[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 10/12] vTPM/TPM2: Support TPM 2.0 bind and unbind data
Bind data with TPM2_RSA_Encrypt, which performs RSA encryption using the indicated padding scheme according to PKCS#1v2.1(PKCS#1). If the scheme of keyHandle is TPM_ALG_NULL, then the caller may use inScheme to specify the padding scheme. Unbind data with TPM2_RSA_Decrypt, which performs RSA decryption using the indicated padding scheme according to PKCS#1v2.1(PKCS#1). Signed-off-by: Quan Xu <quan.xu@xxxxxxxxx> --- stubdom/vtpmmgr/disk_tpm.c | 42 ++++++++++++++++++++++++++++++++++++++++-- stubdom/vtpmmgr/disk_tpm.h | 4 ++++ 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/stubdom/vtpmmgr/disk_tpm.c b/stubdom/vtpmmgr/disk_tpm.c index d650fbc..2e33eac 100644 --- a/stubdom/vtpmmgr/disk_tpm.c +++ b/stubdom/vtpmmgr/disk_tpm.c @@ -12,17 +12,20 @@ #include <polarssl/sha1.h> #include "tpm.h" +#include "tpm2.h" #include "tcg.h" #include "vtpmmgr.h" #include "vtpm_disk.h" #include "disk_tpm.h" +#include "log.h" // Print out input/output of seal/unseal operations (includes keys) #undef DEBUG_SEAL_OPS #ifdef DEBUG_SEAL_OPS #include "marshal.h" +#include "tpm2_marshal.h" #endif struct pcr_list { @@ -31,11 +34,16 @@ struct pcr_list { static struct pcr_list hwtpm; +/*Ignore PCR on TPM 2.0, read PCR values for TPM 1.x seal | unseal*/ void TPM_read_pcrs(void) { int i; - for(i=0; i < 24; i++) - TPM_PCR_Read(i, &hwtpm.pcrs[i]); + for (i=0; i < 24; i++) { + if (hw_is_tpm2()) + memset(&hwtpm.pcrs[i], 0, TPM_DIGEST_SIZE); + else + TPM_PCR_Read(i, &hwtpm.pcrs[i]); + } } struct pcr_composite_3 { @@ -138,6 +146,36 @@ int TPM_disk_seal(struct disk_seal_entry *dst, const void* src, size_t size) return rc; } +TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int size) +{ + TPM_RESULT status = TPM_SUCCESS; + + TPMTRYRETURN(TPM2_Bind(vtpm_globals.sk_handle, + src, + size, + dst->sealed_data)); + +abort_egress: +egress: + return status; +} + +TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct disk_seal_entry *src) +{ + TPM_RESULT status = TPM_SUCCESS; + unsigned char buf[RSA_CIPHER_SIZE]; + + memcpy(buf, src->sealed_data, RSA_CIPHER_SIZE); + TPMTRYRETURN(TPM2_UnBind(vtpm_globals.sk_handle, + RSA_CIPHER_SIZE, + buf, + size, + dst)); +abort_egress: +egress: + return status; +} + int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src) { uint32_t rc; diff --git a/stubdom/vtpmmgr/disk_tpm.h b/stubdom/vtpmmgr/disk_tpm.h index b235895..57ae2a6 100644 --- a/stubdom/vtpmmgr/disk_tpm.h +++ b/stubdom/vtpmmgr/disk_tpm.h @@ -10,6 +10,10 @@ void TPM_pcr_digest(struct hash160 *buf, le32_t selection); int TPM_disk_seal(struct disk_seal_entry *dst, const void* src, size_t size); int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src); +/*TPM 2.0 Bind and Unbind */ +TPM_RC TPM2_disk_bind(struct disk_seal_entry *dst, void* src, unsigned int size); +TPM_RC TPM2_disk_unbind(void *dst, unsigned int *size, const struct disk_seal_entry *src); + /* NVRAM to allow revocation of TM-KEY */ int TPM_disk_nvalloc(be32_t *nvram_slot, struct tpm_authdata auth); int TPM_disk_nvread(void *buf, size_t bufsiz, be32_t nvram_slot, struct tpm_authdata auth); -- 1.8.3.2 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |