[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 10/12] vTPM/TPM2: Support TPM 2.0 bind and unbind data



Bind data with TPM2_RSA_Encrypt, which performs RSA encryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1). If the
scheme of keyHandle is TPM_ALG_NULL, then the caller may use inScheme
to specify the padding scheme.
Unbind data with TPM2_RSA_Decrypt, which performs RSA decryption using
the indicated padding scheme according to PKCS#1v2.1(PKCS#1).

Signed-off-by: Quan Xu <quan.xu@xxxxxxxxx>
---
 stubdom/vtpmmgr/disk_tpm.c | 42 ++++++++++++++++++++++++++++++++++++++++--
 stubdom/vtpmmgr/disk_tpm.h |  4 ++++
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/stubdom/vtpmmgr/disk_tpm.c b/stubdom/vtpmmgr/disk_tpm.c
index d650fbc..2e33eac 100644
--- a/stubdom/vtpmmgr/disk_tpm.c
+++ b/stubdom/vtpmmgr/disk_tpm.c
@@ -12,17 +12,20 @@
 #include <polarssl/sha1.h>
 
 #include "tpm.h"
+#include "tpm2.h"
 #include "tcg.h"
 
 #include "vtpmmgr.h"
 #include "vtpm_disk.h"
 #include "disk_tpm.h"
 
+#include "log.h"
 // Print out input/output of seal/unseal operations (includes keys)
 #undef DEBUG_SEAL_OPS
 
 #ifdef DEBUG_SEAL_OPS
 #include "marshal.h"
+#include "tpm2_marshal.h"
 #endif
 
 struct pcr_list {
@@ -31,11 +34,16 @@ struct pcr_list {
 
 static struct pcr_list hwtpm;
 
+/*Ignore PCR on TPM 2.0, read PCR values for TPM 1.x seal | unseal*/
 void TPM_read_pcrs(void)
 {
        int i;
-       for(i=0; i < 24; i++)
-               TPM_PCR_Read(i, &hwtpm.pcrs[i]);
+       for (i=0; i < 24; i++) {
+        if (hw_is_tpm2())
+            memset(&hwtpm.pcrs[i], 0, TPM_DIGEST_SIZE);
+        else
+                   TPM_PCR_Read(i, &hwtpm.pcrs[i]);
+    }
 }
 
 struct pcr_composite_3 {
@@ -138,6 +146,36 @@ int TPM_disk_seal(struct disk_seal_entry *dst, const void* 
src, size_t size)
        return rc;
 }
 
+TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int 
size)
+{
+    TPM_RESULT status = TPM_SUCCESS;
+
+    TPMTRYRETURN(TPM2_Bind(vtpm_globals.sk_handle,
+                           src,
+                           size,
+                           dst->sealed_data));
+
+abort_egress:
+egress:
+   return status;
+}
+
+TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct 
disk_seal_entry *src)
+{
+    TPM_RESULT status = TPM_SUCCESS;
+    unsigned char buf[RSA_CIPHER_SIZE];
+
+    memcpy(buf, src->sealed_data, RSA_CIPHER_SIZE);
+    TPMTRYRETURN(TPM2_UnBind(vtpm_globals.sk_handle,
+                             RSA_CIPHER_SIZE,
+                             buf,
+                             size,
+                             dst));
+abort_egress:
+egress:
+   return status;
+}
+
 int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src)
 {
        uint32_t rc;
diff --git a/stubdom/vtpmmgr/disk_tpm.h b/stubdom/vtpmmgr/disk_tpm.h
index b235895..57ae2a6 100644
--- a/stubdom/vtpmmgr/disk_tpm.h
+++ b/stubdom/vtpmmgr/disk_tpm.h
@@ -10,6 +10,10 @@ void TPM_pcr_digest(struct hash160 *buf, le32_t selection);
 int TPM_disk_seal(struct disk_seal_entry *dst, const void* src, size_t size);
 int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src);
 
+/*TPM 2.0 Bind and Unbind */
+TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int 
size);
+TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct 
disk_seal_entry *src);
+
 /* NVRAM to allow revocation of TM-KEY */
 int TPM_disk_nvalloc(be32_t *nvram_slot, struct tpm_authdata auth);
 int TPM_disk_nvread(void *buf, size_t bufsiz, be32_t nvram_slot, struct 
tpm_authdata auth);
-- 
1.8.3.2


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.