|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 10/12] vTPM/TPM2: Support TPM 2.0 bind and unbind data
Bind data with TPM2_RSA_Encrypt, which performs RSA encryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1). If the
scheme of keyHandle is TPM_ALG_NULL, then the caller may use inScheme
to specify the padding scheme.
Unbind data with TPM2_RSA_Decrypt, which performs RSA decryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1).
Signed-off-by: Quan Xu <quan.xu@xxxxxxxxx>
---
stubdom/vtpmmgr/disk_tpm.c | 42 ++++++++++++++++++++++++++++++++++++++++--
stubdom/vtpmmgr/disk_tpm.h | 4 ++++
2 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/stubdom/vtpmmgr/disk_tpm.c b/stubdom/vtpmmgr/disk_tpm.c
index d650fbc..2e33eac 100644
--- a/stubdom/vtpmmgr/disk_tpm.c
+++ b/stubdom/vtpmmgr/disk_tpm.c
@@ -12,17 +12,20 @@
#include <polarssl/sha1.h>
#include "tpm.h"
+#include "tpm2.h"
#include "tcg.h"
#include "vtpmmgr.h"
#include "vtpm_disk.h"
#include "disk_tpm.h"
+#include "log.h"
// Print out input/output of seal/unseal operations (includes keys)
#undef DEBUG_SEAL_OPS
#ifdef DEBUG_SEAL_OPS
#include "marshal.h"
+#include "tpm2_marshal.h"
#endif
struct pcr_list {
@@ -31,11 +34,16 @@ struct pcr_list {
static struct pcr_list hwtpm;
+/*Ignore PCR on TPM 2.0, read PCR values for TPM 1.x seal | unseal*/
void TPM_read_pcrs(void)
{
int i;
- for(i=0; i < 24; i++)
- TPM_PCR_Read(i, &hwtpm.pcrs[i]);
+ for (i=0; i < 24; i++) {
+ if (hw_is_tpm2())
+ memset(&hwtpm.pcrs[i], 0, TPM_DIGEST_SIZE);
+ else
+ TPM_PCR_Read(i, &hwtpm.pcrs[i]);
+ }
}
struct pcr_composite_3 {
@@ -138,6 +146,36 @@ int TPM_disk_seal(struct disk_seal_entry *dst, const void*
src, size_t size)
return rc;
}
+TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int
size)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+
+ TPMTRYRETURN(TPM2_Bind(vtpm_globals.sk_handle,
+ src,
+ size,
+ dst->sealed_data));
+
+abort_egress:
+egress:
+ return status;
+}
+
+TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct
disk_seal_entry *src)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ unsigned char buf[RSA_CIPHER_SIZE];
+
+ memcpy(buf, src->sealed_data, RSA_CIPHER_SIZE);
+ TPMTRYRETURN(TPM2_UnBind(vtpm_globals.sk_handle,
+ RSA_CIPHER_SIZE,
+ buf,
+ size,
+ dst));
+abort_egress:
+egress:
+ return status;
+}
+
int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src)
{
uint32_t rc;
diff --git a/stubdom/vtpmmgr/disk_tpm.h b/stubdom/vtpmmgr/disk_tpm.h
index b235895..57ae2a6 100644
--- a/stubdom/vtpmmgr/disk_tpm.h
+++ b/stubdom/vtpmmgr/disk_tpm.h
@@ -10,6 +10,10 @@ void TPM_pcr_digest(struct hash160 *buf, le32_t selection);
int TPM_disk_seal(struct disk_seal_entry *dst, const void* src, size_t size);
int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src);
+/*TPM 2.0 Bind and Unbind */
+TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int
size);
+TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct
disk_seal_entry *src);
+
/* NVRAM to allow revocation of TM-KEY */
int TPM_disk_nvalloc(be32_t *nvram_slot, struct tpm_authdata auth);
int TPM_disk_nvread(void *buf, size_t bufsiz, be32_t nvram_slot, struct
tpm_authdata auth);
--
1.8.3.2
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |