Topics

[PATCH 2/4] tpm2-common: remove interfaces only used by create-tpm2-key

James Bottomley
 

The sensitive to duplicate interface is really only used for key
wrapping, and this is only done at key creation time, not on key
processing, so it has no place in the common code.

When moving to create_tpm2_key.c we change the calling convention to
make it more clear that we're not doing full conversion, merely inner
wrapping the key.

Signed-off-by: James Bottomley <James.Bottomley@...>
---
create_tpm2_key.c | 153 +++++++++++++++++++++++++++++++++++++++++++++++++-----
tpm2-common.c | 136 +-----------------------------------------------
tpm2-common.h | 9 ----
3 files changed, 142 insertions(+), 156 deletions(-)

diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index 2c7f3c1..899e434 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -15,6 +15,8 @@
#include <fcntl.h>
#include <ctype.h>

+#include <arpa/inet.h>
+
#include <sys/stat.h>
#include <sys/mman.h>

@@ -29,6 +31,7 @@
#include TSSINCLUDE(tssutils.h)
#include TSSINCLUDE(tssmarshal.h)
#include TSSINCLUDE(Unmarshal_fp.h)
+#include TSSINCLUDE(tsscrypto.h)
#include TSSINCLUDE(tsscryptoh.h)

#include "tpm2-asn.h"
@@ -134,6 +137,139 @@ int hex2bin(unsigned char *dst, const char *src, size_t count)
return 0;
}

+TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
+ TPMT_PUBLIC *tpmtPublic)
+{
+ TPM_RC rc = 0;
+ uint16_t written = 0;
+ TPMT_HA digest;
+ uint32_t sizeInBytes;
+ uint8_t buffer[MAX_RESPONSE_SIZE];
+
+ /* marshal the TPMT_PUBLIC */
+ if (rc == 0) {
+ INT32 size = MAX_RESPONSE_SIZE;
+ uint8_t *buffer1 = buffer;
+ rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
+ }
+ /* hash the public area */
+ if (rc == 0) {
+ sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
+ digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */
+ /* generate the TPMT_HA */
+ rc = TSS_Hash_Generate(&digest,
+ written, buffer,
+ 0, NULL);
+ }
+ if (rc == 0) {
+ /* copy the digest */
+ memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
+ /* copy the hash algorithm */
+ TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
+ memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
+ /* set the size */
+ name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+ }
+ return rc;
+}
+
+/*
+ * Cut down version of Part 4 Supporting Routines 7.6.3.10
+ *
+ * Hard coded to symmetrically encrypt with aes128 as the inner
+ * wrapper and no outer wrapper but with a prototype that allows
+ * drop in replacement with a tss equivalent
+ */
+TPM_RC tpm2_innerwrap(TPMT_SENSITIVE *s,
+ TPMT_PUBLIC *pub,
+ TPMT_SYM_DEF_OBJECT *symdef,
+ TPM2B_DATA *innerkey,
+ TPM2B_PRIVATE *p)
+{
+ BYTE *buf = p->t.buffer;
+
+ p->t.size = 0;
+ memset(p, 0, sizeof(*p));
+
+ /* hard code AES CFB */
+ if (symdef->algorithm == TPM_ALG_AES
+ && symdef->mode.aes == TPM_ALG_CFB) {
+ TPMT_HA hash;
+ const TPM_ALG_ID nalg = pub->nameAlg;
+ const int hlen = TSS_GetDigestSize(nalg);
+ TPM2B *digest = (TPM2B *)buf;
+ TPM2B *s2b;
+ int32_t size;
+ unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
+ UINT16 bsize, written = 0;
+ TPM2B_NAME name;
+
+ /* WARNING: don't use the static null_iv trick here:
+ * the AES routines alter the passed in iv */
+ memset(null_iv, 0, sizeof(null_iv));
+
+ /* reserve space for hash before the encrypted sensitive */
+ bsize = sizeof(digest->size) + hlen;
+ buf += bsize;
+ p->t.size += bsize;
+ s2b = (TPM2B *)buf;
+
+ /* marshal the digest size */
+ buf = (BYTE *)&digest->size;
+ bsize = hlen;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ /* marshal the unencrypted sensitive in place */
+ size = sizeof(*s);
+ bsize = 0;
+ buf = s2b->buffer;
+ TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+ buf = (BYTE *)&s2b->size;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ bsize = bsize + sizeof(s2b->size);
+ p->t.size += bsize;
+
+ tpm2_ObjectPublic_GetName(&name, pub);
+ /* compute hash of unencrypted marshalled sensitive and
+ * write to the digest buffer */
+ hash.hashAlg = nalg;
+ TSS_Hash_Generate(&hash, bsize, s2b,
+ name.t.size, name.t.name,
+ 0, NULL);
+ memcpy(digest->buffer, &hash.digest, hlen);
+
+ /* encrypt hash and sensitive in place */
+ TSS_AES_EncryptCFB(p->t.buffer,
+ symdef->keyBits.aes,
+ innerkey->b.buffer,
+ null_iv,
+ p->t.size,
+ p->t.buffer);
+ } else if (symdef->algorithm == TPM_ALG_NULL) {
+ TPM2B *s2b = (TPM2B *)buf;
+ int32_t size = sizeof(*s);
+ UINT16 bsize = 0, written = 0;
+
+ buf = s2b->buffer;
+
+ /* marshal the unencrypted sensitive in place */
+ TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+ buf = (BYTE *)&s2b->size;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ p->b.size += bsize + sizeof(s2b->size);
+ } else {
+ printf("Unknown symmetric algorithm\n");
+ return TPM_RC_SYMMETRIC;
+ }
+
+ return TPM_RC_SUCCESS;
+}
+
TPM_RC
parse_policy_file(const char *policy_file, STACK_OF(TSSOPTPOLICY) *sk,
char *auth, TPMT_HA *digest)
@@ -827,7 +963,6 @@ int main(int argc, char **argv)
if (wrap) {
EVP_PKEY *pkey;
TPMT_SENSITIVE s;
- TPM2B_NAME name;

/* may be needed to decrypt the key */
OpenSSL_add_all_ciphers();
@@ -878,19 +1013,13 @@ int main(int argc, char **argv)

/* set the NODA flag */
iin.objectPublic.publicArea.objectAttributes.val |= noda;
- rc = tpm2_ObjectPublic_GetName(&name,
- &iin.objectPublic.publicArea);
- if (rc) {
- reason = "tpm2_ObjectPublic_GetName";
- goto out_flush;
- }

- rc = tpm2_SensitiveToDuplicate(&s, &name, name_alg, NULL,
- &iin.symmetricAlg,
- &iin.encryptionKey,
- &iin.duplicate);
+ rc = tpm2_innerwrap(&s, &iin.objectPublic.publicArea,
+ &iin.symmetricAlg,
+ &iin.encryptionKey,
+ &iin.duplicate);
if (rc) {
- reason = "tpm2_SensitiveToDuplicate";
+ reason = "tpm2_innerwrap";
goto out_flush;
}

diff --git a/tpm2-common.c b/tpm2-common.c
index 9d1737b..bf950ec 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -8,16 +8,14 @@
#include <string.h>
#include <unistd.h>

-#include <arpa/inet.h>
-
#include <openssl/evp.h>
#include <openssl/rsa.h>
+#include <openssl/ec.h>

#define TSSINCLUDE(x) < TSS_INCLUDE/x >
#include TSSINCLUDE(tss.h)
#include TSSINCLUDE(tssresponsecode.h)
#include TSSINCLUDE(tssmarshal.h)
-#include TSSINCLUDE(tsscrypto.h)
#include TSSINCLUDE(tsscryptoh.h)
#include TSSINCLUDE(Unmarshal_fp.h)

@@ -739,138 +737,6 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
return rc;
}

-/*
- * Cut down version of Part 4 Supporting Routines 7.6.3.10
- *
- * Hard coded to symmetrically encrypt with aes128 as the inner
- * wrapper and no outer wrapper but with a prototype that allows
- * drop in replacement with a tss equivalent
- */
-TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s,
- TPM2B_NAME *name,
- TPM_ALG_ID nalg,
- TPM2B_SEED *seed,
- TPMT_SYM_DEF_OBJECT *symdef,
- TPM2B_DATA *innerkey,
- TPM2B_PRIVATE *p)
-{
- BYTE *buf = p->t.buffer;
-
- p->t.size = 0;
- memset(p, 0, sizeof(*p));
-
- /* hard code AES CFB */
- if (symdef->algorithm == TPM_ALG_AES
- && symdef->mode.aes == TPM_ALG_CFB) {
- TPMT_HA hash;
- const int hlen = TSS_GetDigestSize(nalg);
- TPM2B *digest = (TPM2B *)buf;
- TPM2B *s2b;
- int32_t size;
- unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
- UINT16 bsize, written = 0;
-
- /* WARNING: don't use the static null_iv trick here:
- * the AES routines alter the passed in iv */
- memset(null_iv, 0, sizeof(null_iv));
-
- /* reserve space for hash before the encrypted sensitive */
- bsize = sizeof(digest->size) + hlen;
- buf += bsize;
- p->t.size += bsize;
- s2b = (TPM2B *)buf;
-
- /* marshal the digest size */
- buf = (BYTE *)&digest->size;
- bsize = hlen;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- /* marshal the unencrypted sensitive in place */
- size = sizeof(*s);
- bsize = 0;
- buf = s2b->buffer;
- TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
- buf = (BYTE *)&s2b->size;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- bsize = bsize + sizeof(s2b->size);
- p->t.size += bsize;
-
- /* compute hash of unencrypted marshalled sensitive and
- * write to the digest buffer */
- hash.hashAlg = nalg;
- TSS_Hash_Generate(&hash, bsize, s2b,
- name->t.size, name->t.name,
- 0, NULL);
- memcpy(digest->buffer, &hash.digest, hlen);
-
- /* encrypt hash and sensitive in place */
- TSS_AES_EncryptCFB(p->t.buffer,
- symdef->keyBits.aes,
- innerkey->b.buffer,
- null_iv,
- p->t.size,
- p->t.buffer);
- } else if (symdef->algorithm == TPM_ALG_NULL) {
- TPM2B *s2b = (TPM2B *)buf;
- int32_t size = sizeof(*s);
- UINT16 bsize = 0, written = 0;
-
- buf = s2b->buffer;
-
- /* marshal the unencrypted sensitive in place */
- TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
- buf = (BYTE *)&s2b->size;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- p->b.size += bsize + sizeof(s2b->size);
- } else {
- printf("Unknown symmetric algorithm\n");
- return TPM_RC_SYMMETRIC;
- }
-
- return TPM_RC_SUCCESS;
-}
-
-TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
- TPMT_PUBLIC *tpmtPublic)
-{
- TPM_RC rc = 0;
- uint16_t written = 0;
- TPMT_HA digest;
- uint32_t sizeInBytes;
- uint8_t buffer[MAX_RESPONSE_SIZE];
-
- /* marshal the TPMT_PUBLIC */
- if (rc == 0) {
- INT32 size = MAX_RESPONSE_SIZE;
- uint8_t *buffer1 = buffer;
- rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
- }
- /* hash the public area */
- if (rc == 0) {
- sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
- digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */
- /* generate the TPMT_HA */
- rc = TSS_Hash_Generate(&digest,
- written, buffer,
- 0, NULL);
- }
- if (rc == 0) {
- /* copy the digest */
- memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
- /* copy the hash algorithm */
- TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
- memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
- /* set the size */
- name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
- }
- return rc;
-}
-
TPMI_ECC_CURVE tpm2_curve_name_to_TPMI(const char *name)
{
int i;
diff --git a/tpm2-common.h b/tpm2-common.h
index 1cf3b23..6111243 100644
--- a/tpm2-common.h
+++ b/tpm2-common.h
@@ -23,15 +23,6 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
TPM_ALG_ID name_alg);
TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
TPM_HANDLE bind, const char *auth);
-TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s,
- TPM2B_NAME *name,
- TPM_ALG_ID nalg,
- TPM2B_SEED *seed,
- TPMT_SYM_DEF_OBJECT *symdef,
- TPM2B_DATA *innerkey,
- TPM2B_PRIVATE *p);
-TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
- TPMT_PUBLIC *tpmtPublic);
TPMI_ECC_CURVE tpm2_curve_name_to_TPMI(const char *name);
int tpm2_curve_name_to_nid(TPMI_ECC_CURVE curve);
TPMI_ECC_CURVE tpm2_nid_to_curve_name(int nid);
--
2.16.4

Fredrik Ternerot
 

On Wed, Nov 14, 2018 at 4:56 PM James Bottomley
<James.Bottomley@...> wrote:

The sensitive to duplicate interface is really only used for key
wrapping, and this is only done at key creation time, not on key
processing, so it has no place in the common code.

When moving to create_tpm2_key.c we change the calling convention to
make it more clear that we're not doing full conversion, merely inner
wrapping the key.

Signed-off-by: James Bottomley <James.Bottomley@...>
---
create_tpm2_key.c | 153 +++++++++++++++++++++++++++++++++++++++++++++++++-----
tpm2-common.c | 136 +-----------------------------------------------
tpm2-common.h | 9 ----
3 files changed, 142 insertions(+), 156 deletions(-)

diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index 2c7f3c1..899e434 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -15,6 +15,8 @@
#include <fcntl.h>
#include <ctype.h>

+#include <arpa/inet.h>
+
#include <sys/stat.h>
#include <sys/mman.h>

@@ -29,6 +31,7 @@
#include TSSINCLUDE(tssutils.h)
#include TSSINCLUDE(tssmarshal.h)
#include TSSINCLUDE(Unmarshal_fp.h)
+#include TSSINCLUDE(tsscrypto.h)
#include TSSINCLUDE(tsscryptoh.h)

#include "tpm2-asn.h"
@@ -134,6 +137,139 @@ int hex2bin(unsigned char *dst, const char *src, size_t count)
return 0;
}

+TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
+ TPMT_PUBLIC *tpmtPublic)
+{
+ TPM_RC rc = 0;
+ uint16_t written = 0;
+ TPMT_HA digest;
+ uint32_t sizeInBytes;
+ uint8_t buffer[MAX_RESPONSE_SIZE];
+
+ /* marshal the TPMT_PUBLIC */
+ if (rc == 0) {
+ INT32 size = MAX_RESPONSE_SIZE;
+ uint8_t *buffer1 = buffer;
+ rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
+ }
+ /* hash the public area */
+ if (rc == 0) {
+ sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
+ digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */
+ /* generate the TPMT_HA */
+ rc = TSS_Hash_Generate(&digest,
+ written, buffer,
+ 0, NULL);
+ }
+ if (rc == 0) {
+ /* copy the digest */
+ memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
+ /* copy the hash algorithm */
+ TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
+ memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
+ /* set the size */
+ name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+ }
+ return rc;
+}
+
+/*
+ * Cut down version of Part 4 Supporting Routines 7.6.3.10
I think this comment is confusing since neither the function name nor
the prototype follows the supporting routine anymore. I suggest to
either clarify or remove it.

+ *
+ * Hard coded to symmetrically encrypt with aes128 as the inner
+ * wrapper and no outer wrapper but with a prototype that allows
+ * drop in replacement with a tss equivalent
+ */
+TPM_RC tpm2_innerwrap(TPMT_SENSITIVE *s,
+ TPMT_PUBLIC *pub,
+ TPMT_SYM_DEF_OBJECT *symdef,
+ TPM2B_DATA *innerkey,
+ TPM2B_PRIVATE *p)
+{
+ BYTE *buf = p->t.buffer;
+
+ p->t.size = 0;
+ memset(p, 0, sizeof(*p));
+
+ /* hard code AES CFB */
+ if (symdef->algorithm == TPM_ALG_AES
+ && symdef->mode.aes == TPM_ALG_CFB) {
+ TPMT_HA hash;
+ const TPM_ALG_ID nalg = pub->nameAlg;
+ const int hlen = TSS_GetDigestSize(nalg);
+ TPM2B *digest = (TPM2B *)buf;
+ TPM2B *s2b;
+ int32_t size;
+ unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
+ UINT16 bsize, written = 0;
+ TPM2B_NAME name;
+
+ /* WARNING: don't use the static null_iv trick here:
+ * the AES routines alter the passed in iv */
+ memset(null_iv, 0, sizeof(null_iv));
+
+ /* reserve space for hash before the encrypted sensitive */
+ bsize = sizeof(digest->size) + hlen;
+ buf += bsize;
+ p->t.size += bsize;
+ s2b = (TPM2B *)buf;
+
+ /* marshal the digest size */
+ buf = (BYTE *)&digest->size;
+ bsize = hlen;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ /* marshal the unencrypted sensitive in place */
+ size = sizeof(*s);
+ bsize = 0;
+ buf = s2b->buffer;
+ TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+ buf = (BYTE *)&s2b->size;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ bsize = bsize + sizeof(s2b->size);
+ p->t.size += bsize;
+
+ tpm2_ObjectPublic_GetName(&name, pub);
+ /* compute hash of unencrypted marshalled sensitive and
+ * write to the digest buffer */
+ hash.hashAlg = nalg;
+ TSS_Hash_Generate(&hash, bsize, s2b,
+ name.t.size, name.t.name,
+ 0, NULL);
+ memcpy(digest->buffer, &hash.digest, hlen);
+
+ /* encrypt hash and sensitive in place */
+ TSS_AES_EncryptCFB(p->t.buffer,
+ symdef->keyBits.aes,
+ innerkey->b.buffer,
+ null_iv,
+ p->t.size,
+ p->t.buffer);
+ } else if (symdef->algorithm == TPM_ALG_NULL) {
+ TPM2B *s2b = (TPM2B *)buf;
+ int32_t size = sizeof(*s);
+ UINT16 bsize = 0, written = 0;
+
+ buf = s2b->buffer;
+
+ /* marshal the unencrypted sensitive in place */
+ TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+ buf = (BYTE *)&s2b->size;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+
+ p->b.size += bsize + sizeof(s2b->size);
+ } else {
+ printf("Unknown symmetric algorithm\n");
+ return TPM_RC_SYMMETRIC;
+ }
+
+ return TPM_RC_SUCCESS;
+}
+
TPM_RC
parse_policy_file(const char *policy_file, STACK_OF(TSSOPTPOLICY) *sk,
char *auth, TPMT_HA *digest)
@@ -827,7 +963,6 @@ int main(int argc, char **argv)
if (wrap) {
EVP_PKEY *pkey;
TPMT_SENSITIVE s;
- TPM2B_NAME name;

/* may be needed to decrypt the key */
OpenSSL_add_all_ciphers();
@@ -878,19 +1013,13 @@ int main(int argc, char **argv)

/* set the NODA flag */
iin.objectPublic.publicArea.objectAttributes.val |= noda;
- rc = tpm2_ObjectPublic_GetName(&name,
- &iin.objectPublic.publicArea);
- if (rc) {
- reason = "tpm2_ObjectPublic_GetName";
- goto out_flush;
- }

- rc = tpm2_SensitiveToDuplicate(&s, &name, name_alg, NULL,
- &iin.symmetricAlg,
- &iin.encryptionKey,
- &iin.duplicate);
+ rc = tpm2_innerwrap(&s, &iin.objectPublic.publicArea,
+ &iin.symmetricAlg,
+ &iin.encryptionKey,
+ &iin.duplicate);
if (rc) {
- reason = "tpm2_SensitiveToDuplicate";
+ reason = "tpm2_innerwrap";
goto out_flush;
}

diff --git a/tpm2-common.c b/tpm2-common.c
index 9d1737b..bf950ec 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -8,16 +8,14 @@
#include <string.h>
#include <unistd.h>

-#include <arpa/inet.h>
-
#include <openssl/evp.h>
#include <openssl/rsa.h>
+#include <openssl/ec.h>

#define TSSINCLUDE(x) < TSS_INCLUDE/x >
#include TSSINCLUDE(tss.h)
#include TSSINCLUDE(tssresponsecode.h)
#include TSSINCLUDE(tssmarshal.h)
-#include TSSINCLUDE(tsscrypto.h)
#include TSSINCLUDE(tsscryptoh.h)
#include TSSINCLUDE(Unmarshal_fp.h)

@@ -739,138 +737,6 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
return rc;
}

-/*
- * Cut down version of Part 4 Supporting Routines 7.6.3.10
- *
- * Hard coded to symmetrically encrypt with aes128 as the inner
- * wrapper and no outer wrapper but with a prototype that allows
- * drop in replacement with a tss equivalent
- */
-TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s,
- TPM2B_NAME *name,
- TPM_ALG_ID nalg,
- TPM2B_SEED *seed,
- TPMT_SYM_DEF_OBJECT *symdef,
- TPM2B_DATA *innerkey,
- TPM2B_PRIVATE *p)
-{
- BYTE *buf = p->t.buffer;
-
- p->t.size = 0;
- memset(p, 0, sizeof(*p));
-
- /* hard code AES CFB */
- if (symdef->algorithm == TPM_ALG_AES
- && symdef->mode.aes == TPM_ALG_CFB) {
- TPMT_HA hash;
- const int hlen = TSS_GetDigestSize(nalg);
- TPM2B *digest = (TPM2B *)buf;
- TPM2B *s2b;
- int32_t size;
- unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
- UINT16 bsize, written = 0;
-
- /* WARNING: don't use the static null_iv trick here:
- * the AES routines alter the passed in iv */
- memset(null_iv, 0, sizeof(null_iv));
-
- /* reserve space for hash before the encrypted sensitive */
- bsize = sizeof(digest->size) + hlen;
- buf += bsize;
- p->t.size += bsize;
- s2b = (TPM2B *)buf;
-
- /* marshal the digest size */
- buf = (BYTE *)&digest->size;
- bsize = hlen;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- /* marshal the unencrypted sensitive in place */
- size = sizeof(*s);
- bsize = 0;
- buf = s2b->buffer;
- TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
- buf = (BYTE *)&s2b->size;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- bsize = bsize + sizeof(s2b->size);
- p->t.size += bsize;
-
- /* compute hash of unencrypted marshalled sensitive and
- * write to the digest buffer */
- hash.hashAlg = nalg;
- TSS_Hash_Generate(&hash, bsize, s2b,
- name->t.size, name->t.name,
- 0, NULL);
- memcpy(digest->buffer, &hash.digest, hlen);
-
- /* encrypt hash and sensitive in place */
- TSS_AES_EncryptCFB(p->t.buffer,
- symdef->keyBits.aes,
- innerkey->b.buffer,
- null_iv,
- p->t.size,
- p->t.buffer);
- } else if (symdef->algorithm == TPM_ALG_NULL) {
- TPM2B *s2b = (TPM2B *)buf;
- int32_t size = sizeof(*s);
- UINT16 bsize = 0, written = 0;
-
- buf = s2b->buffer;
-
- /* marshal the unencrypted sensitive in place */
- TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
- buf = (BYTE *)&s2b->size;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-
- p->b.size += bsize + sizeof(s2b->size);
- } else {
- printf("Unknown symmetric algorithm\n");
- return TPM_RC_SYMMETRIC;
- }
-
- return TPM_RC_SUCCESS;
-}
-
-TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
- TPMT_PUBLIC *tpmtPublic)
-{
- TPM_RC rc = 0;
- uint16_t written = 0;
- TPMT_HA digest;
- uint32_t sizeInBytes;
- uint8_t buffer[MAX_RESPONSE_SIZE];
-
- /* marshal the TPMT_PUBLIC */
- if (rc == 0) {
- INT32 size = MAX_RESPONSE_SIZE;
- uint8_t *buffer1 = buffer;
- rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size);
- }
- /* hash the public area */
- if (rc == 0) {
- sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg);
- digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */
- /* generate the TPMT_HA */
- rc = TSS_Hash_Generate(&digest,
- written, buffer,
- 0, NULL);
- }
- if (rc == 0) {
- /* copy the digest */
- memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes);
- /* copy the hash algorithm */
- TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg);
- memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH));
- /* set the size */
- name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
- }
- return rc;
-}
-
TPMI_ECC_CURVE tpm2_curve_name_to_TPMI(const char *name)
{
int i;
diff --git a/tpm2-common.h b/tpm2-common.h
index 1cf3b23..6111243 100644
--- a/tpm2-common.h
+++ b/tpm2-common.h
@@ -23,15 +23,6 @@ TPM_RC tpm2_init_session(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
TPM_ALG_ID name_alg);
TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
TPM_HANDLE bind, const char *auth);
-TPM_RC tpm2_SensitiveToDuplicate(TPMT_SENSITIVE *s,
- TPM2B_NAME *name,
- TPM_ALG_ID nalg,
- TPM2B_SEED *seed,
- TPMT_SYM_DEF_OBJECT *symdef,
- TPM2B_DATA *innerkey,
- TPM2B_PRIVATE *p);
-TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
- TPMT_PUBLIC *tpmtPublic);
TPMI_ECC_CURVE tpm2_curve_name_to_TPMI(const char *name);
int tpm2_curve_name_to_nid(TPMI_ECC_CURVE curve);
TPMI_ECC_CURVE tpm2_nid_to_curve_name(int nid);
--
2.16.4



James Bottomley
 

On Thu, 2018-11-15 at 11:09 +0100, Fredrik Ternerot wrote:
On Wed, Nov 14, 2018 at 4:56 PM James Bottomley
<James.Bottomley@...> wrote:

The sensitive to duplicate interface is really only used for key
wrapping, and this is only done at key creation time, not on key
processing, so it has no place in the common code.

When moving to create_tpm2_key.c we change the calling convention
to make it more clear that we're not doing full conversion, merely
inner wrapping the key.

Signed-off-by: James Bottomley <James.Bottomley@...
om>
---
create_tpm2_key.c | 153
+++++++++++++++++++++++++++++++++++++++++++++++++-----
tpm2-common.c | 136 +-----------------------------------------
------
tpm2-common.h | 9 ----
3 files changed, 142 insertions(+), 156 deletions(-)

diff --git a/create_tpm2_key.c b/create_tpm2_key.c
index 2c7f3c1..899e434 100644
--- a/create_tpm2_key.c
+++ b/create_tpm2_key.c
@@ -15,6 +15,8 @@
#include <fcntl.h>
#include <ctype.h>

+#include <arpa/inet.h>
+
#include <sys/stat.h>
#include <sys/mman.h>

@@ -29,6 +31,7 @@
#include TSSINCLUDE(tssutils.h)
#include TSSINCLUDE(tssmarshal.h)
#include TSSINCLUDE(Unmarshal_fp.h)
+#include TSSINCLUDE(tsscrypto.h)
#include TSSINCLUDE(tsscryptoh.h)

#include "tpm2-asn.h"
@@ -134,6 +137,139 @@ int hex2bin(unsigned char *dst, const char
*src, size_t count)
return 0;
}

+TPM_RC tpm2_ObjectPublic_GetName(TPM2B_NAME *name,
+ TPMT_PUBLIC *tpmtPublic)
+{
+ TPM_RC rc = 0;
+ uint16_t written = 0;
+ TPMT_HA digest;
+ uint32_t sizeInBytes;
+ uint8_t buffer[MAX_RESPONSE_SIZE];
+
+ /* marshal the TPMT_PUBLIC */
+ if (rc == 0) {
+ INT32 size = MAX_RESPONSE_SIZE;
+ uint8_t *buffer1 = buffer;
+ rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written,
&buffer1, &size);
+ }
+ /* hash the public area */
+ if (rc == 0) {
+ sizeInBytes = TSS_GetDigestSize(tpmtPublic-
nameAlg);
+ digest.hashAlg = tpmtPublic->nameAlg; /* Name
digest algorithm */
+ /* generate the TPMT_HA */
+ rc = TSS_Hash_Generate(&digest,
+ written, buffer,
+ 0, NULL);
+ }
+ if (rc == 0) {
+ /* copy the digest */
+ memcpy(name->t.name + sizeof(TPMI_ALG_HASH),
(uint8_t *)&digest.digest, sizeInBytes);
+ /* copy the hash algorithm */
+ TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic-
nameAlg);
+ memcpy(name->t.name, (uint8_t *)&nameAlgNbo,
sizeof(TPMI_ALG_HASH));
+ /* set the size */
+ name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH);
+ }
+ return rc;
+}
+
+/*
+ * Cut down version of Part 4 Supporting Routines 7.6.3.10
I think this comment is confusing since neither the function name nor
the prototype follows the supporting routine anymore. I suggest to
either clarify or remove it.
The content of the routine was cut and pasted from the document (at
least the parts we need were) so I do think saying where it came from
is useful. The outer wrapper routine wasn't: I constructed that one by
reading the architecture manual, which is why that one doesn't have a
reference.

James