vtsp.c

xen虚拟机源代码安装包

// ===================================================================
// 
// Copyright (c) 2005, Intel Corp.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without 
// modification, are permitted provided that the following conditions 
// are met:
//
//   * Redistributions of source code must retain the above copyright 
//     notice, this list of conditions and the following disclaimer.
//   * Redistributions in binary form must reproduce the above 
//     copyright notice, this list of conditions and the following 
//     disclaimer in the documentation and/or other materials provided 
//     with the distribution.
//   * Neither the name of Intel Corporation nor the names of its 
//     contributors may be used to endorse or promote products derived
//     from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
// OF THE POSSIBILITY OF SUCH DAMAGE.
// ===================================================================
// 
// vtsp.c
// 
//  Higher level interface to TCS for use in service.
//
// ==================================================================

#include <string.h>
#include "tcg.h"
#include "tcs.h"
#include "bsg.h"
#include "log.h"
#include "crypto.h"
#include "vtsp.h"
#include "buffer.h"

#define  RSA_KEY_SIZE 0x0800

/***********************************************************************************
 * GenerateAuth: Generate authorization info to be sent back to application
 *
 * Parameters: outParamDigestText  The concatenation of output parameters to be SHA1ed
 *    outParamDigestTextSize Size of inParamDigestText
 *    HMACkey     Key to be used for HMACing
 *          For OIAP use key.authUsage or PersistStore.ownerAuth
 *          For OSAP use shared secret
 *    pAuth     Authorization information from the application
 *
 * Return:  TPM_SUCCESS   Authorization data created
 *    TPM_AUTHFAIL   Invalid (NULL) HMACkey presented for OSAP
 *************************************************************************************/
TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText,
			 /*[IN]*/ UINT32 inParamDigestTextSize,
			 /*[IN]*/ const TPM_SECRET *HMACkey,  
			 /*[IN,OUT]*/ TCS_AUTH *auth) {
    
  if (inParamDigestText == NULL || auth == NULL) 
    return (TPM_AUTHFAIL);
  else {
    
    //Generate new OddNonce
    Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE));
    
    // Create SHA1 inParamDigest
    TPM_DIGEST inParamDigest;
    Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) &inParamDigest);
    
    // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
    BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
    
    BSG_PackList(   hmacText, 4, 
		    BSG_TPM_DIGEST, &inParamDigest,
		    BSG_TPM_NONCE, &(auth->NonceEven),
		    BSG_TPM_NONCE, &(auth->NonceOdd), 
		    BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
    
    Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC));
    
    return(TPM_SUCCESS);
    
  }
}

/***********************************************************************************
 * VerifyAuth: Verify the authdata for a command requiring authorization
 *
 * Parameters: inParamDigestText  The concatenation of parameters to be SHA1ed
 *    inParamDigestTextSize Size of inParamDigestText
 *    authDataUsage   AuthDataUsage for the Entity being used
 *          Key->authDataUsage or TPM_AUTH_OWNER
 *    HMACkey     Key to be used for HMACing
 *          For OIAP use key.authUsage or PersistStore.ownerAuth
 *          For OSAP use NULL (It will be aquired from the Auth Session)
 *          If unknown (default), assume OIAP
 *    sessionAuth    A TCS_AUTH info for the session
 *    pAuth     Authorization information from the application
 *              hContext        If specified, on failed Auth, VerifyAuth will
 *                                      generate a new OIAP session in place of themselves
 *                                      destroyed session.
 *
 * Return:  TPM_SUCCESS   Authorization Verified
 *    TPM_AUTHFAIL   Authorization Failed
 *    TPM_FAIL    Failure during SHA1 routines
 *************************************************************************************/
TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText,
		       /*[IN]*/ UINT32 outParamDigestTextSize,
		       /*[IN]*/ const TPM_SECRET *HMACkey,  
		       /*[IN,OUT]*/ TCS_AUTH *auth,
		       /*[IN]*/  TCS_CONTEXT_HANDLE hContext) {
  if (outParamDigestText == NULL || auth == NULL) 
    return (TPM_AUTHFAIL);
  
  
  // Create SHA1 inParamDigest
  TPM_DIGEST outParamDigest;
  Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) &outParamDigest);
  
  // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
  TPM_DIGEST hm;
  BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
  
  BSG_PackList(   hmacText, 4, 
		  BSG_TPM_DIGEST, &outParamDigest,
		  BSG_TPM_NONCE, &(auth->NonceEven),
		  BSG_TPM_NONCE, &(auth->NonceOdd), 
		  BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
  
  Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText),
	      (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm);
    
  // Compare correct HMAC with provided one.
  if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) { // 0 indicates equality
    if (!auth->fContinueAuthSession) 
      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM by fContinue=0.\n", auth->AuthHandle);
    
    return (TPM_SUCCESS);
  } else {
    // If specified, reconnect the OIAP session.
    // NOTE: This only works for TCS's that never have a 0 context. 
    if (hContext) {
      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM due to failure.\n", auth->AuthHandle);
      VTSP_OIAP( hContext, auth);
    }
    return (TPM_AUTHFAIL);
  }
}

TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext,
		     TCS_AUTH *auth) {
  
  vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n");
  TPM_RESULT status = TPM_SUCCESS;                           
  TPMTRYRETURN( TCSP_OIAP(hContext,
			  &auth->AuthHandle,
			  &auth->NonceEven) );

  memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
  auth->fContinueAuthSession = FALSE;

  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OIAP.\n", auth->AuthHandle);
  goto egress;
  
 abort_egress:
  
 egress:
  
  return status;
}

TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext,
		     const TPM_ENTITY_TYPE entityType,
		     const UINT32 entityValue,
		     const TPM_AUTHDATA *usageAuth,
		     TPM_SECRET *sharedSecret, 
		     TCS_AUTH *auth) {
  
  vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n");
  TPM_RESULT status = TPM_SUCCESS;
  TPM_NONCE nonceEvenOSAP, nonceOddOSAP;
  
  Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); 
  
  TPMTRYRETURN( TCSP_OSAP(    hContext,
			      entityType,
			      entityValue, 
			      nonceOddOSAP,
			      &auth->AuthHandle, 
			      &auth->NonceEven, 
			      &nonceEvenOSAP) );
  
  // Calculating Session Secret
  BYTE sharedSecretText[TPM_DIGEST_SIZE * 2];
  
  BSG_PackList(  sharedSecretText, 2,
		 BSG_TPM_NONCE, &nonceEvenOSAP,
		 BSG_TPM_NONCE, &nonceOddOSAP);
  
  Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, TPM_DIGEST_SIZE, (BYTE *) sharedSecret);       

  memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
  auth->fContinueAuthSession = FALSE;
   
  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OSAP.\n", auth->AuthHandle);

  goto egress;
  
 abort_egress:
  
 egress:
  
  return status;
}


TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext,
                                const TCS_AUTH *auth) {

  vtpmloginfo(VTPM_LOG_VTSP, "Terminate Handle.\n");
  TPM_RESULT status = TPM_SUCCESS;
  TPMTRYRETURN( TCSP_TerminateHandle(hContext, auth->AuthHandle) );

  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM_TerminateHandle.\n", auth->AuthHandle);
  goto egress;

 abort_egress:

 egress:

  return status;
}


TPM_RESULT VTSP_ReadPubek(   const TCS_CONTEXT_HANDLE hContext,
                             CRYPTO_INFO *crypto_info) {
  
  TPM_RESULT status;
  TPM_NONCE antiReplay;
  TPM_DIGEST   checksum;
  BYTE *pubEKtext;
  UINT32 pubEKtextsize;
  
  vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n");
  
  // GenerateAuth new nonceOdd    
  Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) );
  
  
  TPMTRYRETURN( TCSP_ReadPubek(  hContext,
				 antiReplay,
				 &pubEKtextsize,
				 &pubEKtext,
				 &checksum) );
  
  
  // Extract the remaining output parameters
  TPM_PUBKEY pubEK;
  
  BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK);
  
  // Build CryptoInfo for the bindingKey
  TPM_RSA_KEY_PARMS rsaKeyParms;
  
  BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 
	     pubEK.algorithmParms.parms, 
	     &rsaKeyParms);
  
  Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 
				  rsaKeyParms.exponent, 
				  pubEK.pubKey.keyLength, 
				  pubEK.pubKey.key, 
				  crypto_info);
    
  // Destroy rsaKeyParms
  BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms);

  // Set encryption scheme
  crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
  //crypto_info->encScheme = pubEK.algorithmParms.encScheme;
  crypto_info->algorithmID = pubEK.algorithmParms.algorithmID;
  
  goto egress;
  
 abort_egress:
  
 egress:
  
  return status;
}

TPM_RESULT VTSP_TakeOwnership(   const TCS_CONTEXT_HANDLE hContext,
                                 const TPM_AUTHDATA *ownerAuth, 
                                 const TPM_AUTHDATA *srkAuth,
                                 CRYPTO_INFO *ek_cryptoInfo,
                                 TCS_AUTH *auth) {
  
  vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n");
  
  TPM_RESULT status = TPM_SUCCESS;
  TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership;
  TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER;
  BYTE *new_srk;
  
  BYTE *paramText;        // Digest to make Auth.
  UINT32 paramTextSize;
  
  // vars for srkpubkey parameter
  TPM_KEY srkPub;
  TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, TPM_SS_NONE, 12, 0};
  BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00,   0x00, 0x00, 0x00, 0x02,   0x00, 0x00, 0x00, 0x00};
  srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo;
  
  struct pack_buf_t srkText;
  
  //These values are accurate for an enc(AuthData).
  struct pack_buf_t encOwnerAuth, encSrkAuth;
  
  encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
  encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
  
  if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) {
    vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n");
    status = TPM_RESOURCES;
    goto abort_egress;
  }
  
  Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, &encOwnerAuth.size, encOwnerAuth.data);
  Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, &encSrkAuth.size, encSrkAuth.data);
  
  
  // Build srk public key struct
  srkPub.ver = TPM_STRUCT_VER_1_1;
  srkPub.keyUsage = TPM_KEY_STORAGE;
  srkPub.keyFlags = 0x00;
  srkPub.authDataUsage = TPM_AUTH_ALWAYS;
  memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS));
  srkPub.PCRInfoSize = 0;