github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/src/tpm2/tpm2_lib.h (about) 1 // 2 // Copyright 2015 Google Corporation, All Rights Reserved. 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // or in the the file LICENSE-2.0.txt in the top level sourcedirectory 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License 14 // 15 // Portions of this code were derived TPM2.0-TSS published 16 // by Intel under the license set forth in intel_license.txt 17 // and downloaded on or about August 6, 2015. 18 // File: tpm2_lib.h 19 20 #ifndef _TPM2_LIB_H__ 21 #define _TPM2_LIB_H__ 22 23 #include <tpm20.h> 24 #include <tpm2_types.h> 25 26 #include <string> 27 using std::string; 28 29 #define NBITSINBYTE 8 30 31 // General Utility functions 32 bool Equal(int size_in1, byte* in1, int size_in2, byte* in2); 33 void ReverseCpy(int size, byte* in, byte* out); 34 void PrintBytes(int n, byte* in); 35 void ChangeEndian16(const uint16_t* in, uint16_t* out); 36 void ChangeEndian32(const uint32_t* in, uint32_t* out); 37 void ChangeEndian64(const uint64_t* in, uint64_t* out); 38 void InitSinglePcrSelection(int pcrNum, TPM_ALG_ID alg, 39 TPML_PCR_SELECTION* pcrSelect); 40 void setPcrBit(int pcrNum, byte* array); 41 bool testPcrBit(int pcrNum, byte* array); 42 43 bool ReadFileIntoBlock(const string& filename, int* size, byte* block); 44 bool WriteFileFromBlock(const string& filename, int size, byte* block); 45 46 void PrintCapabilities(int size, byte* buf); 47 bool GetReadPublicOut(uint16_t size_in, byte* input, TPM2B_PUBLIC* outPublic); 48 bool MakeCredential(int size_endorsement_blob, byte* endorsement_cert_blob, 49 TPM_ALG_ID hash_alg_id, 50 TPM2B_DIGEST& unmarshaled_credential, 51 TPM2B_DIGEST& marshaled_credential, 52 TPM2B_NAME& unmarshaled_name, 53 TPM2B_NAME& marshaled_name, 54 int* size_encIdentity, byte* encIdentity, 55 TPM2B_ENCRYPTED_SECRET* unmarshaled_encrypted_secret, 56 TPM2B_ENCRYPTED_SECRET* marshaled_encrypted_secret, 57 TPM2B_DIGEST* unmarshaled_integrityHmac, 58 TPM2B_DIGEST* marshaled_integrityHmac); 59 bool EncryptDataWithCredential(bool encrypt_flag, TPM_ALG_ID hash_alg_id, 60 TPM2B_DIGEST unmarshaled_credential, 61 TPM2B_DIGEST marshaled_credential, 62 int size_input_data, byte* input_data, 63 int* size_hmac, byte* encrypted_data_hmac, 64 int* size_output_data, byte* output_data); 65 66 // Local Tpm interaction 67 class LocalTpm { 68 69 private: 70 int tpm_fd_; 71 72 public: 73 LocalTpm(); 74 ~LocalTpm(); 75 76 bool OpenTpm(const char* device); 77 void CloseTpm(); 78 bool SendCommand(int size, byte* command); 79 bool GetResponse(int* size, byte* response); 80 }; 81 82 // Helpers 83 int Tpm2_SetCommand(TPM_ST tag, uint32_t cmd, byte* buf, 84 int size_param, byte* params); 85 void Tpm2_IntepretResponse(int out_size, byte* out_buf, 86 int16_t* cap, uint32_t* responseSize, 87 uint32_t* responseCode); 88 int Tpm2_Set_OwnerAuthHandle(int size, byte* buf); 89 int Tpm2_Set_OwnerAuthData(int size, byte* buf); 90 91 TPM_HANDLE GetNvHandle(uint32_t slot); 92 93 94 bool FillTpmPcrData(LocalTpm& tpm, TPMS_PCR_SELECTION pcrSelection, 95 int* size, byte* buf); 96 bool ComputePcrDigest(TPM_ALG_ID hash, int size_in, byte* in_buf, 97 int* size_out, byte* out); 98 99 // TPM Commands 100 bool Tpm2_Startup(LocalTpm& tpm); 101 bool Tpm2_Shutdown(LocalTpm& tpm); 102 bool Tpm2_GetCapability(LocalTpm& tpm, uint32_t cap, uint32_t start, 103 int* size, byte* buf); 104 bool Tpm2_GetRandom(LocalTpm& tpm, int numBytes, byte* buf); 105 106 bool Tpm2_ReadClock(LocalTpm& tpm, uint64_t* current_time, 107 uint64_t* current_clock); 108 bool Tpm2_ReadPcrs(LocalTpm& tpm, TPML_PCR_SELECTION pcrSelect, 109 uint32_t* updateCounter, 110 TPML_PCR_SELECTION* pcrSelectOut, TPML_DIGEST* values); 111 bool Tpm2_ReadPcr(LocalTpm& tpm, int pcrNum, uint32_t* updateCounter, 112 TPML_PCR_SELECTION* pcrSelectOut, TPML_DIGEST* digest); 113 bool Tpm2_CreatePrimary(LocalTpm& tpm, TPM_HANDLE owner, string& authString, 114 TPML_PCR_SELECTION& pcr_selection, 115 TPM_ALG_ID enc_alg, TPM_ALG_ID int_alg, 116 TPMA_OBJECT& flags, TPM_ALG_ID sym_alg, 117 TPMI_AES_KEY_BITS sym_key_size, 118 TPMI_ALG_SYM_MODE sym_mode, TPM_ALG_ID sig_scheme, 119 int mod_size, uint32_t exp, 120 TPM_HANDLE* handle, TPM2B_PUBLIC* pub_out); 121 bool Tpm2_Load(LocalTpm& tpm, TPM_HANDLE parent_handle, string& parentAuth, 122 int size_public, byte* inPublic, 123 int size_private, byte* inPrivate, 124 TPM_HANDLE* new_handle, TPM2B_NAME* name); 125 bool Tpm2_Save(LocalTpm& tpm); 126 bool Tpm2_PolicyPassword(LocalTpm& tpm, TPM_HANDLE handle); 127 bool Tpm2_PCR_Event(LocalTpm& tpm, int pcr_num, 128 uint16_t size, byte* eventData); 129 bool Tpm2_PolicyGetDigest(LocalTpm& tpm, TPM_HANDLE handle, 130 TPM2B_DIGEST* digest_out); 131 bool Tpm2_StartAuthSession(LocalTpm& tpm, TPM_RH tpm_obj, TPM_RH bind_obj, 132 TPM2B_NONCE& initial_nonce, 133 TPM2B_ENCRYPTED_SECRET& salt, 134 TPM_SE session_type, TPMT_SYM_DEF& symmetric, 135 TPMI_ALG_HASH hash_alg, TPM_HANDLE* session_handle, 136 TPM2B_NONCE* nonce_obj); 137 bool Tpm2_PolicyPcr(LocalTpm& tpm, TPM_HANDLE session_handle, 138 TPM2B_DIGEST& expected_digest, TPML_PCR_SELECTION& pcr); 139 bool Tpm2_PolicySecret(LocalTpm& tpm, TPM_HANDLE handle, 140 TPM2B_DIGEST* policy_digest, 141 TPM2B_TIMEOUT* timeout, 142 TPMT_TK_AUTH* ticket); 143 144 bool Tpm2_CreateSealed(LocalTpm& tpm, TPM_HANDLE parent_handle, 145 int size_policy_digest, byte* policy_digest, 146 string& parentAuth, 147 int size_to_seal, byte* to_seal, 148 TPML_PCR_SELECTION& pcr_selection, 149 TPM_ALG_ID int_alg, 150 TPMA_OBJECT& flags, TPM_ALG_ID sym_alg, 151 TPMI_AES_KEY_BITS sym_key_size, 152 TPMI_ALG_SYM_MODE sym_mode, TPM_ALG_ID sig_scheme, 153 int mod_size, uint32_t exp, 154 int* size_public, byte* out_public, 155 int* size_private, byte* out_private, 156 TPM2B_CREATION_DATA* creation_out, 157 TPM2B_DIGEST* digest_out, 158 TPMT_TK_CREATION* creation_ticket); 159 bool Tpm2_CreateKey(LocalTpm& tpm, TPM_HANDLE parent_handle, 160 string& parentAuth, string& authString, 161 TPML_PCR_SELECTION& pcr_selection, 162 TPM_ALG_ID enc_alg, TPM_ALG_ID int_alg, 163 TPMA_OBJECT& flags, TPM_ALG_ID sym_alg, 164 TPMI_AES_KEY_BITS sym_key_size, 165 TPMI_ALG_SYM_MODE sym_mode, TPM_ALG_ID sig_scheme, 166 int mod_size, uint32_t exp, 167 int* size_public, byte* out_public, 168 int* size_private, byte* out_private, 169 TPM2B_CREATION_DATA* creation_out, 170 TPM2B_DIGEST* digest_out, TPMT_TK_CREATION* creation_ticket); 171 172 bool Tpm2_Unseal(LocalTpm& tpm, TPM_HANDLE item_handle, string& parentAuth, 173 TPM_HANDLE session_handle, TPM2B_NONCE& nonce, 174 byte session_attributes, TPM2B_DIGEST& hmac_digest, 175 int* out_size, byte* sealed); 176 bool Tpm2_Quote(LocalTpm& tpm, TPM_HANDLE signingHandle, string& parentAuth, 177 int quote_size, byte* toQuote, 178 TPMT_SIG_SCHEME scheme, TPML_PCR_SELECTION& pcr_selection, 179 TPM_ALG_ID sig_alg, TPM_ALG_ID hash_alg, 180 int* attest_size, byte* attest, int* sig_size, byte* sig); 181 bool Tpm2_LoadContext(LocalTpm& tpm, uint16_t size, byte* saveArea, 182 TPM_HANDLE* handle); 183 bool Tpm2_SaveContext(LocalTpm& tpm, TPM_HANDLE handle, uint16_t* size, 184 byte* saveArea); 185 bool Tpm2_FlushContext(LocalTpm& tpm, TPM_HANDLE handle); 186 187 bool Tpm2_IncrementNv(LocalTpm& tpm, TPMI_RH_NV_INDEX index, string& authString); 188 bool Tpm2_ReadNv(LocalTpm& tpm, TPMI_RH_NV_INDEX index, 189 string& authString, uint16_t* size, byte* data); 190 bool Tpm2_WriteNv(LocalTpm& tpm, TPMI_RH_NV_INDEX index, string& authString, 191 uint16_t size, byte* data); 192 bool Tpm2_DefineSpace(LocalTpm& tpm, TPM_HANDLE owner, TPMI_RH_NV_INDEX index, 193 string& authString, uint16_t authPolicySize, 194 byte* authPolicy, uint32_t attributes, uint16_t size_data); 195 bool Tpm2_UndefineSpace(LocalTpm& tpm, TPM_HANDLE owner, TPMI_RH_NV_INDEX index); 196 bool Tpm2_Flushall(LocalTpm& tpm, uint32_t start); 197 198 bool Tpm2_MakeCredential(LocalTpm& tpm, 199 TPM_HANDLE keyHandle, 200 TPM2B_DIGEST& credential, 201 TPM2B_NAME& objectName, 202 TPM2B_ID_OBJECT* credentialBlob, 203 TPM2B_ENCRYPTED_SECRET* secret); 204 bool Tpm2_ActivateCredential(LocalTpm& tpm, 205 TPM_HANDLE activeHandle, 206 TPM_HANDLE keyHandle, 207 string& activeAuth, string& keyAuth, 208 TPM2B_ID_OBJECT& credentialBlob, 209 TPM2B_ENCRYPTED_SECRET& secret, 210 TPM2B_DIGEST* certInfo); 211 bool Tpm2_Certify(LocalTpm& tpm, TPM_HANDLE signedKey, TPM_HANDLE signingKey, 212 string& auth_signed_key, string& auth_signing_key, 213 TPM2B_DATA& qualifyingData, 214 TPM2B_ATTEST* attest, TPMT_SIGNATURE* sig); 215 bool Tpm2_ReadPublic(LocalTpm& tpm, TPM_HANDLE handle, 216 uint16_t* pub_blob_size, byte* pub_blob, 217 TPM2B_PUBLIC* outPublic, 218 TPM2B_NAME* name, TPM2B_NAME* qualifiedName); 219 220 bool Tpm2_Rsa_Encrypt(LocalTpm& tpm, TPM_HANDLE handle, string& authString, 221 TPM2B_PUBLIC_KEY_RSA& in, TPMT_RSA_DECRYPT& scheme, 222 TPM2B_DATA& label, TPM2B_PUBLIC_KEY_RSA* out); 223 bool Tpm2_EvictControl(LocalTpm& tpm, TPMI_RH_PROVISION owner, TPM_HANDLE handle, 224 string& authString, 225 TPMI_DH_PERSISTENT persistantHandle); 226 227 bool Tpm2_DictionaryAttackLockReset(LocalTpm& tpm); 228 229 #define NV_PLATFORMCREATE 0x40000000 230 #define NV_AUTHWRITE 0x00000004 231 #define NV_COUNTER 0x00000010 232 #define NV_EXTEND 0x00000040 233 #define NV_POLICY_DELETE 0x00000400 234 #define NV_AUTHREAD 0x00040000 235 #define NV_WRITTEN 0x20000000 236 237 #define CONTINUESESSION 0x01 238 239 class ProtectedSessionAuthInfo { 240 public: 241 TPMI_ALG_HASH hash_alg_; 242 TPM2B_NONCE oldNonce_; 243 TPM2B_NONCE newNonce_; 244 TPM_HANDLE sessionHandle_; 245 TPM_HANDLE protectedHandle_; 246 uint32_t protectedAttributes_; 247 uint16_t protectedSize_; 248 TPM2B_NAME nameProtected_; 249 TPM2B_DIGEST targetAuthValue_; 250 byte tpmSessionAttributes_; 251 int sessionKeySize_; 252 byte sessionKey_[64]; 253 }; 254 255 bool CalculateNvName(ProtectedSessionAuthInfo& in, TPM_HANDLE nv_handle, 256 uint16_t nv_hash_alg, uint32_t nv_attributes, 257 uint16_t data_size, bool wasWritten, byte* out); 258 bool CalculateSessionKey(ProtectedSessionAuthInfo& in, TPM2B_DIGEST& rawSalt); 259 bool CalculateSessionHmac(ProtectedSessionAuthInfo& in, bool dir, uint32_t cmd, 260 int size_parms, byte* parms, int* size_hmac, byte* hmac); 261 void RollNonces(ProtectedSessionAuthInfo& in, TPM2B_NONCE& newNonce); 262 bool Tpm2_StartProtectedAuthSession(LocalTpm& tpm, TPM_RH tpm_obj, TPM_RH bind_obj, 263 ProtectedSessionAuthInfo& authInfo, 264 TPM2B_ENCRYPTED_SECRET& salt, 265 TPM_SE session_type, TPMT_SYM_DEF& symmetric, 266 TPMI_ALG_HASH hash_alg, TPM_HANDLE* session_handle); 267 bool Tpm2_IncrementProtectedNv(LocalTpm& tpm, TPMI_RH_NV_INDEX index, 268 ProtectedSessionAuthInfo& authInfo); 269 bool Tpm2_ReadProtectedNv(LocalTpm& tpm, TPMI_RH_NV_INDEX index, 270 ProtectedSessionAuthInfo& authInfo, uint16_t* size, byte* data); 271 bool Tpm2_DefineProtectedSpace(LocalTpm& tpm, TPM_HANDLE owner, TPMI_RH_NV_INDEX index, 272 ProtectedSessionAuthInfo& authInfo, uint32_t attributes, 273 uint16_t size_data); 274 #endif 275