2 * Copyright 2018 Intel Corporation
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 // Author: Arun Kumar Sekar
19 #include "tpm_duplication_aux.h"
24 void print2b(char* msg, TPM2B * toprint){
25 print_buff(msg, toprint->size, toprint->buffer);
28 void TPMT_PUBLIC_TO_TPM2B(TPMT_PUBLIC *source, TPM2B_PUBLIC *target)
34 UINT16 sizeField = TPMT_PUBLIC_Marshal(source, &runner, &size);
36 UINT16_Marshal(&sizeField, &runner, &size);
40 size = sizeof(TPM2B_PUBLIC);
41 TPM2B_PUBLIC_Unmarshal(target, &runner, &size, 1);
44 void TPMT_SENSITIVE_TO_TPM2B(TPMT_SENSITIVE *source, TPM2B_SENSITIVE *target)
50 UINT16 sizeField = TPMT_SENSITIVE_Marshal(source, &runner, &size);
52 UINT16_Marshal(&sizeField, &runner, &size);
56 size = sizeof(TPM2B_SENSITIVE);
57 TPM2B_SENSITIVE_Unmarshal(target, &runner, &size);
62 void TPM2B_SENSITIVE_TO_TPMT(TPM2B_SENSITIVE *source, TPMT_SENSITIVE *target)
64 BYTE buffer[1024], *runner = buffer;
66 TPMT_SENSITIVE_Marshal(&(source->t.sensitiveArea), &runner, &size);
69 size = sizeof(*target);
71 TPMT_SENSITIVE_Unmarshal(target, &runner, &size);
74 void TPM2B_PUBLIC_TO_TPMT(TPM2B_PUBLIC *source, TPMT_PUBLIC *target)
76 BYTE buffer[1024], *runner = buffer;
78 TPMT_PUBLIC_Marshal(&(source->t.publicArea), &runner, &size);
81 size = sizeof(*target);
83 TPMT_PUBLIC_Unmarshal(target, &runner, &size, 1);
87 TPM2B_NAME * GetName(TPMI_ALG_HASH hashAlg, TPM2B_PUBLIC *obj, TPM2B_NAME *outName)
90 BYTE buff[1024] = {0};
93 UINT16 toHashSize = TPM2B_PUBLIC_Marshal(obj, &runner, &size_in) ;
95 runner = outName->b.buffer;
97 outName->b.size = TPM_ALG_ID_Marshal(&hashAlg, &runner , &size_in) + 32;
99 SHA256(buff+2, toHashSize-2, runner);
105 void CreateDuplicationBlob2B(
107 TPM2B_PUBLIC_KEY_RSA *protector,
108 TPM2B_PUBLIC * public2B,
109 TPM2B_SENSITIVE *sens2B,
110 TPM2B_ENCRYPTED_SECRET *plainSymSeed, TPMI_YES_NO generateInSymSeed,
111 TPM2B_DATA *encryptionKey, TPMI_YES_NO generateEncryptionKey,
114 TPM2B_PRIVATE *outDuplicate,
115 TPM2B_ENCRYPTED_SECRET *encSymSeed)
117 TPMT_PUBLIC publicPortion;
120 TPM2B_PUBLIC_TO_TPMT(public2B, &publicPortion);
121 TPM2B_SENSITIVE_TO_TPMT(sens2B, &sens);
123 CreateDuplicationBlob(protector, &publicPortion, &sens, plainSymSeed, generateInSymSeed, encryptionKey, generateEncryptionKey, outDuplicate, encSymSeed);
127 void CreateSwDataObject2B(
128 BYTE* auth, UINT16 authSize,
130 BYTE * policyDigest, UINT16 policyDigestSize,
131 TPM2B_PUBLIC * outPublic2B,
132 TPM2B_SENSITIVE *outSens2B)
135 TPMT_PUBLIC publicPortion;
138 CreateSwDataObject(auth, authSize, rsaKey, NULL, 0, policyDigest, policyDigestSize, &publicPortion, &sens);
141 TPMT_PUBLIC_TO_TPM2B(&publicPortion, outPublic2B);
142 TPMT_SENSITIVE_TO_TPM2B(&sens, outSens2B);
145 void CreateDuplicationBlob(
147 TPM2B_PUBLIC_KEY_RSA *protector,
148 TPMT_PUBLIC * publicPortion,
149 TPMT_SENSITIVE *sens,
150 TPM2B_ENCRYPTED_SECRET *plainSymSeed, TPMI_YES_NO generateInSymSeed,
151 TPM2B_DATA *encryptionKey, TPMI_YES_NO generateEncryptionKey,
154 TPM2B_PRIVATE *outDuplicate,
155 TPM2B_ENCRYPTED_SECRET *encSymSeed)
157 memset((void*)outDuplicate, 0, sizeof(TPM2B_PRIVATE));
158 memset((void*)encSymSeed, 0, sizeof(TPM2B_ENCRYPTED_SECRET));
159 TPM2B_SYM_KEY outerWrapper;
161 TPM2B_NAME swkName = {{0}};
164 TPM2B_PUBLIC public2B = {{0}};
165 TPM2B_SENSITIVE sens2B = {{0}};
168 TPM2B_MAX_BUFFER encSensitive = {{0}};
170 if(generateInSymSeed)
172 RAND_bytes(plainSymSeed->b.buffer, 16);
173 plainSymSeed->b.size = 16;
175 if(generateEncryptionKey)
177 RAND_bytes(encryptionKey->b.buffer, 16);
178 encryptionKey->b.size = 16;
181 // Preparing marshaled publicPortion:
182 TPMT_PUBLIC_TO_TPM2B(publicPortion, &public2B);
185 GetName(TPM_ALG_SHA256, &(public2B), &swkName);
187 // preparing marshaled sensitive:
188 TPMT_SENSITIVE_TO_TPM2B(sens, &sens2B);
190 //preparing encSensitive
193 TPM2B_SYM_KEY IV = {0};
195 TPM2B_MAX_BUFFER innerData = {0};
196 BYTE innerIntegrity[34] = {0}, toHash[1024] = {0};
198 BYTE* runner = toHash;
201 UINT16_Marshal(&(sens2B.b.size), &runner, &size_in);
202 TPMT_SENSITIVE_Marshal(sens, &runner, &size_in);
204 memcpy(runner, swkName.b.buffer, swkName.b.size );
205 runner += swkName.b.size;
208 SHA256(toHash, runner - toHash, innerIntegrity+2);
209 runner = innerIntegrity;
211 UINT16_Marshal(&tempUint16, &runner, &size_in);
213 memcpy(innerData.b.buffer, innerIntegrity, 34);
214 runner = innerData.b.buffer + 34;
217 UINT16_Marshal(&(sens2B.b.size), &runner, &size_in);
218 TPMT_SENSITIVE_Marshal(sens, &runner, &size_in);
220 innerData.b.size = sens2B.b.size + 36;
222 AES_128_CFB_enc_dec(&(innerData.b), &(encSensitive.b), &(encryptionKey->b), &(IV.b), NULL, 1);
228 TPM2B_SYM_KEY IV = {{0}};
229 TPM2B_DIGEST hmacKey = {{0}};
230 TPM2B_DIGEST outerHmac = {{0}};
231 TPM2B_MAX_BUFFER dupSensitive = {{0}};
232 TPM2B_MAX_BUFFER dataToHmac = {{0}};
233 BYTE * runner = NULL;
237 KDFa(TPM_ALG_SHA256, &(plainSymSeed->b), "STORAGE", &(swkName.b), &NULL_2B, 128 , (TPM2B_MAX_BUFFER*) &outerWrapper);
239 AES_128_CFB_enc_dec(&(encSensitive.b), &(dupSensitive.b), &(outerWrapper.b), &(IV.b), NULL, 1);
241 KDFa(TPM_ALG_SHA256, &(plainSymSeed->b), "INTEGRITY", &NULL_2B, &NULL_2B, 32*8,(TPM2B_MAX_BUFFER*) &(hmacKey.b));
243 memcpy(dataToHmac.b.buffer, dupSensitive.b.buffer, dupSensitive.b.size);
244 memcpy(dataToHmac.b.buffer + dupSensitive.b.size, swkName.b.buffer, swkName.b.size);
245 dataToHmac.b.size = dupSensitive.b.size + swkName.b.size;
248 HMAC(EVP_sha256(), hmacKey.b.buffer, hmacKey.b.size, dataToHmac.b.buffer, dataToHmac.b.size,
249 outerHmac.b.buffer, (UINT32*) &size_in);
251 outerHmac.b.size = size_in;
253 runner = outDuplicate->b.buffer;
254 size_in = sizeof(*outDuplicate) - 2;
255 outDuplicate->b.size = TPM2B_DIGEST_Marshal(&outerHmac, &runner, &size_in);
257 memcpy(runner, dupSensitive.b.buffer, dupSensitive.b.size);
258 outDuplicate->b.size += dupSensitive.b.size;
262 // Encrypting seed with RSA pub:
263 TPM2B_DATA encodingParams = {{0}};
264 encodingParams.b.size = 10;
265 memcpy(encodingParams.b.buffer, "DUPLICATE", 10);
267 RSA_OAEP_Enc((TPM2B_PUBLIC_KEY_RSA*)plainSymSeed, (TPM2B_PUBLIC_KEY_RSA*)encSymSeed, protector, &encodingParams);
271 void rsaKeyTobn( const RSA* rsaKey,
279 #if OPENSSL_VERSION_NUMBER < 0x10100000
295 RSA_get0_key(rsaKey, n, e, d);
299 RSA_get0_factors(rsaKey, p, q);
304 int rsabnTobin( const BIGNUM** n,
307 uint8_t** n_bytes, int* n_size,
308 uint8_t** e_bytes, int* e_size,
309 uint8_t** p_bytes, int* p_size
316 *n_size = BN_num_bytes(*n);
319 if( (n_bytes != NULL) && (*n_size > 0) )
321 *n_bytes = (uint8_t*) malloc(*n_size);
322 BN_bn2bin(*n, *n_bytes);
328 *e_size = BN_num_bytes(*e);
331 if( (e_bytes != NULL) && (*e_size > 0) )
333 *e_bytes = (uint8_t*) malloc(*e_size);
334 BN_bn2bin(*e, *e_bytes);
340 *p_size = BN_num_bytes(*p);
343 if( (p_bytes != NULL) && (*p_size > 0) )
345 *p_bytes = (uint8_t*) malloc(*p_size);
346 BN_bn2bin(*p, *p_bytes);
355 void CreateSwDataObject(
356 BYTE* auth, UINT16 authSize,
358 BYTE * dataToSeal, UINT16 dataSize,
359 BYTE * policyDigest, UINT16 policyDigestSize,
360 TPMT_PUBLIC * outPublic,
361 TPMT_SENSITIVE *outSens)
363 TPM2B_MAX_BUFFER hash_buffer;
368 /* Asymmetric key (RSA) creation */
376 uint8_t* n_bytes; int n_size;
377 uint8_t* e_bytes; int e_size;
378 uint8_t* p_bytes; int p_size;
380 rsaKeyTobn(rsaKey, &n, &e, &d, &p, &q);
382 rsabnTobin( &n, &e, &p,
388 /* Fill TPM Sensitive data */
389 outSens->sensitiveType = TPM_ALG_RSA;
391 outSens->authValue.b.size = authSize;
392 memcpy(outSens->authValue.b.buffer, auth, authSize);
394 outSens->seedValue.b.size = 32;
395 memcpy(outSens->seedValue.b.buffer, seed, 32);
397 outSens->sensitive.bits.b.size = p_size;
398 memcpy(outSens->sensitive.bits.b.buffer, p_bytes, p_size);
400 /* Fill TPM Public portion */
401 outPublic->type = TPM_ALG_RSA;
402 outPublic->nameAlg = TPM_ALG_SHA256;
403 outPublic->objectAttributes.val = 0;
404 //outPublic->objectAttributes.val |= TPMA_OBJECT_RESTRICTED;
405 outPublic->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH;
406 outPublic->objectAttributes.val |= TPMA_OBJECT_SIGN;
407 outPublic->authPolicy.t.size = 0;
409 /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */
410 outPublic->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL;
411 outPublic->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
412 //outPublic->parameters.rsaDetail.scheme.details.rsassa.hashAlg = TPM_ALG_SHA256;
414 outPublic->parameters.rsaDetail.keyBits = BYTES_TO_BITS(n_size);;
415 printf("outPublic->parameters.rsaDetail.keyBits: %d \n", outPublic->parameters.rsaDetail.keyBits);
417 unsigned long tmp_val = 0; // Need to use this temp variable?
418 memcpy(&tmp_val, e_bytes, e_size);
419 outPublic->parameters.rsaDetail.exponent = tmp_val;
420 printf("outPublic->parameters.rsaDetail.exponent: 0x%x \n", outPublic->parameters.rsaDetail.exponent);
422 outPublic->unique.rsa.t.size = n_size;
423 memcpy(outPublic->unique.rsa.t.buffer, n_bytes, n_size);
424 printf("outPublic->unique.rsa.t.size: %d \n", outPublic->unique.rsa.t.size);
426 if(( policyDigestSize > 0) && (policyDigest != NULL) )
428 memcpy(outPublic->authPolicy.b.buffer, policyDigest, policyDigestSize);
429 outPublic->authPolicy.b.size = policyDigestSize;
433 else if( (dataToSeal != NULL) && (dataSize > 0) )
435 /* Symmetric Key Creation */
437 outSens->authValue.b.size = authSize;
438 memcpy(outSens->authValue.b.buffer, auth, authSize);
440 outSens->seedValue.b.size = 32;
441 memcpy(outSens->seedValue.b.buffer, seed, 32);
443 outSens->sensitive.bits.b.size = dataSize;
444 memcpy(outSens->sensitive.bits.b.buffer, dataToSeal, dataSize);
446 outSens->sensitiveType = TPM_ALG_KEYEDHASH;
448 outPublic->objectAttributes.val = 0;
449 outPublic->objectAttributes.adminWithPolicy = 1;
450 outPublic->nameAlg = TPM_ALG_SHA256;
451 memcpy(outPublic->unique.keyedHash.b.buffer, dataToSeal, dataSize);
452 outPublic->unique.keyedHash.b.size = dataSize;
454 if(( policyDigestSize > 0) && (policyDigest != NULL) )
456 memcpy(outPublic->authPolicy.b.buffer, policyDigest, policyDigestSize);
457 outPublic->authPolicy.b.size = policyDigestSize;
460 outPublic->type = TPM_ALG_KEYEDHASH;
461 outPublic->nameAlg = TPM_ALG_SHA256;
463 outPublic->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
464 outPublic->parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_NULL;
466 memcpy(hash_buffer.b.buffer, seed, 32);
467 memcpy(hash_buffer.b.buffer+32, dataToSeal, dataSize);
468 SHA256(hash_buffer.b.buffer, 32+dataSize, outPublic->unique.keyedHash.b.buffer);
469 outPublic->unique.keyedHash.b.size = 32;
475 TSS2_RC swKeyDuplicate(
477 RSA* rsaKey, TPM2B_PUBLIC* parentKeyPublicPortion, UINT8* policyDigest, int digestSize,
479 TPM2B_DATA* encryptionKey, TPM2B_PUBLIC *swKeyPublic, TPM2B_PRIVATE *swKeyPrivate, TPM2B_ENCRYPTED_SECRET *encSymSeed)
481 TPM_RC rval = TPM_RC_SUCCESS;
483 TPM2B_SENSITIVE swKeySens;
484 TPM2B_ENCRYPTED_SECRET plainSymSeed = {{0}};
485 TPM2B_PUBLIC_KEY_RSA protectorRsaPub = {{0}};
487 INIT_SIMPLE_TPM2B_SIZE(swKeySens);
488 INIT_SIMPLE_TPM2B_SIZE(*swKeyPublic);
490 // Fill the protector data
491 memcpy(protectorRsaPub.b.buffer, parentKeyPublicPortion->t.publicArea.unique.rsa.t.buffer, parentKeyPublicPortion->t.publicArea.unique.rsa.t.size);
492 protectorRsaPub.b.size = parentKeyPublicPortion->t.publicArea.unique.rsa.t.size;
494 // Fill Symmetric seed
495 plainSymSeed.b.size = encryptionKey->b.size = 16;
496 encSymSeed->b.size = 16;
498 // Create SW Data Object Public and Sensitive portions
499 CreateSwDataObject2B(auth, 0, rsaKey, policyDigest, digestSize, swKeyPublic, &swKeySens);
501 // Create Duplication blob needed for Import
502 CreateDuplicationBlob2B( &protectorRsaPub, swKeyPublic, &swKeySens, &plainSymSeed, 0, encryptionKey, 1, swKeyPrivate, encSymSeed);