[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH VTPM v9 1/8] add vtpm-stubdom code
Add the code base for vtpm-stubdom to the stubdom heirarchy. Makefile changes in later patch. Signed-off-by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- stubdom/vtpm/Makefile | 37 +++++ stubdom/vtpm/minios.cfg | 14 ++ stubdom/vtpm/vtpm.c | 404 ++++++++++++++++++++++++++++++++++++++++++++++ stubdom/vtpm/vtpm.h | 36 +++++ stubdom/vtpm/vtpm_cmd.c | 256 +++++++++++++++++++++++++++++ stubdom/vtpm/vtpm_cmd.h | 31 ++++ stubdom/vtpm/vtpm_pcrs.c | 43 +++++ stubdom/vtpm/vtpm_pcrs.h | 53 ++++++ stubdom/vtpm/vtpmblk.c | 307 +++++++++++++++++++++++++++++++++++ stubdom/vtpm/vtpmblk.h | 31 ++++ 10 files changed, 1212 insertions(+) create mode 100644 stubdom/vtpm/Makefile create mode 100644 stubdom/vtpm/minios.cfg create mode 100644 stubdom/vtpm/vtpm.c create mode 100644 stubdom/vtpm/vtpm.h create mode 100644 stubdom/vtpm/vtpm_cmd.c create mode 100644 stubdom/vtpm/vtpm_cmd.h create mode 100644 stubdom/vtpm/vtpm_pcrs.c create mode 100644 stubdom/vtpm/vtpm_pcrs.h create mode 100644 stubdom/vtpm/vtpmblk.c create mode 100644 stubdom/vtpm/vtpmblk.h diff --git a/stubdom/vtpm/Makefile b/stubdom/vtpm/Makefile new file mode 100644 index 0000000..686c0ea --- /dev/null +++ b/stubdom/vtpm/Makefile @@ -0,0 +1,37 @@ +# Copyright (c) 2010-2012 United States Government, as represented by +# the Secretary of Defense. All rights reserved. +# +# THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT +# ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES +# INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS +# FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY +# DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE +# SOFTWARE. +# + +XEN_ROOT=../.. + +PSSL_DIR=../polarssl-$(XEN_TARGET_ARCH)/library +PSSL_OBJS=aes.o sha1.o entropy.o ctr_drbg.o sha4.o + +TARGET=vtpm.a +OBJS=vtpm.o vtpm_cmd.o vtpmblk.o vtpm_pcrs.o + + +CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/build +CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/tpm +CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/crypto +CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH) + +$(TARGET): $(OBJS) + ar -cr $@ $(OBJS) $(TPMEMU_OBJS) $(foreach obj,$(PSSL_OBJS),$(PSSL_DIR)/$(obj)) + +$(OBJS): vtpm_manager.h + +vtpm_manager.h: + ln -s ../vtpmmgr/vtpm_manager.h vtpm_manager.h + +clean: + -rm $(TARGET) $(OBJS) vtpm_manager.h + +.PHONY: clean diff --git a/stubdom/vtpm/minios.cfg b/stubdom/vtpm/minios.cfg new file mode 100644 index 0000000..31652ee --- /dev/null +++ b/stubdom/vtpm/minios.cfg @@ -0,0 +1,14 @@ +CONFIG_TPMFRONT=y +CONFIG_TPM_TIS=n +CONFIG_TPMBACK=y +CONFIG_START_NETWORK=n +CONFIG_TEST=n +CONFIG_PCIFRONT=n +CONFIG_BLKFRONT=y +CONFIG_NETFRONT=n +CONFIG_FBFRONT=n +CONFIG_KBDFRONT=n +CONFIG_CONSFRONT=n +CONFIG_XENBUS=y +CONFIG_LWIP=n +CONFIG_XC=n diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c new file mode 100644 index 0000000..71aef78 --- /dev/null +++ b/stubdom/vtpm/vtpm.c @@ -0,0 +1,404 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#include <stdio.h> +#include <stdint.h> +#include <inttypes.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <syslog.h> +#include <stdbool.h> +#include <errno.h> +#include <sys/time.h> +#include <xen/xen.h> +#include <tpmback.h> +#include <tpmfront.h> + +#include <polarssl/entropy.h> +#include <polarssl/ctr_drbg.h> + +#include "tpm/tpm_emulator_extern.h" +#include "tpm/tpm_marshalling.h" +#include "vtpm.h" +#include "vtpm_cmd.h" +#include "vtpm_pcrs.h" +#include "vtpmblk.h" + +#define TPM_LOG_INFO LOG_INFO +#define TPM_LOG_ERROR LOG_ERR +#define TPM_LOG_DEBUG LOG_DEBUG + +/* Global commandline options - default values */ +struct Opt_args opt_args = { + .startup = ST_CLEAR, + .loglevel = TPM_LOG_INFO, + .hwinitpcrs = VTPM_PCRNONE, + .tpmconf = 0, + .enable_maint_cmds = false, +}; + +static uint32_t badords[32]; +static unsigned int n_badords = 0; + +entropy_context entropy; +ctr_drbg_context ctr_drbg; + +struct tpmfront_dev* tpmfront_dev; + +void vtpm_get_extern_random_bytes(void *buf, size_t nbytes) +{ + ctr_drbg_random(&ctr_drbg, buf, nbytes); +} + +int vtpm_read_from_file(uint8_t **data, size_t *data_length) { + return read_vtpmblk(tpmfront_dev, data, data_length); +} + +int vtpm_write_to_file(uint8_t *data, size_t data_length) { + return write_vtpmblk(tpmfront_dev, data, data_length); +} + +int vtpm_extern_init_fake(void) { + return 0; +} + +void vtpm_extern_release_fake(void) { +} + + +void vtpm_log(int priority, const char *fmt, ...) +{ + if(opt_args.loglevel >= priority) { + va_list v; + va_start(v, fmt); + vprintf(fmt, v); + va_end(v); + } +} + +static uint64_t vtpm_get_ticks(void) +{ + static uint64_t old_t = 0; + uint64_t new_t, res_t; + struct timeval tv; + gettimeofday(&tv, NULL); + new_t = (uint64_t)tv.tv_sec * 1000000 + (uint64_t)tv.tv_usec; + res_t = (old_t > 0) ? new_t - old_t : 0; + old_t = new_t; + return res_t; +} + + +static int tpm_entropy_source(void* dummy, unsigned char* data, size_t len, size_t* olen) { + UINT32 sz = len; + TPM_RESULT rc = VTPM_GetRandom(tpmfront_dev, data, &sz); + *olen = sz; + return rc == TPM_SUCCESS ? 0 : POLARSSL_ERR_ENTROPY_SOURCE_FAILED; +} + +int init_random(void) { + /* Initialize the rng */ + entropy_init(&entropy); + entropy_add_source(&entropy, tpm_entropy_source, NULL, 0); + entropy_gather(&entropy); + ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, NULL, 0); + ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF ); + + return 0; +} + +int check_ordinal(tpmcmd_t* tpmcmd) { + TPM_COMMAND_CODE ord; + UINT32 len = 4; + BYTE* ptr; + unsigned int i; + + if(tpmcmd->req_len < 10) { + return true; + } + + ptr = tpmcmd->req + 6; + tpm_unmarshal_UINT32(&ptr, &len, &ord); + + for(i = 0; i < n_badords; ++i) { + if(ord == badords[i]) { + error("Disabled command ordinal (%" PRIu32") requested!\n"); + return false; + } + } + return true; +} + +static void main_loop(void) { + tpmcmd_t* tpmcmd = NULL; + domid_t domid; /* Domid of frontend */ + unsigned int handle; /* handle of frontend */ + int res = -1; + + info("VTPM Initializing\n"); + + /* Set required tpm config args */ + opt_args.tpmconf |= TPM_CONF_STRONG_PERSISTENCE; + opt_args.tpmconf &= ~TPM_CONF_USE_INTERNAL_PRNG; + opt_args.tpmconf |= TPM_CONF_GENERATE_EK; + opt_args.tpmconf |= TPM_CONF_GENERATE_SEED_DAA; + + /* Initialize the emulator */ + tpm_emulator_init(opt_args.startup, opt_args.tpmconf); + + /* Initialize any requested PCRs with hardware TPM values */ + if(vtpm_initialize_hw_pcrs(tpmfront_dev, opt_args.hwinitpcrs) != TPM_SUCCESS) { + error("Failed to initialize PCRs with hardware TPM values"); + goto abort_postpcrs; + } + + /* Wait for the frontend domain to connect */ + info("Waiting for frontend domain to connect.."); + if(tpmback_wait_for_frontend_connect(&domid, &handle) == 0) { + info("VTPM attached to Frontend %u/%u", (unsigned int) domid, handle); + } else { + error("Unable to attach to a frontend"); + } + + tpmcmd = tpmback_req(domid, handle); + while(tpmcmd) { + /* Handle the request */ + if(tpmcmd->req_len) { + tpmcmd->resp = NULL; + tpmcmd->resp_len = 0; + + /* First check for disabled ordinals */ + if(!check_ordinal(tpmcmd)) { + create_error_response(tpmcmd, TPM_BAD_ORDINAL); + } + /* If not disabled, do the command */ + else { + if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len, &tpmcmd->resp, &tpmcmd->resp_len)) != 0) { + error("tpm_handle_command() failed"); + create_error_response(tpmcmd, TPM_FAIL); + } + } + } + + /* Send the response */ + tpmback_resp(tpmcmd); + + /* Wait for the next request */ + tpmcmd = tpmback_req(domid, handle); + + } + +abort_postpcrs: + info("VTPM Shutting down\n"); + + tpm_emulator_shutdown(); +} + +int parse_cmd_line(int argc, char** argv) +{ + char sval[25]; + char* logstr = NULL; + /* Parse the command strings */ + for(unsigned int i = 1; i < argc; ++i) { + if (sscanf(argv[i], "loglevel=%25s", sval) == 1){ + if (!strcmp(sval, "debug")) { + opt_args.loglevel = TPM_LOG_DEBUG; + logstr = "debug"; + } + else if (!strcmp(sval, "info")) { + logstr = "info"; + opt_args.loglevel = TPM_LOG_INFO; + } + else if (!strcmp(sval, "error")) { + logstr = "error"; + opt_args.loglevel = TPM_LOG_ERROR; + } + } + else if (!strcmp(argv[i], "clear")) { + opt_args.startup = ST_CLEAR; + } + else if (!strcmp(argv[i], "save")) { + opt_args.startup = ST_SAVE; + } + else if (!strcmp(argv[i], "deactivated")) { + opt_args.startup = ST_DEACTIVATED; + } + else if (!strncmp(argv[i], "maintcmds=", 10)) { + if(!strcmp(argv[i] + 10, "1")) { + opt_args.enable_maint_cmds = true; + } else if(!strcmp(argv[i] + 10, "0")) { + opt_args.enable_maint_cmds = false; + } + } + else if(!strncmp(argv[i], "hwinitpcr=", 10)) { + char *pch = argv[i] + 10; + unsigned int v1, v2; + pch = strtok(pch, ","); + while(pch != NULL) { + if(!strcmp(pch, "all")) { + //Set all + opt_args.hwinitpcrs = VTPM_PCRALL; + } else if(!strcmp(pch, "none")) { + //Set none + opt_args.hwinitpcrs = VTPM_PCRNONE; + } else if(sscanf(pch, "%u", &v1) == 1) { + //Set one + if(v1 >= TPM_NUM_PCR) { + error("hwinitpcr error: Invalid PCR index %u", v1); + return -1; + } + opt_args.hwinitpcrs |= (1 << v1); + } else if(sscanf(pch, "%u-%u", &v1, &v2) == 2) { + //Set range + if(v1 >= TPM_NUM_PCR) { + error("hwinitpcr error: Invalid PCR index %u", v1); + return -1; + } + if(v2 >= TPM_NUM_PCR) { + error("hwinitpcr error: Invalid PCR index %u", v1); + return -1; + } + if(v2 < v1) { + unsigned tp = v1; + v1 = v2; + v2 = tp; + } + for(unsigned int i = v1; i <= v2; ++i) { + opt_args.hwinitpcrs |= (1 << i); + } + } else { + error("hwintipcr error: Invalid PCR specification : %s", pch); + return -1; + } + pch = strtok(NULL, ","); + } + } + else { + error("Invalid command line option `%s'", argv[i]); + } + + } + + /* Check Errors and print results */ + switch(opt_args.startup) { + case ST_CLEAR: + info("Startup mode is `clear'"); + break; + case ST_SAVE: + info("Startup mode is `save'"); + break; + case ST_DEACTIVATED: + info("Startup mode is `deactivated'"); + break; + default: + error("Invalid startup mode %d", opt_args.startup); + return -1; + } + + if(opt_args.hwinitpcrs & (VTPM_PCRALL)) + { + char pcrstr[1024]; + char* ptr = pcrstr; + + pcrstr[0] = '\0'; + info("The following PCRs will be initialized with values from the hardware TPM:"); + for(unsigned int i = 0; i < TPM_NUM_PCR; ++i) { + if(opt_args.hwinitpcrs & (1 << i)) { + ptr += sprintf(ptr, "%u, ", i); + } + } + /* get rid of the last comma if any numbers were printed */ + *(ptr -2) = '\0'; + + info("\t%s", pcrstr); + } else { + info("All PCRs initialized to default values"); + } + + if(!opt_args.enable_maint_cmds) { + info("TPM Maintenance Commands disabled"); + badords[n_badords++] = TPM_ORD_CreateMaintenanceArchive; + badords[n_badords++] = TPM_ORD_LoadMaintenanceArchive; + badords[n_badords++] = TPM_ORD_KillMaintenanceFeature; + badords[n_badords++] = TPM_ORD_LoadManuMaintPub; + badords[n_badords++] = TPM_ORD_ReadManuMaintPub; + } else { + info("TPM Maintenance Commands enabled"); + } + + info("Log level set to %s", logstr); + + return 0; +} + +void cleanup_opt_args(void) { +} + +int main(int argc, char **argv) +{ + //FIXME: initializing blkfront without this sleep causes the domain to crash on boot + sleep(2); + + /* Setup extern function pointers */ + tpm_extern_init = vtpm_extern_init_fake; + tpm_extern_release = vtpm_extern_release_fake; + tpm_malloc = malloc; + tpm_free = free; + tpm_log = vtpm_log; + tpm_get_ticks = vtpm_get_ticks; + tpm_get_extern_random_bytes = vtpm_get_extern_random_bytes; + tpm_write_to_storage = vtpm_write_to_file; + tpm_read_from_storage = vtpm_read_from_file; + + info("starting TPM Emulator (1.2.%d.%d-%d)", VERSION_MAJOR, VERSION_MINOR, VERSION_BUILD); + if(parse_cmd_line(argc, argv)) { + error("Error parsing commandline\n"); + return -1; + } + + /* Initialize devices */ + init_tpmback(); + if((tpmfront_dev = init_tpmfront(NULL)) == NULL) { + error("Unable to initialize tpmfront device"); + goto abort_posttpmfront; + } + + /* Seed the RNG with entropy from hardware TPM */ + if(init_random()) { + error("Unable to initialize RNG"); + goto abort_postrng; + } + + /* Initialize blkfront device */ + if(init_vtpmblk(tpmfront_dev)) { + error("Unable to initialize Blkfront persistent storage"); + goto abort_postvtpmblk; + } + + /* Run main loop */ + main_loop(); + + /* Shutdown blkfront */ + shutdown_vtpmblk(); +abort_postvtpmblk: +abort_postrng: + + /* Close devices */ + shutdown_tpmfront(tpmfront_dev); +abort_posttpmfront: + shutdown_tpmback(); + + cleanup_opt_args(); + + return 0; +} diff --git a/stubdom/vtpm/vtpm.h b/stubdom/vtpm/vtpm.h new file mode 100644 index 0000000..5919e44 --- /dev/null +++ b/stubdom/vtpm/vtpm.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#ifndef VTPM_H +#define VTPM_H + +#include <stdbool.h> + +/* For testing */ +#define VERS_CMD "\x00\xC1\x00\x00\x00\x16\x00\x00\x00\x65\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x01\x03" +#define VERS_CMD_LEN 22 + +/* Global commandline options */ +struct Opt_args { + enum StartUp { + ST_CLEAR = 1, + ST_SAVE = 2, + ST_DEACTIVATED = 3 + } startup; + unsigned long hwinitpcrs; + int loglevel; + uint32_t tpmconf; + bool enable_maint_cmds; +}; +extern struct Opt_args opt_args; + +#endif diff --git a/stubdom/vtpm/vtpm_cmd.c b/stubdom/vtpm/vtpm_cmd.c new file mode 100644 index 0000000..7eae98b --- /dev/null +++ b/stubdom/vtpm/vtpm_cmd.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#include <types.h> +#include <xen/xen.h> +#include <mm.h> +#include <gnttab.h> +#include "tpm/tpm_marshalling.h" +#include "vtpm_manager.h" +#include "vtpm_cmd.h" +#include <tpmback.h> + +#define TRYFAILGOTO(C) \ + if((C)) { \ + status = TPM_FAIL; \ + goto abort_egress; \ + } +#define TRYFAILGOTOMSG(C, msg) \ + if((C)) { \ + status = TPM_FAIL; \ + error(msg); \ + goto abort_egress; \ + } +#define CHECKSTATUSGOTO(ret, fname) \ + if((ret) != TPM_SUCCESS) { \ + error("%s failed with error code (%lu)", fname, (unsigned long) ret); \ + status = ord; \ + goto abort_egress; \ + } + +#define ERR_MALFORMED "Malformed response from backend" +#define ERR_TPMFRONT "Error sending command through frontend device" + +struct shpage { + void* page; + grant_ref_t grantref; +}; + +typedef struct shpage shpage_t; + +static inline int pack_header(uint8_t** bptr, UINT32* len, TPM_TAG tag, UINT32 size, TPM_COMMAND_CODE ord) +{ + return *bptr == NULL || + tpm_marshal_UINT16(bptr, len, tag) || + tpm_marshal_UINT32(bptr, len, size) || + tpm_marshal_UINT32(bptr, len, ord); +} + +static inline int unpack_header(uint8_t** bptr, UINT32* len, TPM_TAG* tag, UINT32* size, TPM_COMMAND_CODE* ord) +{ + return *bptr == NULL || + tpm_unmarshal_UINT16(bptr, len, tag) || + tpm_unmarshal_UINT32(bptr, len, size) || + tpm_unmarshal_UINT32(bptr, len, ord); +} + +int create_error_response(tpmcmd_t* tpmcmd, TPM_RESULT errorcode) +{ + TPM_TAG tag; + UINT32 len = tpmcmd->req_len; + uint8_t* respptr; + uint8_t* cmdptr = tpmcmd->req; + + if(!tpm_unmarshal_UINT16(&cmdptr, &len, &tag)) { + switch (tag) { + case TPM_TAG_RQU_COMMAND: + tag = TPM_TAG_RSP_COMMAND; + break; + case TPM_TAG_RQU_AUTH1_COMMAND: + tag = TPM_TAG_RQU_AUTH2_COMMAND; + break; + case TPM_TAG_RQU_AUTH2_COMMAND: + tag = TPM_TAG_RQU_AUTH2_COMMAND; + break; + } + } else { + tag = TPM_TAG_RSP_COMMAND; + } + + tpmcmd->resp_len = len = 10; + tpmcmd->resp = respptr = tpm_malloc(tpmcmd->resp_len); + + return pack_header(&respptr, &len, tag, len, errorcode); +} + +TPM_RESULT VTPM_GetRandom(struct tpmfront_dev* tpmfront_dev, BYTE* bytes, UINT32 *numbytes) { + TPM_RESULT status = TPM_SUCCESS; + uint8_t* cmdbuf, *resp, *bptr; + size_t resplen = 0; + UINT32 len; + + /*Ask the real tpm for random bytes for the seed */ + TPM_TAG tag = TPM_TAG_RQU_COMMAND; + UINT32 size; + TPM_COMMAND_CODE ord = TPM_ORD_GetRandom; + len = size = sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE) + sizeof(UINT32); + + /*Create the raw tpm command */ + bptr = cmdbuf = malloc(size); + TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord)); + TRYFAILGOTO(tpm_marshal_UINT32(&bptr, &len, *numbytes)); + + /* Send cmd, wait for response */ + TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp, &resplen), + ERR_TPMFRONT); + + bptr = resp; len = resplen; + TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size, &ord), ERR_MALFORMED); + + //Check return status of command + CHECKSTATUSGOTO(ord, "TPM_GetRandom()"); + + // Get the number of random bytes in the response + TRYFAILGOTOMSG(tpm_unmarshal_UINT32(&bptr, &len, &size), ERR_MALFORMED); + *numbytes = size; + + //Get the random bytes out, tpm may give us less bytes than what we wanrt + TRYFAILGOTOMSG(tpm_unmarshal_BYTE_ARRAY(&bptr, &len, bytes, *numbytes), ERR_MALFORMED); + + goto egress; +abort_egress: +egress: + free(cmdbuf); + return status; + +} + +TPM_RESULT VTPM_LoadHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t* data_length) +{ + TPM_RESULT status = TPM_SUCCESS; + uint8_t* bptr, *resp; + uint8_t* cmdbuf = NULL; + size_t resplen = 0; + UINT32 len; + + TPM_TAG tag = VTPM_TAG_REQ; + UINT32 size; + TPM_COMMAND_CODE ord = VTPM_ORD_LOADHASHKEY; + + /*Create the command*/ + len = size = VTPM_COMMAND_HEADER_SIZE; + bptr = cmdbuf = malloc(size); + TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord)); + + /* Send the command to vtpm_manager */ + info("Requesting Encryption key from backend"); + TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp, &resplen), ERR_TPMFRONT); + + /* Unpack response header */ + bptr = resp; + len = resplen; + TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size, &ord), ERR_MALFORMED); + + /* Check return code */ + CHECKSTATUSGOTO(ord, "VTPM_LoadHashKey()"); + + /* Get the size of the key */ + *data_length = size - VTPM_COMMAND_HEADER_SIZE; + + /* Copy the key bits */ + *data = malloc(*data_length); + memcpy(*data, bptr, *data_length); + + goto egress; +abort_egress: + error("VTPM_LoadHashKey failed"); +egress: + free(cmdbuf); + return status; +} + +TPM_RESULT VTPM_SaveHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t data_length) +{ + TPM_RESULT status = TPM_SUCCESS; + uint8_t* bptr, *resp; + uint8_t* cmdbuf = NULL; + size_t resplen = 0; + UINT32 len; + + TPM_TAG tag = VTPM_TAG_REQ; + UINT32 size; + TPM_COMMAND_CODE ord = VTPM_ORD_SAVEHASHKEY; + + /*Create the command*/ + len = size = VTPM_COMMAND_HEADER_SIZE + data_length; + bptr = cmdbuf = malloc(size); + TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord)); + memcpy(bptr, data, data_length); + bptr += data_length; + + /* Send the command to vtpm_manager */ + info("Sending encryption key to backend"); + TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp, &resplen), ERR_TPMFRONT); + + /* Unpack response header */ + bptr = resp; + len = resplen; + TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size, &ord), ERR_MALFORMED); + + /* Check return code */ + CHECKSTATUSGOTO(ord, "VTPM_SaveHashKey()"); + + goto egress; +abort_egress: + error("VTPM_SaveHashKey failed"); +egress: + free(cmdbuf); + return status; +} + +TPM_RESULT VTPM_PCRRead(struct tpmfront_dev* tpmfront_dev, UINT32 pcrIndex, BYTE* outDigest) +{ + TPM_RESULT status = TPM_SUCCESS; + uint8_t *cmdbuf, *resp, *bptr; + size_t resplen = 0; + UINT32 len; + + /*Just send a TPM_PCRRead Command to the HW tpm */ + TPM_TAG tag = TPM_TAG_RQU_COMMAND; + UINT32 size; + TPM_COMMAND_CODE ord = TPM_ORD_PCRRead; + len = size = sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE) + sizeof(UINT32); + + /*Create the raw tpm cmd */ + bptr = cmdbuf = malloc(size); + TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord)); + TRYFAILGOTO(tpm_marshal_UINT32(&bptr, &len, pcrIndex)); + + /*Send Cmd wait for response */ + TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp, &resplen), ERR_TPMFRONT); + + bptr = resp; len = resplen; + TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size, &ord), ERR_MALFORMED); + + //Check return status of command + CHECKSTATUSGOTO(ord, "TPM_PCRRead"); + + //Get the ptr value + memcpy(outDigest, bptr, sizeof(TPM_PCRVALUE)); + + goto egress; +abort_egress: +egress: + free(cmdbuf); + return status; + +} diff --git a/stubdom/vtpm/vtpm_cmd.h b/stubdom/vtpm/vtpm_cmd.h new file mode 100644 index 0000000..b0bfa22 --- /dev/null +++ b/stubdom/vtpm/vtpm_cmd.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#ifndef MANAGER_H +#define MANAGER_H + +#include <tpmfront.h> +#include <tpmback.h> +#include "tpm/tpm_structures.h" + +/* Create a command response error header */ +int create_error_response(tpmcmd_t* tpmcmd, TPM_RESULT errorcode); +/* Request random bytes from hardware tpm, returns 0 on success */ +TPM_RESULT VTPM_GetRandom(struct tpmfront_dev* tpmfront_dev, BYTE* bytes, UINT32* numbytes); +/* Retreive 256 bit AES encryption key from manager */ +TPM_RESULT VTPM_LoadHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t* data_length); +/* Manager securely saves our 256 bit AES encryption key */ +TPM_RESULT VTPM_SaveHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t data_length); +/* Send a TPM_PCRRead command passthrough the manager to the hw tpm */ +TPM_RESULT VTPM_PCRRead(struct tpmfront_dev* tpmfront_dev, UINT32 pcrIndex, BYTE* outDigest); + +#endif diff --git a/stubdom/vtpm/vtpm_pcrs.c b/stubdom/vtpm/vtpm_pcrs.c new file mode 100644 index 0000000..22a6cef --- /dev/null +++ b/stubdom/vtpm/vtpm_pcrs.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#include "vtpm_pcrs.h" +#include "vtpm_cmd.h" +#include "tpm/tpm_data.h" + +#define PCR_VALUE tpmData.permanent.data.pcrValue + +static int write_pcr_direct(unsigned int pcrIndex, uint8_t* val) { + if(pcrIndex > TPM_NUM_PCR) { + return TPM_BADINDEX; + } + memcpy(&PCR_VALUE[pcrIndex], val, sizeof(TPM_PCRVALUE)); + return TPM_SUCCESS; +} + +TPM_RESULT vtpm_initialize_hw_pcrs(struct tpmfront_dev* tpmfront_dev, unsigned long pcrs) +{ + TPM_RESULT rc = TPM_SUCCESS; + uint8_t digest[sizeof(TPM_PCRVALUE)]; + + for(unsigned int i = 0; i < TPM_NUM_PCR; ++i) { + if(pcrs & 1 << i) { + if((rc = VTPM_PCRRead(tpmfront_dev, i, digest)) != TPM_SUCCESS) { + error("TPM_PCRRead failed with error : %d", rc); + return rc; + } + write_pcr_direct(i, digest); + } + } + + return rc; +} diff --git a/stubdom/vtpm/vtpm_pcrs.h b/stubdom/vtpm/vtpm_pcrs.h new file mode 100644 index 0000000..11835f9 --- /dev/null +++ b/stubdom/vtpm/vtpm_pcrs.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#ifndef VTPM_PCRS_H +#define VTPM_PCRS_H + +#include "tpm/tpm_structures.h" + +#define VTPM_PCR0 1 +#define VTPM_PCR1 1 << 1 +#define VTPM_PCR2 1 << 2 +#define VTPM_PCR3 1 << 3 +#define VTPM_PCR4 1 << 4 +#define VTPM_PCR5 1 << 5 +#define VTPM_PCR6 1 << 6 +#define VTPM_PCR7 1 << 7 +#define VTPM_PCR8 1 << 8 +#define VTPM_PCR9 1 << 9 +#define VTPM_PCR10 1 << 10 +#define VTPM_PCR11 1 << 11 +#define VTPM_PCR12 1 << 12 +#define VTPM_PCR13 1 << 13 +#define VTPM_PCR14 1 << 14 +#define VTPM_PCR15 1 << 15 +#define VTPM_PCR16 1 << 16 +#define VTPM_PCR17 1 << 17 +#define VTPM_PCR18 1 << 18 +#define VTPM_PCR19 1 << 19 +#define VTPM_PCR20 1 << 20 +#define VTPM_PCR21 1 << 21 +#define VTPM_PCR22 1 << 22 +#define VTPM_PCR23 1 << 23 + +#define VTPM_PCRALL (1 << TPM_NUM_PCR) - 1 +#define VTPM_PCRNONE 0 + +#define VTPM_NUMPCRS 24 + +struct tpmfront_dev; + +TPM_RESULT vtpm_initialize_hw_pcrs(struct tpmfront_dev* tpmfront_dev, unsigned long pcrs); + + +#endif diff --git a/stubdom/vtpm/vtpmblk.c b/stubdom/vtpm/vtpmblk.c new file mode 100644 index 0000000..b343bd8 --- /dev/null +++ b/stubdom/vtpm/vtpmblk.c @@ -0,0 +1,307 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#include <mini-os/byteorder.h> +#include "vtpmblk.h" +#include "tpm/tpm_marshalling.h" +#include "vtpm_cmd.h" +#include "polarssl/aes.h" +#include "polarssl/sha1.h" +#include <blkfront.h> +#include <unistd.h> +#include <errno.h> +#include <fcntl.h> + +/*Encryption key and block sizes */ +#define BLKSZ 16 + +static struct blkfront_dev* blkdev = NULL; +static int blkfront_fd = -1; + +int init_vtpmblk(struct tpmfront_dev* tpmfront_dev) +{ + struct blkfront_info blkinfo; + info("Initializing persistent NVM storage\n"); + + if((blkdev = init_blkfront(NULL, &blkinfo)) == NULL) { + error("BLKIO: ERROR Unable to initialize blkfront"); + return -1; + } + if (blkinfo.info & VDISK_READONLY || blkinfo.mode != O_RDWR) { + error("BLKIO: ERROR block device is read only!"); + goto error; + } + if((blkfront_fd = blkfront_open(blkdev)) == -1) { + error("Unable to open blkfront file descriptor!"); + goto error; + } + + return 0; +error: + shutdown_blkfront(blkdev); + blkdev = NULL; + return -1; +} + +void shutdown_vtpmblk(void) +{ + close(blkfront_fd); + blkfront_fd = -1; + blkdev = NULL; +} + +int write_vtpmblk_raw(uint8_t *data, size_t data_length) +{ + int rc; + uint32_t lenbuf; + debug("Begin Write data=%p len=%u", data, data_length); + + lenbuf = cpu_to_be32((uint32_t)data_length); + + lseek(blkfront_fd, 0, SEEK_SET); + if((rc = write(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) { + error("write(length) failed! error was %s", strerror(errno)); + return -1; + } + if((rc = write(blkfront_fd, data, data_length)) != data_length) { + error("write(data) failed! error was %s", strerror(errno)); + return -1; + } + + info("Wrote %u bytes to NVM persistent storage", data_length); + + return 0; +} + +int read_vtpmblk_raw(uint8_t **data, size_t *data_length) +{ + int rc; + uint32_t lenbuf; + + lseek(blkfront_fd, 0, SEEK_SET); + if(( rc = read(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) { + error("read(length) failed! error was %s", strerror(errno)); + return -1; + } + *data_length = (size_t) cpu_to_be32(lenbuf); + if(*data_length == 0) { + error("read 0 data_length for NVM"); + return -1; + } + + *data = tpm_malloc(*data_length); + if((rc = read(blkfront_fd, *data, *data_length)) != *data_length) { + error("read(data) failed! error was %s", strerror(errno)); + return -1; + } + + info("Read %u bytes from NVM persistent storage", *data_length); + return 0; +} + +int encrypt_vtpmblk(uint8_t* clear, size_t clear_len, uint8_t** cipher, size_t* cipher_len, uint8_t* symkey) +{ + int rc = 0; + uint8_t iv[BLKSZ]; + aes_context aes_ctx; + UINT32 temp; + int mod; + + uint8_t* clbuf = NULL; + + uint8_t* ivptr; + int ivlen; + + uint8_t* cptr; //Cipher block pointer + int clen; //Cipher block length + + /*Create a new 256 bit encryption key */ + if(symkey == NULL) { + rc = -1; + goto abort_egress; + } + tpm_get_extern_random_bytes(symkey, NVMKEYSZ); + + /*Setup initialization vector - random bits and then 4 bytes clear text size at the end*/ + temp = sizeof(UINT32); + ivlen = BLKSZ - temp; + tpm_get_extern_random_bytes(iv, ivlen); + ivptr = iv + ivlen; + tpm_marshal_UINT32(&ivptr, &temp, (UINT32) clear_len); + + /*The clear text needs to be padded out to a multiple of BLKSZ */ + mod = clear_len % BLKSZ; + clen = mod ? clear_len + BLKSZ - mod : clear_len; + clbuf = malloc(clen); + if (clbuf == NULL) { + rc = -1; + goto abort_egress; + } + memcpy(clbuf, clear, clear_len); + /* zero out the padding bits - FIXME: better / more secure way to handle these? */ + if(clen - clear_len) { + memset(clbuf + clear_len, 0, clen - clear_len); + } + + /* Setup the ciphertext buffer */ + *cipher_len = BLKSZ + clen; /*iv + ciphertext */ + cptr = *cipher = malloc(*cipher_len); + if (*cipher == NULL) { + rc = -1; + goto abort_egress; + } + + /* Copy the IV to cipher text blob*/ + memcpy(cptr, iv, BLKSZ); + cptr += BLKSZ; + + /* Setup encryption */ + aes_setkey_enc(&aes_ctx, symkey, 256); + + /* Do encryption now */ + aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, clen, iv, clbuf, cptr); + + goto egress; +abort_egress: +egress: + free(clbuf); + return rc; +} +int decrypt_vtpmblk(uint8_t* cipher, size_t cipher_len, uint8_t** clear, size_t* clear_len, uint8_t* symkey) +{ + int rc = 0; + uint8_t iv[BLKSZ]; + uint8_t* ivptr; + UINT32 u32, temp; + aes_context aes_ctx; + + uint8_t* cptr = cipher; //cipher block pointer + int clen = cipher_len; //cipher block length + + /* Pull out the initialization vector */ + memcpy(iv, cipher, BLKSZ); + cptr += BLKSZ; + clen -= BLKSZ; + + /* Setup the clear text buffer */ + if((*clear = malloc(clen)) == NULL) { + rc = -1; + goto abort_egress; + } + + /* Get the length of clear text from last 4 bytes of iv */ + temp = sizeof(UINT32); + ivptr = iv + BLKSZ - temp; + tpm_unmarshal_UINT32(&ivptr, &temp, &u32); + *clear_len = u32; + + /* Setup decryption */ + aes_setkey_dec(&aes_ctx, symkey, 256); + + /* Do decryption now */ + if ((clen % BLKSZ) != 0) { + error("Decryption Error: Cipher block size was not a multiple of %u", BLKSZ); + rc = -1; + goto abort_egress; + } + aes_crypt_cbc(&aes_ctx, AES_DECRYPT, clen, iv, cptr, *clear); + + goto egress; +abort_egress: +egress: + return rc; +} + +int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t data_length) { + int rc; + uint8_t* cipher = NULL; + size_t cipher_len = 0; + uint8_t hashkey[HASHKEYSZ]; + uint8_t* symkey = hashkey + HASHSZ; + + /* Encrypt the data */ + if((rc = encrypt_vtpmblk(data, data_length, &cipher, &cipher_len, symkey))) { + goto abort_egress; + } + /* Write to disk */ + if((rc = write_vtpmblk_raw(cipher, cipher_len))) { + goto abort_egress; + } + /* Get sha1 hash of data */ + sha1(cipher, cipher_len, hashkey); + + /* Send hash and key to manager */ + if((rc = VTPM_SaveHashKey(tpmfront_dev, hashkey, HASHKEYSZ)) != TPM_SUCCESS) { + goto abort_egress; + } + goto egress; +abort_egress: +egress: + free(cipher); + return rc; +} + +int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t *data_length) { + int rc; + uint8_t* cipher = NULL; + size_t cipher_len = 0; + size_t keysize; + uint8_t* hashkey = NULL; + uint8_t hash[HASHSZ]; + uint8_t* symkey; + + /* Retreive the hash and the key from the manager */ + if((rc = VTPM_LoadHashKey(tpmfront_dev, &hashkey, &keysize)) != TPM_SUCCESS) { + goto abort_egress; + } + if(keysize != HASHKEYSZ) { + error("Manager returned a hashkey of invalid size! expected %d, actual %d", NVMKEYSZ, keysize); + rc = -1; + goto abort_egress; + } + symkey = hashkey + HASHSZ; + + /* Read from disk now */ + if((rc = read_vtpmblk_raw(&cipher, &cipher_len))) { + goto abort_egress; + } + + /* Compute the hash of the cipher text and compare */ + sha1(cipher, cipher_len, hash); + if(memcmp(hash, hashkey, HASHSZ)) { + int i; + error("NVM Storage Checksum failed!"); + printf("Expected: "); + for(i = 0; i < HASHSZ; ++i) { + printf("%02hhX ", hashkey[i]); + } + printf("\n"); + printf("Actual: "); + for(i = 0; i < HASHSZ; ++i) { + printf("%02hhX ", hash[i]); + } + printf("\n"); + rc = -1; + goto abort_egress; + } + + /* Decrypt the blob */ + if((rc = decrypt_vtpmblk(cipher, cipher_len, data, data_length, symkey))) { + goto abort_egress; + } + goto egress; +abort_egress: +egress: + free(cipher); + free(hashkey); + return rc; +} diff --git a/stubdom/vtpm/vtpmblk.h b/stubdom/vtpm/vtpmblk.h new file mode 100644 index 0000000..282ce6a --- /dev/null +++ b/stubdom/vtpm/vtpmblk.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2010-2012 United States Government, as represented by + * the Secretary of Defense. All rights reserved. + * + * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT + * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES + * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY + * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE + * SOFTWARE. + */ + +#ifndef NVM_H +#define NVM_H +#include <mini-os/types.h> +#include <xen/xen.h> +#include <tpmfront.h> + +#define NVMKEYSZ 32 +#define HASHSZ 20 +#define HASHKEYSZ (NVMKEYSZ + HASHSZ) + +int init_vtpmblk(struct tpmfront_dev* tpmfront_dev); +void shutdown_vtpmblk(void); + +/* Encrypts and writes data to blk device */ +int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t *data, size_t data_length); +/* Reads, Decrypts, and returns data from blk device */ +int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t **data, size_t *data_length); + +#endif -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |