Beispiel #1
0
TSS2_RC EncryptCFB( SESSION *session, TPM2B_MAX_BUFFER *encryptedData, TPM2B_MAX_BUFFER *clearData, TPM2B_AUTH *authValue )
{
    TSS2_RC rval = TSS2_RC_SUCCESS;
    TPM2B_MAX_BUFFER encryptKey;
    TPM2B_IV ivIn, ivOut;
    TPM_HANDLE keyHandle;
    TPM2B_NAME keyName;
    TSS2_SYS_CONTEXT *sysContext;

    // Authorization structure for command.
    TPMS_AUTH_COMMAND sessionData;

    // Create and init authorization area for command:
    // only 1 authorization area.
    TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };

    // Authorization array for command (only has one auth structure).
    TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };

    sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
    {
        TeardownSysContext( &sysContext );
        return TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED;
    }

    rval = GenerateSessionEncryptDecryptKey( session, &encryptKey, &ivIn, authValue );

    if( rval == TSS2_RC_SUCCESS )
    {
        rval = LoadSessionEncryptDecryptKey( &session->symmetric, &encryptKey, &keyHandle, &keyName );
        if( rval == TSS2_RC_SUCCESS )
        {
            // Encrypt the data.
            sessionData.sessionHandle = TPM_RS_PW;
            sessionData.nonce.t.size = 0;
            *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
            sessionData.hmac.t.size = 0;
            encryptedData->t.size = sizeof( *encryptedData ) - 1;
            ivOut.t.size = sizeof( ivOut ) - 2;
            rval = Tss2_Sys_EncryptDecrypt( sysContext, keyHandle, &sessionsData, NO, TPM_ALG_CFB, &ivIn,
                    clearData, encryptedData, &ivOut, 0 );
            if( rval == TSS2_RC_SUCCESS )
            {
                rval = Tss2_Sys_FlushContext( sysContext, keyHandle );
            }
        }
    }
    TeardownSysContext( &sysContext );
    
    return rval;
}
UINT32 TpmHandleToName( TPM_HANDLE handle, TPM2B_NAME *name )
{
    TPM_RC rval;
    TPM2B_NAME qualifiedName;
    TPM2B_PUBLIC public;
    TPM2B_NV_PUBLIC nvPublic;
    TSS2_SYS_CONTEXT *sysContext;
    UINT8 *namePtr = &( name->t.name[0] );
    
    // Initialize name to zero length in case of failure.
    qualifiedName.b.size = sizeof( TPM2B_NAME ) - 2;
    name->b.size = sizeof( TPM2B_NAME ) - 2;

    if( handle == ( TPM_HT_NO_HANDLE ) )
    {
        name->b.size = 0;
        rval = TPM_RC_SUCCESS;
    }
    else
    {
        switch( handle >> HR_SHIFT )
        {
            case TPM_HT_NV_INDEX:
                sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
                if( sysContext == 0 )
                    return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;

                nvPublic.t.size = 0;
                rval = Tss2_Sys_NV_ReadPublic( sysContext, handle, 0, &nvPublic, name, 0 );
                TeardownSysContext( &sysContext );
                break;  

            case TPM_HT_TRANSIENT:
            case TPM_HT_PERSISTENT:
                sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
                if( sysContext == 0 )
                    return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;

                public.t.size = 0;
				rval = Tss2_Sys_ReadPublic( sysContext, handle, 0, &public, name, &qualifiedName, 0 );
                TeardownSysContext( &sysContext );
                break;
                    
            default:
                rval = TPM_RC_SUCCESS;
                name->b.size = sizeof( TPM_HANDLE );
                *(TPM_HANDLE *)namePtr = CHANGE_ENDIAN_DWORD( handle );
        }
    }
Beispiel #3
0
//
// This function does a hash on an array of data strings.
//
UINT32 TpmHashSequence( TPMI_ALG_HASH hashAlg, UINT8 numBuffers, TPM2B_DIGEST *bufferList, TPM2B_DIGEST *result )
{
    UINT32 rval;
    TSS2_SYS_CONTEXT *sysContext;
    TPM2B_AUTH nullAuth;
    TPMI_DH_OBJECT sequenceHandle;
    int i;
    TPM2B emptyBuffer;
    TPMT_TK_HASHCHECK validation;

    TPMS_AUTH_COMMAND cmdAuth;
    TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
    TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };

    nullAuth.t.size = 0;
    emptyBuffer.size = 0;

    // Set result size to 0, in case any errors occur
    result->b.size = 0;

    // Init input sessions struct
    cmdAuth.sessionHandle = TPM_RS_PW;
    cmdAuth.nonce.t.size = 0;
    *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
    cmdAuth.hmac.t.size = 0;

    sysContext = InitSysContext( 3000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
        return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;

    rval = Tss2_Sys_HashSequenceStart( sysContext, 0, &nullAuth, hashAlg, &sequenceHandle, 0 );

    if( rval != TPM_RC_SUCCESS )
        return( rval );

    for( i = 0; i < numBuffers; i++ )
    {
        rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle, &cmdAuthArray, (TPM2B_MAX_BUFFER *)&bufferList[i], 0 );

        if( rval != TPM_RC_SUCCESS )
            return( rval );
    }

    INIT_SIMPLE_TPM2B_SIZE( *result );
    rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle, &cmdAuthArray, ( TPM2B_MAX_BUFFER *)&emptyBuffer,
            TPM_RH_PLATFORM, result, &validation, 0 );

    if( rval != TPM_RC_SUCCESS )
        return( rval );

    TeardownSysContext( &sysContext );

    return rval;

}
Beispiel #4
0
UINT32 LoadExternalHMACKey( TPMI_ALG_HASH hashAlg, TPM2B *key, TPM_HANDLE *keyHandle, TPM2B_NAME *keyName )
{
    TPM2B keyAuth;
    TPM2B_SENSITIVE inPrivate;
    TPM2B_PUBLIC inPublic;
    UINT32 rval;
    TSS2_SYS_CONTEXT *sysContext;
    
    keyAuth.size = 0;

    inPrivate.t.sensitiveArea.sensitiveType = TPM_ALG_KEYEDHASH;
    inPrivate.t.size = CopySizedByteBuffer( &(inPrivate.t.sensitiveArea.authValue.b), &keyAuth);
    inPrivate.t.sensitiveArea.seedValue.b.size = 0;
    inPrivate.t.size += CopySizedByteBuffer( &inPrivate.t.sensitiveArea.sensitive.bits.b, key);
    inPrivate.t.size += 2 * sizeof( UINT16 );

    inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
    inPublic.t.publicArea.nameAlg = TPM_ALG_NULL;
    *( UINT32 *)&( inPublic.t.publicArea.objectAttributes )= 0;
    inPublic.t.publicArea.objectAttributes.sign = 1;
    inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
    inPublic.t.publicArea.authPolicy.t.size = 0;
    inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
    inPublic.t.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = hashAlg;
    inPublic.t.publicArea.unique.keyedHash.t.size = 0;

    sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
    {
        TeardownSysContext( &sysContext );
        return TSS2_APP_ERROR_LEVEL + TPM_RC_FAILURE;
    }
    
    rval = Tss2_Sys_LoadExternal( sysContext, 0, &inPrivate, &inPublic, TPM_RH_NULL, keyHandle, keyName, 0 );

    TeardownSysContext( &sysContext );
    
    return rval;
}
Beispiel #5
0
UINT32 LoadSessionEncryptDecryptKey( TPMT_SYM_DEF *symmetric, TPM2B_MAX_BUFFER *key, TPM_HANDLE *keyHandle, TPM2B_NAME *keyName )
{
    TPM2B keyAuth;
    TPM2B_SENSITIVE inPrivate;
    TPM2B_PUBLIC inPublic;
    UINT32 rval;
    TSS2_SYS_CONTEXT *sysContext;
    
    keyAuth.size = 0;

    inPrivate.t.sensitiveArea.sensitiveType = TPM_ALG_SYMCIPHER;
    inPrivate.t.size = CopySizedByteBuffer( &(inPrivate.t.sensitiveArea.authValue.b), &keyAuth);
    inPrivate.t.sensitiveArea.seedValue.b.size = 0;
    inPrivate.t.size += CopySizedByteBuffer( &inPrivate.t.sensitiveArea.sensitive.bits.b, &key->b );
    inPrivate.t.size += 2 * sizeof( UINT16 );

    inPublic.t.publicArea.type = TPM_ALG_SYMCIPHER;
    inPublic.t.publicArea.nameAlg = TPM_ALG_NULL;
    *( UINT32 *)&( inPublic.t.publicArea.objectAttributes )= 0;
    inPublic.t.publicArea.objectAttributes.decrypt = 1;
    inPublic.t.publicArea.objectAttributes.sign = 1;
    inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
    inPublic.t.publicArea.authPolicy.t.size = 0;
    inPublic.t.publicArea.parameters.symDetail.sym.algorithm = symmetric->algorithm;
    inPublic.t.publicArea.parameters.symDetail.sym.keyBits = symmetric->keyBits;
    inPublic.t.publicArea.parameters.symDetail.sym.mode = symmetric->mode;
    inPublic.t.publicArea.unique.sym.t.size = 0;

    sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
    {
        return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;
    }

    keyName->t.size = sizeof( *keyName ) - 2;
    rval = Tss2_Sys_LoadExternal( sysContext, 0, &inPrivate, &inPublic, TPM_RH_NULL, keyHandle, keyName, 0 );

    TeardownSysContext( &sysContext );
    
    return rval;
}
Beispiel #6
0
//
// This function does a hash on a string of data.
//
UINT32 TpmHash( TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result )
{
    TPM_RC rval;
    TPM2B_MAX_BUFFER dataSizedBuffer;
    UINT16 i;
    TSS2_SYS_CONTEXT *sysContext;
    
    dataSizedBuffer.t.size = size;
    for( i = 0; i < size; i++ )
        dataSizedBuffer.t.buffer[i] = data[i];
    
    sysContext = InitSysContext( 3000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
        return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;
    
    rval = Tss2_Sys_Hash ( sysContext, 0, &dataSizedBuffer, hashAlg, TPM_RH_NULL, result, 0, 0);

    TeardownSysContext( &sysContext );
    
    return rval;
}
//
// This is a wrapper function around the TPM2_StartAuthSession command.
// It performs the command, calculates the session key, and updates a
// SESSION structure.
//
TPM_RC StartAuthSession( SESSION *session )
{
    TPM_RC rval;
    TPM2B_ENCRYPTED_SECRET key;
    char label[] = "ATH";
    TSS2_SYS_CONTEXT *tmpSysContext;
    UINT16 bytes;
    int i;
    
    key.t.size = 0;

    tmpSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
    if( tmpSysContext == 0 )
        return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;

    if( session->nonceOlder.t.size == 0 )
    {
        session->nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
        for( i = 0; i < session->nonceOlder.t.size; i++ )
            session->nonceOlder.t.buffer[i] = 0; 
    }

    session->nonceNewer.t.size = session->nonceOlder.t.size;
    rval = Tss2_Sys_StartAuthSession( tmpSysContext, session->tpmKey, session->bind, 0,
            &( session->nonceOlder ), &( session->encryptedSalt ), session->sessionType,
            &( session->symmetric ), session->authHash, &( session->sessionHandle ),
            &( session->nonceNewer ), 0 );

    if( rval == TPM_RC_SUCCESS )
    {
        if( session->tpmKey == TPM_RH_NULL )
            session->salt.t.size = 0;
        if( session->bind == TPM_RH_NULL )
            session->authValueBind.t.size = 0;

        if( session->tpmKey == TPM_RH_NULL && session->bind == TPM_RH_NULL )
        {
            session->sessionKey.b.size = 0;
        }
        else
        {
            // Generate the key used as input to the KDF.
            rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->authValueBind.b ) );
            if( rval != TPM_RC_SUCCESS )
            {
                TeardownSysContext( &tmpSysContext );
                return(  rval );
            }

            rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->salt.b ) );
            if( rval != TPM_RC_SUCCESS )
            {
                TeardownSysContext( &tmpSysContext );
                return( rval );
            }

            bytes = GetDigestSize( session->authHash );

            if( key.t.size == 0 )
            {
                session->sessionKey.t.size = 0;
            }
            else
            {
                rval = KDFa( session->authHash, &(key.b), label, &( session->nonceNewer.b ), 
                        &( session->nonceOlder.b ), bytes * 8, (TPM2B_MAX_BUFFER *)&( session->sessionKey ) );
            }

            if( rval != TPM_RC_SUCCESS )
            {
                TeardownSysContext( &tmpSysContext );
                return( TSS2_APP_RC_CREATE_SESSION_KEY_FAILED );
            }
        }

        session->nonceTpmDecrypt.b.size = 0;
        session->nonceTpmEncrypt.b.size = 0;
        session->nvNameChanged = 0;
    }

    TeardownSysContext( &tmpSysContext );

    return rval;
}
//
// This function does an HMAC on a null-terminated list of input buffers.
//
UINT32 TpmHmac( TPMI_ALG_HASH hashAlg, TPM2B *key, TPM2B **bufferList, TPM2B_DIGEST *result )
{
    TPM2B_AUTH nullAuth;
    TPMI_DH_OBJECT sequenceHandle;
    int i;
    TPM2B emptyBuffer;
    TPMT_TK_HASHCHECK validation;

    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_COMMAND sessionData;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TPM2B_AUTH hmac;
    TPM2B_NONCE nonce;

    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;

    UINT32 rval;
    TPM_HANDLE keyHandle;
    TPM2B_NAME keyName;
    
    TPM2B keyAuth;
    TSS2_SYS_CONTEXT *sysContext;

    sessionDataArray[0] = &sessionData;
    sessionDataOutArray[0] = &sessionDataOut;
    
    // Set result size to 0, in case any errors occur
    result->b.size = 0;
    
    keyAuth.size = 0;
    nullAuth.t.size = 0;

    rval = LoadExternalHMACKey( hashAlg, key, &keyHandle, &keyName );
    if( rval != TPM_RC_SUCCESS )
    {
        return( rval );
    }
    
    // Init input sessions struct
    sessionData.sessionHandle = TPM_RS_PW;
    nonce.t.size = 0;
    sessionData.nonce = nonce;
    CopySizedByteBuffer( &(hmac.b), &keyAuth );
    sessionData.hmac = hmac;
    *( (UINT8 *)((void *)&( sessionData.sessionAttributes ) ) ) = 0;
    sessionsData.cmdAuthsCount = 1;
    sessionsData.cmdAuths = &sessionDataArray[0];

    // Init sessions out struct
    sessionsDataOut.rspAuthsCount = 1;
    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    
    emptyBuffer.size = 0;

    sysContext = InitSysContext( 3000, resMgrTctiContext, &abiVersion );
    if( sysContext == 0 )
        return TSS2_APP_ERROR_LEVEL + TPM_RC_FAILURE;
    
    rval = Tss2_Sys_HMAC_Start( sysContext, keyHandle, &sessionsData, &nullAuth, hashAlg, &sequenceHandle, 0 );

    if( rval != TPM_RC_SUCCESS )
        return( rval );

    hmac.t.size = 0;
    sessionData.hmac = hmac;
    for( i = 0; bufferList[i] != 0; i++ )
    {
        rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle, &sessionsData, (TPM2B_MAX_BUFFER *)( bufferList[i] ), &sessionsDataOut );

        if( rval != TPM_RC_SUCCESS )
            return( rval );
    }

    result->t.size = sizeof( TPM2B_DIGEST ) - 2;
    rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle, &sessionsData, ( TPM2B_MAX_BUFFER *)&emptyBuffer,
            TPM_RH_PLATFORM, result, &validation, &sessionsDataOut );

    if( rval != TPM_RC_SUCCESS )
        return( rval );

    rval = Tss2_Sys_FlushContext( sysContext, keyHandle );

    TeardownSysContext( &sysContext );

    return rval;

}