010 uint32_t *curr_handle)
1011 {
1012 unsigned int keyflags = 0x00030472;
1013 const unsigned char authpolicy[0];
1014 size_t authpolicy_len = sizeof(authpolicy);
1015 const unsigned char symkeydata[] = {AS2BE(TPM2_ALG_AES), AS2BE(256), AS2BE(TPM2_ALG_CFB)};
1016 size_t symkeydata_len = sizeof(symkeydata);
1017 size_t off = 42;
1018
1019 return swtpm_tpm2_createprimary_ecc(self, TPM2_RH_OWNER, keyflags, symkeydata, symkeydata_len,
1020 authpolicy, authpolicy_len, TPM2_ECC_NIST_P384, TPM2_ALG_SHA384,
1021 NONCE_ECC_384, sizeof(NONCE_ECC_384), off, curr_handle,
1022 NULL, 0, NULL, NULL);
1023 }
1024
1025 static int swtpm_tpm2_createprimary_spk_rsa(struct swtpm *self, unsigned int rsa_keysize,
1026 uint32_t *curr_handle)
1027 {
1028 unsigned int keyflags = 0x00030472;
1029 const unsigned char authpolicy[0];
1030 size_t authpolicy_len = sizeof(authpolicy);
1031 unsigned short symkeylen = 0;
1032 unsigned char symkeydata[6];
1033 size_t symkeydata_len;
1034 size_t off = 44;
1035
1036 if (rsa_keysize == 2048)
1037 symkeylen = 128;
1038 else if (rsa_keysize == 3072)
1039 symkeylen = 256;
1040
1041 symkeydata_len = 6;
1042 memcpy(symkeydata,
1043 ((unsigned char[]) {AS2BE(TPM2_ALG_AES), AS2BE(symkeylen), AS2BE(TPM2_ALG_CFB)}),
1044 symkeydata_len);
1045
1046 return swtpm_tpm2_createprimary_rsa(self, TPM2_RH_OWNER, keyflags,
1047 symkeydata, symkeydata_len,
1048 authpolicy, authpolicy_len, rsa_keysize, TRUE,
1049 off, curr_handle, NULL, 0, NULL, NULL);
1050 }
1051
1052 /* Create either an ECC or RSA storage primary key */
1053 static int swtpm_tpm2_create_spk(struct swtpm *self, gboolean isecc, unsigned int rsa_keysize)
1054 {
1055 int ret;
1056 uint32_t curr_handle;
1057
1058 if (isecc)
1059 ret = swtpm_tpm2_createprimary_spk_ecc_nist_p384(self, &curr_handle);
1060 else
1061 ret = swtpm_tpm2_createprimary_spk_rsa(self, rsa_keysize, &curr_handle);
1062
1063 if (ret != 0)
1064 return 1;
1065
1066 ret = swtpm_tpm2_evictcontrol(self, curr_handle, TPM2_SPK_HANDLE);
1067 if (ret == 0)
1068 logit(self->logfile,
1069 "Successfully created storage primary key with handle 0x%x.\n", TPM2_SPK_HANDLE);
1070
1071 return ret;
1072 }
1073
1074 /* Create an ECC EK key that may be allowed to sign and/or decrypt */
1075 static int swtpm_tpm2_createprimary_ek_ecc_nist_p384(struct swtpm *self, gboolean allowsigning,
1076 gboolean decryption, uint32_t *curr_handle,
1077 unsigned char *ektemplate, size_t *ektemplate_len,
1078 gchar **ekparam, const char **key_description)
1079 {
1080 unsigned char authpolicy[48]= {
1081 0xB2, 0x6E, 0x7D, 0x28, 0xD1, 0x1A, 0x50, 0xBC, 0x53, 0xD8, 0x82, 0xBC,
1082 0xF5, 0xFD, 0x3A, 0x1A, 0x07, 0x41, 0x48, 0xBB, 0x35, 0xD3, 0xB4, 0xE4,
1083 0xCB, 0x1C, 0x0A, 0xD9, 0xBD, 0xE4, 0x19, 0xCA, 0xCB, 0x47, 0xBA, 0x09,
1084 0x69, 0x96, 0x46, 0x15, 0x0F, 0x9F, 0xC0, 0x00, 0xF3, 0xF8, 0x0E, 0x12
1085 };
1086 size_t authpolicy_len = 48;
1087 unsigned char symkeydata[6];
1088 size_t symkeydata_len;
1089 unsigned int keyflags;
1090 size_t off;
1091 int ret;
1092
1093 if (allowsigning && decryption) {
1094 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1095 // userWithAuth, adminWithPolicy, sign, decrypt
1096 keyflags = 0x000600f2;
1097 // symmetric: TPM_ALG_NULL
1098 symkeydata_len = 2;
1099 memcpy(symkeydata, ((unsigned char[]){AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
1100 off = 86;
1101 } else if (allowsigning) {
1102 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1103 // userWithAuth, adminWithPolicy, sign
1104 keyflags = 0x000400f2;
1105 // symmetric: TPM_ALG_NULL
1106 symkeydata_len = 2;
1107 memcpy(symkeydata, ((unsigned char[]){AS2BE(TPM2_ALG_NULL)}), symkeydata_len);
1108 off = 86;
1109 } else {
1110 // keyflags: fixedTPM, fixedParent, sensitiveDatOrigin,
1111 // userWithAuth, adminWithPolicy, restricted, decrypt
1112 keyflags = 0x000300f2;
1113 // symmetric: TPM_ALG_AES, 256bit, TPM_ALG_CFB
1114 symkeydata_len = 6;
1115 memcpy(symkeydata,
1116 ((unsigned char[]){ AS2BE(TPM2_ALG_AES), AS2BE(256), AS2BE(TPM2_ALG_CFB)}),
1117 symkeydata_len);
1118 off = 90;
1119 }
1120
1121 ret = swtpm_tpm2_createprimary_ecc(self, TPM2_RH_ENDORSEMENT, keyflags, symkeydata, symkeydata_len,
1122 authpolicy, authpolicy_len, TPM2_ECC_NIST_P384, TPM2_ALG_SHA384,
1123 NONCE_EMPTY, sizeof(NONCE_EMPTY), off, curr_handle,
1124 ektemplate, ektemplate_len, ekparam, key_description);
1125 if (ret != 0)
1126 logerr(self->logfile, "%s failed\n", __func__);
1127
1128 return ret;
1129 }
1130
1131 /* Create an ECC or RSA EK */
1132 static int swtpm_tpm2_create_ek(struct swtpm *self, gboolean isecc, unsigned int rsa_keysize,
1133 gboolean allowsigning, gboolean decryption, gboolean lock_nvram,
1134 gchar **ekparam, const gchar **key_description)
1135 {
1136 uint32_t tpm2_ek_handle, nvindex, curr_handle;
1137 const char *keytype;
1138 int ret;
1139 unsigned char ektemplate[512];
1140 size_t ektemplate_len = sizeof(ektemplate);
1141
1142 if (isecc) {
1143 tpm2_ek_handle = TPM2_EK_ECC_SECP384R1_HANDLE;
1144 keytype = "ECC";
1145 nvindex = TPM2_NV_INDEX_ECC_SECP384R1_HI_EKTEMPLATE;
1146 } else {
1147 if (rsa_keysize == 2048) {
1148 tpm2_ek_handle = TPM2_EK_RSA_HANDLE;
1149 keytype = "RSA 2048";
1150 nvindex = TPM2_NV_INDEX_RSA2048_EKTEMPLATE;
1151 } else if (rsa_keysize == 3072) {
1152 tpm2_ek_handle = TPM2_EK_RSA3072_HANDLE;
1153 keytype = "RSA 3072";
1154 nvindex = TPM2_NV_INDEX_RSA3072_HI_EKTEMPLATE;
1155 } else {
1156 logerr(self->logfile, "Internal error: Unsupported RSA keysize %u.\n", rsa_keysize);
1157 return 1;
1158 }
1159 }
1160 if (isecc)
1161 ret = swtpm_tpm2_createprimary_ek_ecc_nist_p384(self, allowsigning, decryption, &curr_handle,
1162 ektemplate, &ektemplate_len, ekparam,
1163 key_description);
1164 else
1165 ret = swtpm_tpm2_createprimary_ek_rsa(self, rsa_keysize, allowsigning, decryption, &curr_handle,
1166 ektemplate, &ektemplate_len, ekparam, key_description);
1167
1168 if (ret == 0)
1169 ret = swtpm_tpm2_evictcontrol(self, curr_handle, tpm2_ek_handle);
1170 if (ret != 0) {
1171 logerr(self->logfile, "create_ek failed: 0x%x\n", ret);
1172 return 1;
1173 }
1174
1175 logit(self->logfile,
1176 "Successfully created %s EK with handle 0x%x.\n", keytype, tpm2_ek_handle);
1177
1178 if (allowsigning) {
1179 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE | \
1180 TPMA_NV_AUTHREAD | \
1181 TPMA_NV_OWNERREAD | \
1182 TPMA_NV_PPREAD | \
1183 TPMA_NV_PPWRITE | \
1184 TPMA_NV_NO_DA | \
1185 TPMA_NV_WRITEDEFINE;
1186 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, ektemplate, ektemplate_len,
1187 lock_nvram, "EK template");
1188 if (ret == 0)
1189 logit(self->logfile,
1190 "Successfully created NVRAM area 0x%x for %s EK template.\n",
1191 nvindex, keytype);
1192 }
1193
1194 return ret;
1195 }
1196
1197 static int swtpm_tpm2_nvdefinespace(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
1198 uint16_t data_len)
1199 {
1200 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_DEFINESPACE);
1201 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1202 g_autofree unsigned char *nvpublic = NULL;
1203 ssize_t nvpublic_len;
1204 g_autofree unsigned char *req = NULL;
1205 ssize_t req_len;
1206
1207 nvpublic_len = memconcat(&nvpublic,
1208 (unsigned char[]){
1209 AS4BE(nvindex), AS2BE(TPM2_ALG_SHA256), AS4BE(nvindexattrs),
1210 AS2BE(0), AS2BE(data_len)}, (size_t)14,
1211 NULL);
1212 if (nvpublic_len < 0) {
1213 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1214 return 1;
1215 }
1216
1217 req_len = memconcat(&req,
1218 &hdr, sizeof(hdr),
1219 (unsigned char[]){AS4BE(TPM2_RH_PLATFORM), AS4BE(sizeof(authblock))}, (size_t)8,
1220 &authblock, sizeof(authblock),
1221 (unsigned char[]){AS2BE(0), AS2BE(nvpublic_len)}, (size_t)4,
1222 nvpublic, nvpublic_len,
1223 NULL);
1224 if (req_len < 0) {
1225 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1226 return 1;
1227 }
1228
1229 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1230
1231 return transfer(self, req, req_len, "TPM2_NV_DefineSpace", FALSE, NULL, 0);
1232 }
1233
1234 /* Write the data into the given NVIndex */
1235 static int swtpm_tpm2_nv_write(struct swtpm *self, uint32_t nvindex,
1236 const unsigned char *data, size_t data_len)
1237 {
1238 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_WRITE);
1239 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1240 g_autofree unsigned char *req = NULL;
1241 ssize_t req_len;
1242 size_t offset = 0, txlen;
1243 int ret;
1244
1245 while (offset < data_len) {
1246 txlen = min(data_len - offset, 1024);
1247
1248 g_free(req);
1249 req_len = memconcat(&req,
1250 &hdr, sizeof(hdr),
1251 (unsigned char[]){
1252 AS4BE(TPM2_RH_PLATFORM), AS4BE(nvindex), AS4BE(sizeof(authblock))
1253 }, (size_t)12,
1254 &authblock, sizeof(authblock),
1255 (unsigned char[]){AS2BE(txlen)}, (size_t)2,
1256 &data[offset], txlen,
1257 (unsigned char[]){AS2BE(offset)}, (size_t)2,
1258 NULL);
1259 if (req_len < 0) {
1260 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1261 return 1;
1262 }
1263 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1264
1265 ret = transfer(self, req, req_len, "TPM2_NV_Write", FALSE, NULL, 0);
1266 if (ret != 0)
1267 return 1;
1268
1269 offset += txlen;
1270 }
1271 return 0;
1272 }
1273
1274 static int swtpm_tpm2_nv_writelock(struct swtpm *self, uint32_t nvindex)
1275 {
1276 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM2_ST_SESSIONS, 0, TPM2_CC_NV_WRITELOCK);
1277 struct tpm2_authblock authblock = TPM2_AUTHBLOCK_INITIALIZER(TPM2_RS_PW, 0, 0, 0);
1278 g_autofree unsigned char *req;
1279 ssize_t req_len;
1280
1281 req_len = memconcat(&req,
1282 &hdr, sizeof(hdr),
1283 (unsigned char[]){
1284 AS4BE(TPM2_RH_PLATFORM), AS4BE(nvindex), AS4BE(sizeof(authblock))
1285 }, (size_t)12,
1286 &authblock, sizeof(authblock),
1287 NULL);
1288 if (req_len < 0) {
1289 logerr(self->logfile, "Internal error in %s: memconcat failed\n", __func__);
1290 return 1;
1291 }
1292
1293 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1294
1295 return transfer(self, req, req_len, "TPM2_NV_WriteLock", FALSE, NULL, 0);
1296 }
1297
1298 static int swtpm_tpm2_write_nvram(struct swtpm *self, uint32_t nvindex, uint32_t nvindexattrs,
1299 const unsigned char *data, size_t data_len, gboolean lock_nvram,
1300 const char *purpose)
1301 {
1302 int ret = swtpm_tpm2_nvdefinespace(self, nvindex, nvindexattrs, data_len);
1303 if (ret != 0) {
1304 logerr(self->logfile, "Could not create NVRAM area 0x%x for %s.\n", nvindex, purpose);
1305 return 1;
1306 }
1307
1308 ret = swtpm_tpm2_nv_write(self, nvindex, data, data_len);
1309 if (ret != 0) {
1310 logerr(self->logfile,
1311 "Could not write %s into NVRAM area 0x%x.\n", purpose, nvindex);
1312 return 1;
1313 }
1314
1315 if (lock_nvram) {
1316 ret = swtpm_tpm2_nv_writelock(self, nvindex);
1317 if (ret != 0) {
1318 logerr(self->logfile, "Could not lock EK template NVRAM area 0x%x.\n", nvindex);
1319 return 1;
1320 }
1321 }
1322
1323 return 0;
1324 }
1325
1326 /* Write the platform certificate into an NVRAM area */
1327 static int swtpm_tpm2_write_ek_cert_nvram(struct swtpm *self, gboolean isecc,
1328 unsigned int rsa_keysize, gboolean lock_nvram,
1329 const unsigned char *data, size_t data_len)
1330 {
1331 uint32_t nvindex = 0;
1332 g_autofree gchar *keytype = NULL;
1333 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE |
1334 TPMA_NV_AUTHREAD |
1335 TPMA_NV_OWNERREAD |
1336 TPMA_NV_PPREAD |
1337 TPMA_NV_PPWRITE |
1338 TPMA_NV_NO_DA |
1339 TPMA_NV_WRITEDEFINE;
1340 int ret;
1341
1342 if (!isecc) {
1343 if (rsa_keysize == 2048)
1344 nvindex = TPM2_NV_INDEX_RSA2048_EKCERT;
1345 else if (rsa_keysize == 3072)
1346 nvindex = TPM2_NV_INDEX_RSA3072_HI_EKCERT;
1347 keytype = g_strdup_printf("RSA %d", rsa_keysize);
1348 } else {
1349 nvindex = TPM2_NV_INDEX_ECC_SECP384R1_HI_EKCERT;
1350 keytype = g_strdup("ECC");
1351 }
1352
1353 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, data, data_len, lock_nvram,
1354 "EK Certificate");
1355 if (ret == 0)
1356 logit(self->logfile,
1357 "Successfully created NVRAM area 0x%x for %s EK certificate.\n",
1358 nvindex, keytype);
1359 else
1360 logerr(self->logfile,
1361 "Could not create NVRAM area 0x%x for %s EK certificate.\n",
1362 nvindex, keytype);
1363 return ret;
1364 }
1365
1366 static int swtpm_tpm2_write_platform_cert_nvram(struct swtpm *self, gboolean lock_nvram,
1367 const unsigned char *data, size_t data_len)
1368 {
1369 uint32_t nvindex = TPM2_NV_INDEX_PLATFORMCERT;
1370 uint32_t nvindexattrs = TPMA_NV_PLATFORMCREATE |
1371 TPMA_NV_AUTHREAD |
1372 TPMA_NV_OWNERREAD |
1373 TPMA_NV_PPREAD |
1374 TPMA_NV_PPWRITE |
1375 TPMA_NV_NO_DA |
1376 TPMA_NV_WRITEDEFINE;
1377 int ret;
1378
1379 ret = swtpm_tpm2_write_nvram(self, nvindex, nvindexattrs, data, data_len, lock_nvram,
1380 "Platform Certificate");
1381 if (ret == 0)
1382 logit(self->logfile,
1383 "Successfully created NVRAM area 0x%x for platform certificate.\n", nvindex);
1384 else
1385 logerr(self->logfile,
1386 "Could not create NVRAM area 0x%x for platform certificate.\n", nvindex);
1387
1388 return ret;
1389 }
1390
1391 static const struct swtpm2_ops swtpm_tpm2_ops = {
1392 .shutdown = swtpm_tpm2_shutdown,
1393 .create_spk = swtpm_tpm2_create_spk,
1394 .create_ek = swtpm_tpm2_create_ek,
1395 .get_all_pcr_banks = swtpm_tpm2_get_all_pcr_banks,
1396 .set_active_pcr_banks = swtpm_tpm2_set_active_pcr_banks,
1397 .write_ek_cert_nvram = swtpm_tpm2_write_ek_cert_nvram,
1398 .write_platform_cert_nvram = swtpm_tpm2_write_platform_cert_nvram,
1399 };
1400
1401 /*
1402 * TPM 1.2 support
1403 */
1404 #define TPM_TAG_RQU_COMMAND 0x00c1
1405 #define TPM_TAG_RQU_AUTH1_COMMAND 0x00c2
1406
1407 #define TPM_ORD_OIAP 0x0000000A
1408 #define TPM_ORD_TAKE_OWNERSHIP 0x0000000D
1409 #define TPM_ORD_PHYSICAL_ENABLE 0x0000006F
1410 #define TPM_ORD_PHYSICAL_SET_DEACTIVATED 0x00000072
1411 #define TPM_ORD_NV_DEFINE_SPACE 0x000000CC
1412 #define TPM_ORD_NV_WRITE_VALUE 0x000000CD
1413 #define TSC_ORD_PHYSICAL_PRESENCE 0x4000000A
1414
1415 #define TPM_ST_CLEAR 0x0001
1416
1417 #define TPM_PHYSICAL_PRESENCE_CMD_ENABLE 0x0020
1418 #define TPM_PHYSICAL_PRESENCE_PRESENT 0x0008
1419
1420 #define TPM_ALG_RSA 0x00000001
1421
1422 #define TPM_KEY_STORAGE 0x0011
1423
1424 #define TPM_AUTH_ALWAYS 0x01
1425
1426 #define TPM_PID_OWNER 0x0005
1427
1428 #define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
1429 #define TPM_SS_NONE 0x0001
1430
1431 #define TPM_TAG_PCR_INFO_LONG 0x0006
1432 #define TPM_TAG_NV_ATTRIBUTES 0x0017
1433 #define TPM_TAG_NV_DATA_PUBLIC 0x0018
1434 #define TPM_TAG_KEY12 0x0028
1435
1436 #define TPM_LOC_ZERO 0x01
1437 #define TPM_LOC_ALL 0x1f
1438
1439 #define TPM_NV_INDEX_D_BIT 0x10000000
1440 #define TPM_NV_INDEX_EKCERT 0xF000
1441 #define TPM_NV_INDEX_PLATFORMCERT 0xF002
1442
1443 #define TPM_NV_INDEX_LOCK 0xFFFFFFFF
1444
1445 #define TPM_NV_PER_OWNERREAD 0x00020000
1446 #define TPM_NV_PER_OWNERWRITE 0x00000002
1447
1448 #define TPM_ET_OWNER 0x02
1449 #define TPM_ET_NV 0x0b
1450
1451 #define TPM_KH_EK 0x40000006
1452
1453
1454 static int swtpm_tpm12_tsc_physicalpresence(struct swtpm *self, uint16_t physicalpresence)
1455 {
1456 struct tpm12_tsc_physicalpresence {
1457 struct tpm_req_header hdr;
1458 uint16_t pp;
1459 } req = {
1460 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TSC_ORD_PHYSICAL_PRESENCE),
1461 .pp = htobe16(physicalpresence),
1462 };
1463
1464 return transfer(self, &req, sizeof(req), "TSC_PhysicalPresence", FALSE, NULL, NULL);
1465 }
1466
1467 static int swtpm_tpm12_physical_enable(struct swtpm *self)
1468 {
1469 struct tpm_req_header req = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_PHYSICAL_ENABLE);
1470
1471 return transfer(self, &req, sizeof(req), "TPM_PhysicalEnable", FALSE, NULL, NULL);
1472 }
1473
1474 static int swtpm_tpm12_physical_set_deactivated(struct swtpm *self, uint8_t state)
1475 {
1476 struct tpm12_tsc_physical_set_deactivated {
1477 struct tpm_req_header hdr;
1478 uint8_t state;
1479 } req = {
1480 .hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_PHYSICAL_SET_DEACTIVATED),
1481 .state = state,
1482 };
1483
1484 return transfer(self, &req, sizeof(req), "TSC_PhysicalSetDeactivated", FALSE, NULL, NULL);
1485 }
1486
1487 /* Initialize the TPM1.2 */
1488 static int swtpm_tpm12_run_swtpm_bios(struct swtpm *self)
1489 {
1490 if (swtpm_tpm12_tsc_physicalpresence(self, TPM_PHYSICAL_PRESENCE_CMD_ENABLE) ||
1491 swtpm_tpm12_tsc_physicalpresence(self, TPM_PHYSICAL_PRESENCE_PRESENT) ||
1492 swtpm_tpm12_physical_enable(self) ||
1493 swtpm_tpm12_physical_set_deactivated(self, 0))
1494 return 1;
1495
1496 return 0;
1497 }
1498
1499 static int swptm_tpm12_create_endorsement_keypair(struct swtpm *self,
1500 gchar **pubek, size_t *pubek_len)
1501 {
1502 unsigned char req[] = {
1503 0x00, 0xc1, 0x00, 0x00, 0x00, 0x36, 0x00, 0x00, 0x00, 0x78, 0x38, 0xf0, 0x30, 0x81, 0x07, 0x2b,
1504 0x0c, 0xa9, 0x10, 0x98, 0x08, 0xc0, 0x4B, 0x05, 0x11, 0xc9, 0x50, 0x23, 0x52, 0xc4, 0x00, 0x00,
1505 0x00, 0x01, 0x00, 0x03, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
1506 0x00, 0x02, 0x00, 0x00, 0x00, 0x00
1507 };
1508 unsigned char tpmresp[512];
1509 size_t tpmresp_len = sizeof(tpmresp);
1510 uint32_t length;
1511 int ret;
1512
1513 ret = transfer(self, &req, sizeof(req), "TPM_CreateEndorsementKeyPair", FALSE, &tpmresp, &tpmresp_len);
1514 if (ret != 0)
1515 return 1;
1516
1517 if (tpmresp_len < 34 + sizeof(length))
1518 goto err_too_short;
1519 memcpy(&length, &tpmresp[34], sizeof(length));
1520 length = be32toh(length);
1521 if (length != 256) {
1522 logerr(self->logfile, "Offset to EK Public key is wrong.\n");
1523 return 1;
1524 }
1525
1526 *pubek_len = 256;
1527 if (tpmresp_len < 38 + *pubek_len)
1528 goto err_too_short;
1529 *pubek = g_malloc(256);
1530 memcpy(*pubek, &tpmresp[38], *pubek_len);
1531
1532 return 0;
1533
1534 err_too_short:
1535 logerr(self->logfile, "Response from TPM_CreateEndorsementKeyPair is too short!\n");
1536 return 1;
1537 }
1538
1539 /* Create an OIAP session */
1540 static int swtpm_tpm12_oiap(struct swtpm *self, uint32_t *authhandle, unsigned char nonce_even[SHA_DIGEST_LENGTH])
1541 {
1542 struct tpm_req_header req = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, sizeof(req), TPM_ORD_OIAP);
1543 unsigned char tpmresp[64];
1544 size_t tpmresp_len = sizeof(tpmresp);
1545 int ret;
1546
1547 ret = transfer(self, &req, sizeof(req), "TPM_OIAP", FALSE, &tpmresp, &tpmresp_len);
1548 if (ret != 0)
1549 return ret;
1550
1551 if (tpmresp_len < 10 + sizeof(*authhandle) || tpmresp_len < 14 + SHA_DIGEST_LENGTH)
1552 goto err_too_short;
1553 memcpy(authhandle, &tpmresp[10], sizeof(*authhandle));
1554 *authhandle = be32toh(*authhandle);
1555 memcpy(nonce_even, &tpmresp[14], SHA_DIGEST_LENGTH);
1556
1557 return 0;
1558
1559 err_too_short:
1560 logerr(self->logfile, "Response from TPM_OIAP is too short!\n");
1561 return 1;
1562 }
1563
1564 static int swtpm_tpm12_take_ownership(struct swtpm *self, const unsigned char ownerpass_digest[SHA_DIGEST_LENGTH],
1565 const unsigned char srkpass_digest[SHA_DIGEST_LENGTH],
1566 const unsigned char *pubek, size_t pubek_len)
1567 {
1568 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_AUTH1_COMMAND, 0, TPM_ORD_TAKE_OWNERSHIP);
1569 EVP_PKEY *pkey = NULL;
1570 EVP_PKEY_CTX *ctx = NULL;
1571 BIGNUM *exp = BN_new();
1572 BIGNUM *mod = NULL;
1573 #if OPENSSL_VERSION_NUMBER < 0x30000000L
1574 RSA *rsakey = RSA_new();
1575 #endif
1576 int ret = 1;
1577 const EVP_MD *sha1 = EVP_sha1();
1578 g_autofree unsigned char *enc_owner_auth = g_malloc(pubek_len);
1579 size_t enc_owner_auth_len = pubek_len;
1580 g_autofree unsigned char *enc_srk_auth = g_malloc(pubek_len);
1581 size_t enc_srk_auth_len = pubek_len;
1582 uint32_t auth_handle;
1583 unsigned char nonce_even[SHA_DIGEST_LENGTH];
1584 unsigned char nonce_odd[SHA_DIGEST_LENGTH] = {1, 2, 3, 4, 5, 6, };
1585 g_autofree unsigned char *tpm_rsa_key_parms = NULL;
1586 ssize_t tpm_rsa_key_parms_len;
1587 g_autofree unsigned char *tpm_key_parms = NULL;
1588 ssize_t tpm_key_parms_len;
1589 g_autofree unsigned char *tpm_key12 = NULL;
1590 ssize_t tpm_key12_len;
1591 g_autofree unsigned char *in_auth_setup_params = NULL;
1592 ssize_t in_auth_setup_params_len;
1593 g_autofree unsigned char *macinput = NULL;
1594 ssize_t macinput_len;
1595 unsigned char in_param_digest[SHA_DIGEST_LENGTH];
1596 unsigned char owner_auth[SHA_DIGEST_LENGTH];
1597 unsigned int owner_auth_len = sizeof(owner_auth);
1598 uint8_t continue_auth_session = 0;
1599 unsigned char req[1024];
1600 ssize_t req_len, len;
1601 struct tpm_req_header *trh;
1602
1603 mod = BN_bin2bn((const unsigned char *)pubek, pubek_len, NULL);
1604 if (exp == NULL || mod == NULL ||
1605 BN_hex2bn(&exp, "10001") == 0) {
1606 logerr(self->logfile, "Could not create public RSA key!\n");
1607 goto error_free_bn;
1608 }
1609
1610 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1611 ctx = EVP_PKEY_CTX_new_from_name(NULL, "rsa", NULL);
1612 if (ctx != NULL) {
1613 OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
1614 OSSL_PARAM *params;
1615
1616 if (bld == NULL ||
1617 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, exp) != 1 ||
1618 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, mod) != 1 ||
1619 (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) {
1620 OSSL_PARAM_BLD_free(bld);
1621 goto error_free_bn;
1622 }
1623 OSSL_PARAM_BLD_free(bld);
1624
1625 if (EVP_PKEY_fromdata_init(ctx) != 1 ||
1626 EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) != 1) {
1627 logerr(self->logfile, "Could not set pkey parameters!\n");
1628 OSSL_PARAM_free(params);
1629 goto error_free_bn;
1630 }
1631 OSSL_PARAM_free(params);
1632
1633 EVP_PKEY_CTX_free(ctx);
1634 } else {
1635 logerr(self->logfile, "Could not create key creation context!\n");
1636 goto error_free_bn;
1637 }
1638 ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
1639 if (ctx == NULL)
1640 goto error_free_bn;
1641 #else
1642 pkey = EVP_PKEY_new();
1643 if (pkey == NULL) {
1644 logerr(self->logfile, "Could not allocate pkey!\n");
1645 goto error_free_bn;
1646 }
1647
1648 # if OPENSSL_VERSION_NUMBER < 0x10100000
1649 rsakey->n = mod;
1650 rsakey->e = exp;
1651 # else
1652 if (RSA_set0_key(rsakey, mod, exp, NULL) != 1) {
1653 logerr(self->logfile, "Could not create public RSA key!\n");
1654 goto error_free_bn;
1655 }
1656 # endif
1657 if (EVP_PKEY_assign_RSA(pkey, rsakey) != 1) {
1658 logerr(self->logfile, "Could not create public RSA key!\n");
1659 goto error_free_pkey_and_rsa;
1660 }
1661
1662 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1663 if (ctx == NULL)
1664 goto error_free_pkey;
1665 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
1666
1667 if (EVP_PKEY_encrypt_init(ctx) < 1 ||
1668 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) < 1 ||
1669 EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sha1) < 1 ||
1670 EVP_PKEY_CTX_set_rsa_oaep_md(ctx, sha1) < 1 ||
1671 EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, g_strdup("TCPA"), 4) < 1 ||
1672 EVP_PKEY_encrypt(ctx, enc_owner_auth, &enc_owner_auth_len,
1673 ownerpass_digest, SHA_DIGEST_LENGTH) < 1||
1674 EVP_PKEY_encrypt(ctx, enc_srk_auth, &enc_srk_auth_len,
1675 srkpass_digest, SHA_DIGEST_LENGTH) < 1) {
1676 logerr(self->logfile, "Internal error in %s: encryption failed\n", __func__);
1677 goto error;
1678 }
1679 ret = swtpm_tpm12_oiap(self, &auth_handle, nonce_even);
1680 if (ret != 0)
1681 goto error;
1682
1683 tpm_rsa_key_parms_len = memconcat(&tpm_rsa_key_parms,
1684 (unsigned char[]){
1685 AS4BE(2048), AS4BE(2), AS4BE(0)
1686 }, (size_t)12,
1687 NULL);
1688 if (tpm_rsa_key_parms_len < 0) {
1689 logerr(self->logfile, "Internal error in %s: out of memory\n");
1690 goto error;
1691 }
1692
1693 tpm_key_parms_len = memconcat(&tpm_key_parms,
1694 (unsigned char[]){
1695 AS4BE(TPM_ALG_RSA),
1696 AS2BE(TPM_ES_RSAESOAEP_SHA1_MGF1),
1697 AS2BE(TPM_SS_NONE),
1698 AS4BE(tpm_rsa_key_parms_len)}, (size_t)12,
1699 tpm_rsa_key_parms, tpm_rsa_key_parms_len,
1700 NULL);
1701 if (tpm_key_parms_len < 0) {
1702 logerr(self->logfile, "Internal error in %s: out of memory\n");
1703 goto error;
1704 }
1705
1706 tpm_key12_len = memconcat(&tpm_key12,
1707 (unsigned char[]){
1708 AS2BE(TPM_TAG_KEY12), AS2BE(0),
1709 AS2BE(TPM_KEY_STORAGE), AS4BE(0), TPM_AUTH_ALWAYS
1710 }, (size_t)11,
1711 tpm_key_parms, tpm_key_parms_len,
1712 (unsigned char[]){AS4BE(0), AS4BE(0), AS4BE(0)}, (size_t)12,
1713 NULL);
1714 if (tpm_key12_len < 0) {
1715 logerr(self->logfile, "Internal error in %s: out of memory\n");
1716 goto error;
1717 }
1718
1719 req_len = concat(req, sizeof(req),
1720 &hdr, sizeof(hdr),
1721 (unsigned char[]){AS2BE(TPM_PID_OWNER), AS4BE(enc_owner_auth_len)}, (size_t)6,
1722 enc_owner_auth, enc_owner_auth_len,
1723 (unsigned char[]){AS4BE(enc_srk_auth_len)}, (size_t)4,
1724 enc_srk_auth, enc_srk_auth_len,
1725 tpm_key12, tpm_key12_len,
1726 NULL);
1727 if (req_len < 0) {
1728 logerr(self->logfile, "Internal error in %s: req is too small\n");
1729 goto error;
1730 }
1731 SHA1(&req[6], req_len - 6, in_param_digest);
1732
1733 in_auth_setup_params_len = memconcat(&in_auth_setup_params,
1734 nonce_even, sizeof(nonce_even),
1735 nonce_odd, sizeof(nonce_odd),
1736 &continue_auth_session, (size_t)1,
1737 NULL);
1738 if (in_auth_setup_params_len < 0) {
1739 logerr(self->logfile, "Internal error in %s: out of memory\n");
1740 goto error;
1741 }
1742
1743 macinput_len = memconcat(&macinput,
1744 in_param_digest, sizeof(in_param_digest),
1745 in_auth_setup_params, in_auth_setup_params_len,
1746 NULL);
1747 if (macinput_len < 0) {
1748 logerr(self->logfile, "Internal error in %s: out of memory\n");
1749 goto error;
1750 }
1751
1752 HMAC(sha1, ownerpass_digest, SHA_DIGEST_LENGTH, macinput, macinput_len,
1753 owner_auth, &owner_auth_len);
1754
1755 len = concat(&req[req_len], sizeof(req) - req_len,
1756 (unsigned char[]){AS4BE(auth_handle)}, (size_t)4,
1757 nonce_odd, sizeof(nonce_odd),
1758 &continue_auth_session, (size_t)1,
1759 owner_auth, owner_auth_len,
1760 NULL);
1761 if (len < 0) {
1762 logerr(self->logfile, "Internal error in %s: req is too small\n");
1763 goto error;
1764 }
1765 req_len += len;
1766
1767 trh = (struct tpm_req_header *)req; /* old gcc type-punned pointer */
1768 trh->size = htobe32(req_len);
1769
1770 ret = transfer(self, req, req_len, "TPM_TakeOwnership", FALSE, NULL, 0);
1771
1772 error:
1773 EVP_PKEY_free(pkey);
1774 EVP_PKEY_CTX_free(ctx);
1775 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
1776 BN_free(exp);
1777 BN_free(mod);
1778 #endif
1779 return ret;
1780
1781 error_free_bn:
1782 BN_free(exp);
1783 BN_free(mod);
1784
1785 #if OPENSSL_VERSION_NUMBER < 0x30000000L
1786 error_free_pkey_and_rsa:
1787 RSA_free(rsakey);
1788 error_free_pkey:
1789 #else
1790 EVP_PKEY_CTX_free(ctx);
1791 #endif
1792 EVP_PKEY_free(pkey);
1793
1794 return 1;
1795 }
1796
1797 static int swtpm_tpm12_nv_define_space(struct swtpm *self, uint32_t nvindex,
1798 uint32_t nvindexattrs, size_t size)
1799 {
1800 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, 0, TPM_ORD_NV_DEFINE_SPACE);
1801 g_autofree unsigned char *pcr_info_short = NULL;
1802 ssize_t pcr_info_short_len;
1803 g_autofree unsigned char *nv_data_public = NULL;
1804 ssize_t nv_data_public_len;
1805 g_autofree unsigned char *req = NULL;
1806 ssize_t req_len;
1807 unsigned char zeroes[SHA_DIGEST_LENGTH] = {0, };
1808
1809 pcr_info_short_len = memconcat(&pcr_info_short,
1810 (unsigned char[]){AS2BE(3), 0, 0, 0, TPM_LOC_ALL}, (size_t)6,
1811 zeroes, sizeof(zeroes),
1812 NULL);
1813 if (pcr_info_short_len < 0) {
1814 logerr(self->logfile, "Internal error in %s: out of memory\n");
1815 return 1;
1816 }
1817
1818 nv_data_public_len = memconcat(&nv_data_public,
1819 (unsigned char[]){
1820 AS2BE(TPM_TAG_NV_DATA_PUBLIC), AS4BE(nvindex)
1821 }, (size_t)6,
1822 pcr_info_short, pcr_info_short_len,
1823 pcr_info_short, pcr_info_short_len,
1824 (unsigned char[]){
1825 AS2BE(TPM_TAG_NV_ATTRIBUTES), AS4BE(nvindexattrs),
1826 0, 0, 0, AS4BE(size)
1827 }, (size_t)13,
1828 NULL);
1829 if (nv_data_public_len < 0) {
1830 logerr(self->logfile, "Internal error in %s: out of memory\n");
1831 return 1;
1832 }
1833
1834 req_len = memconcat(&req,
1835 &hdr, sizeof(hdr),
1836 nv_data_public, nv_data_public_len,
1837 zeroes, sizeof(zeroes),
1838 NULL);
1839 if (req_len < 0) {
1840 logerr(self->logfile, "Internal error in %s: out of memory\n");
1841 return 1;
1842 }
1843
1844 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1845
1846 return transfer(self, req, req_len, "TPM_NV_DefineSpace", FALSE, NULL, 0);
1847 }
1848
1849 static int swtpm_tpm12_nv_write_value(struct swtpm *self, uint32_t nvindex,
1850 const unsigned char *data, size_t data_len)
1851 {
1852 struct tpm_req_header hdr = TPM_REQ_HEADER_INITIALIZER(TPM_TAG_RQU_COMMAND, 0, TPM_ORD_NV_WRITE_VALUE);
1853 g_autofree unsigned char *req = NULL;
1854 ssize_t req_len;
1855
1856 req_len = memconcat(&req,
1857 &hdr, sizeof(hdr),
1858 (unsigned char[]){AS4BE(nvindex), AS4BE(0), AS4BE(data_len)}, (size_t)12,
1859 data, data_len,
1860 NULL);
1861 if (req_len < 0) {
1862 logerr(self->logfile, "Internal error in %s: out of memory\n");
1863 return 1;
1864 }
1865
1866 ((struct tpm_req_header *)req)->size = htobe32(req_len);
1867
1868 return transfer(self, req, req_len, "TPM_NV_DefineSpace", FALSE, NULL, 0);
1869 }
1870
1871 /* Write the EK Certificate into NVRAM */
1872 static int swtpm_tpm12_write_ek_cert_nvram(struct swtpm *self,
1873 const unsigned char *data, size_t data_len)
1874 {
1875 uint32_t nvindex = TPM_NV_INDEX_EKCERT | TPM_NV_INDEX_D_BIT;
1876 int ret = swtpm_tpm12_nv_define_space(self, nvindex,
1877 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE, data_len);
1878 if (ret != 0)
1879 return 1;
1880
1881 ret = swtpm_tpm12_nv_write_value(self, nvindex, data, data_len);
1882 if (ret != 0)
1883 return 1;
1884
1885 return 0;
1886 }
1887
1888 /* Write the Platform Certificate into NVRAM */
1889 static int swtpm_tpm12_write_platform_cert_nvram(struct swtpm *self,
1890 const unsigned char *data, size_t data_len)
1891 {
1892 uint32_t nvindex = TPM_NV_INDEX_PLATFORMCERT | TPM_NV_INDEX_D_BIT;
1893 int ret = swtpm_tpm12_nv_define_space(self, nvindex,
1894 TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE, data_len);
1895 if (ret != 0)
1896 return 1;
1897
1898 ret = swtpm_tpm12_nv_write_value(self, nvindex, data, data_len);
1899 if (ret != 0)
1900 return 1;
1901
1902 return 0;
1903 }
1904
1905 static int swtpm_tpm12_nv_lock(struct swtpm *self)
1906 {
1907 return swtpm_tpm12_nv_define_space(self, TPM_NV_INDEX_LOCK, 0, 0);
1908 }
1909
1910 static const struct swtpm12_ops swtpm_tpm12_ops = {
1911 .run_swtpm_bios = swtpm_tpm12_run_swtpm_bios,
1912 .create_endorsement_key_pair = swptm_tpm12_create_endorsement_keypair,
1913 .take_ownership = swtpm_tpm12_take_ownership,
1914 .write_ek_cert_nvram = swtpm_tpm12_write_ek_cert_nvram,
1915 .write_platform_cert_nvram = swtpm_tpm12_write_platform_cert_nvram,
1916 .nv_lock = swtpm_tpm12_nv_lock,
1917 };
1918
1919 static void swtpm_init(struct swtpm *swtpm,
1920 gchar **swtpm_exec_l, const gchar *state_path,
1921 const gchar *keyopts, const gchar *logfile,
1922 int *fds_to_pass, size_t n_fds_to_pass,
1923 gboolean is_tpm2)
1924 {
1925 swtpm->cops = &swtpm_cops;
1926 swtpm->swtpm_exec_l = swtpm_exec_l;
1927 swtpm->state_path = state_path;
1928 swtpm->keyopts = keyopts;
1929 swtpm->logfile = logfile;
1930 swtpm->fds_to_pass = fds_to_pass;
1931 swtpm->n_fds_to_pass = n_fds_to_pass;
1932 swtpm->is_tpm2 = is_tpm2;
1933
1934 swtpm->pid = -1;
1935 swtpm->ctrl_fds[0] = swtpm->ctrl_fds[1] = -1;
1936 swtpm->data_fds[0] = swtpm->data_fds[1] = -1;
1937 }
1938
1939 struct swtpm12 *swtpm12_new(gchar **swtpm_exec_l, const gchar *state_path,
1940 const gchar *keyopts, const gchar *logfile,
1941 int *fds_to_pass, size_t n_fds_to_pass)
1942 {
1943 struct swtpm12 *swtpm12 = g_malloc0(sizeof(struct swtpm12));
1944
1945 swtpm_init(&swtpm12->swtpm, swtpm_exec_l, state_path, keyopts, logfile,
1946 fds_to_pass, n_fds_to_pass, FALSE);
1947 swtpm12->ops = &swtpm_tpm12_ops;
1948
1949 return swtpm12;
1950 }
1951
1952 struct swtpm2 *swtpm2_new(gchar **swtpm_exec_l, const gchar *state_path,
1953 const gchar *keyopts, const gchar *logfile,
1954 int *fds_to_pass, size_t n_fds_to_pass)
1955 {
1956 struct swtpm2 *swtpm2 = g_malloc0(sizeof(struct swtpm2));
1957
1958 swtpm_init(&swtpm2->swtpm, swtpm_exec_l, state_path, keyopts, logfile,
1959 fds_to_pass, n_fds_to_pass, TRUE);
1960 swtpm2->ops = &swtpm_tpm2_ops;
1961
1962 return swtpm2;
1963 }
1964
1965 void swtpm_free(struct swtpm *swtpm) {
1966 if (!swtpm)
1967 return;
1968 g_free(swtpm);
1969 }
1970
Software TPM used for PVE's Virtual Machines