1 | // =================================================================== |
---|
2 | // |
---|
3 | // Copyright (c) 2005, Intel Corp. |
---|
4 | // All rights reserved. |
---|
5 | // |
---|
6 | // Redistribution and use in source and binary forms, with or without |
---|
7 | // modification, are permitted provided that the following conditions |
---|
8 | // are met: |
---|
9 | // |
---|
10 | // * Redistributions of source code must retain the above copyright |
---|
11 | // notice, this list of conditions and the following disclaimer. |
---|
12 | // * Redistributions in binary form must reproduce the above |
---|
13 | // copyright notice, this list of conditions and the following |
---|
14 | // disclaimer in the documentation and/or other materials provided |
---|
15 | // with the distribution. |
---|
16 | // * Neither the name of Intel Corporation nor the names of its |
---|
17 | // contributors may be used to endorse or promote products derived |
---|
18 | // from this software without specific prior written permission. |
---|
19 | // |
---|
20 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
---|
21 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
---|
22 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
---|
23 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
---|
24 | // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
---|
25 | // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
---|
26 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
---|
27 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
---|
29 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
---|
30 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
---|
31 | // OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
32 | // =================================================================== |
---|
33 | // |
---|
34 | // vtpm_manager.c |
---|
35 | // |
---|
36 | // This file will house the main logic of the VTPM Manager |
---|
37 | // |
---|
38 | // ================================================================== |
---|
39 | |
---|
40 | #include <stdio.h> |
---|
41 | #include <unistd.h> |
---|
42 | #include <string.h> |
---|
43 | |
---|
44 | #include "vtpm_manager.h" |
---|
45 | #include "vtpmpriv.h" |
---|
46 | #include "vtsp.h" |
---|
47 | #include "bsg.h" |
---|
48 | #include "hashtable.h" |
---|
49 | #include "hashtable_itr.h" |
---|
50 | |
---|
51 | #include "log.h" |
---|
52 | #include "buffer.h" |
---|
53 | |
---|
54 | VTPM_GLOBALS *vtpm_globals=NULL; |
---|
55 | |
---|
56 | // --------------------------- Well Known Auths -------------------------- |
---|
57 | const TPM_AUTHDATA SRK_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
---|
58 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
---|
59 | |
---|
60 | #ifdef WELL_KNOWN_OWNER_AUTH |
---|
61 | static BYTE FIXED_OWNER_AUTH[20] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
---|
62 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
---|
63 | #endif |
---|
64 | |
---|
65 | |
---|
66 | // -------------------------- Hash table functions -------------------- |
---|
67 | |
---|
68 | static unsigned int hashfunc32(void *ky) { |
---|
69 | return (* (UINT32 *) ky); |
---|
70 | } |
---|
71 | |
---|
72 | static int equals32(void *k1, void *k2) { |
---|
73 | return (*(UINT32 *) k1 == *(UINT32 *) k2); |
---|
74 | } |
---|
75 | |
---|
76 | // --------------------------- Functions ------------------------------ |
---|
77 | |
---|
78 | TPM_RESULT VTPM_Create_Manager(){ |
---|
79 | |
---|
80 | TPM_RESULT status = TPM_SUCCESS; |
---|
81 | |
---|
82 | // Generate Auth for Owner |
---|
83 | #ifdef WELL_KNOWN_OWNER_AUTH |
---|
84 | memcpy(vtpm_globals->owner_usage_auth, FIXED_OWNER_AUTH, sizeof(TPM_AUTHDATA)); |
---|
85 | #else |
---|
86 | Crypto_GetRandom(vtpm_globals->owner_usage_auth, sizeof(TPM_AUTHDATA) ); |
---|
87 | #endif |
---|
88 | |
---|
89 | // Take Owership of TPM |
---|
90 | CRYPTO_INFO ek_cryptoInfo; |
---|
91 | |
---|
92 | status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, &ek_cryptoInfo); |
---|
93 | |
---|
94 | // If we can read PubEK then there is no owner and we should take it. |
---|
95 | // We use the abilty to read the pubEK to flag that the TPM is owned. |
---|
96 | // FIXME: Change to just trying to take ownership and react to the status |
---|
97 | if (status == TPM_SUCCESS) { |
---|
98 | TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle, |
---|
99 | (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, |
---|
100 | &SRK_AUTH, |
---|
101 | &ek_cryptoInfo, |
---|
102 | &vtpm_globals->keyAuth)); |
---|
103 | |
---|
104 | TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle, |
---|
105 | (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, |
---|
106 | &vtpm_globals->keyAuth)); |
---|
107 | } else { |
---|
108 | vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an owner. Creating Keys off existing SRK.\n"); |
---|
109 | } |
---|
110 | |
---|
111 | // Generate storage key's auth |
---|
112 | Crypto_GetRandom( &vtpm_globals->storage_key_usage_auth, |
---|
113 | sizeof(TPM_AUTHDATA) ); |
---|
114 | |
---|
115 | TCS_AUTH osap; |
---|
116 | TPM_AUTHDATA sharedsecret; |
---|
117 | |
---|
118 | TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle, |
---|
119 | TPM_ET_KEYHANDLE, |
---|
120 | TPM_SRK_KEYHANDLE, |
---|
121 | &SRK_AUTH, |
---|
122 | &sharedsecret, |
---|
123 | &osap) ); |
---|
124 | |
---|
125 | osap.fContinueAuthSession = FALSE; |
---|
126 | |
---|
127 | |
---|
128 | TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle, |
---|
129 | TPM_KEY_BIND, |
---|
130 | (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth, |
---|
131 | TPM_SRK_KEYHANDLE, |
---|
132 | (const TPM_AUTHDATA*)&sharedsecret, |
---|
133 | &vtpm_globals->storageKeyWrap, |
---|
134 | &osap) ); |
---|
135 | |
---|
136 | // Generate boot key's auth |
---|
137 | TPM_AUTHDATA bootKeyWrapAuth; |
---|
138 | memset(&bootKeyWrapAuth, 0, sizeof(bootKeyWrapAuth)); |
---|
139 | |
---|
140 | TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle, |
---|
141 | TPM_ET_KEYHANDLE, |
---|
142 | TPM_SRK_KEYHANDLE, |
---|
143 | &SRK_AUTH, |
---|
144 | &sharedsecret, |
---|
145 | &osap) ); |
---|
146 | |
---|
147 | osap.fContinueAuthSession = FALSE; |
---|
148 | |
---|
149 | // FIXME: This key protects the global secrets on disk. It should use TPM |
---|
150 | // PCR bindings to limit its use to legit configurations. |
---|
151 | // Current binds are open, implying a Trusted VM contains this code. |
---|
152 | // If this VM is not Trusted, use measurement and PCR bindings. |
---|
153 | TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle, |
---|
154 | TPM_KEY_BIND, |
---|
155 | (const TPM_AUTHDATA*)&bootKeyWrapAuth, |
---|
156 | TPM_SRK_KEYHANDLE, |
---|
157 | (const TPM_AUTHDATA*)&sharedsecret, |
---|
158 | &vtpm_globals->bootKeyWrap, |
---|
159 | &osap) ); |
---|
160 | |
---|
161 | // Populate CRYPTO_INFO vtpm_globals->bootKey. This does not load it into the TPM |
---|
162 | TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle, |
---|
163 | TPM_SRK_KEYHANDLE, |
---|
164 | &vtpm_globals->bootKeyWrap, |
---|
165 | NULL, |
---|
166 | NULL, |
---|
167 | NULL, |
---|
168 | &vtpm_globals->bootKey, |
---|
169 | TRUE ) ); |
---|
170 | |
---|
171 | TPMTRYRETURN( VTSP_SaveState(vtpm_globals->manager_tcs_handle) ); |
---|
172 | goto egress; |
---|
173 | |
---|
174 | abort_egress: |
---|
175 | exit(1); |
---|
176 | |
---|
177 | egress: |
---|
178 | vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM manager (Status = %d).\n", status); |
---|
179 | return status; |
---|
180 | |
---|
181 | } |
---|
182 | |
---|
183 | /////////////////////////////////////////////////////////////////////////////// |
---|
184 | TPM_RESULT VTPM_Init_Manager() { |
---|
185 | TPM_RESULT status = TPM_FAIL, serviceStatus; |
---|
186 | BYTE *randomsead; |
---|
187 | UINT32 randomsize=256; |
---|
188 | |
---|
189 | if ((vtpm_globals = (VTPM_GLOBALS *) malloc(sizeof(VTPM_GLOBALS))) == NULL){ |
---|
190 | status = TPM_FAIL; |
---|
191 | goto abort_egress; |
---|
192 | } |
---|
193 | memset(vtpm_globals, 0, sizeof(VTPM_GLOBALS)); |
---|
194 | |
---|
195 | vtpm_globals->connected_dmis = 0; |
---|
196 | |
---|
197 | if ((vtpm_globals->dmi_map = create_hashtable(10, hashfunc32, equals32)) == NULL){ |
---|
198 | status = TPM_FAIL; |
---|
199 | goto abort_egress; |
---|
200 | } |
---|
201 | |
---|
202 | // Create new TCS Object |
---|
203 | vtpm_globals->manager_tcs_handle = 0; |
---|
204 | |
---|
205 | TPMTRYRETURN(TCS_create()); |
---|
206 | |
---|
207 | // Create TCS Context for service |
---|
208 | TPMTRYRETURN( TCS_OpenContext(&vtpm_globals->manager_tcs_handle ) ); |
---|
209 | |
---|
210 | TPMTRYRETURN( TCSP_GetRandom(vtpm_globals->manager_tcs_handle, |
---|
211 | &randomsize, |
---|
212 | &randomsead)); |
---|
213 | |
---|
214 | Crypto_Init(randomsead, randomsize); |
---|
215 | TPMTRYRETURN( TCS_FreeMemory (vtpm_globals->manager_tcs_handle, randomsead)); |
---|
216 | |
---|
217 | // Create OIAP session for service's authorized commands |
---|
218 | TPMTRYRETURN( VTSP_OIAP( vtpm_globals->manager_tcs_handle, |
---|
219 | &vtpm_globals->keyAuth) ); |
---|
220 | vtpm_globals->keyAuth.fContinueAuthSession = TRUE; |
---|
221 | |
---|
222 | vtpm_globals->mig_keys = NULL; |
---|
223 | |
---|
224 | // If fails, create new Manager. |
---|
225 | serviceStatus = VTPM_LoadManagerData(); |
---|
226 | if (serviceStatus == TPM_IOERROR) { |
---|
227 | vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming first time initialization.\n"); |
---|
228 | TPMTRYRETURN( VTPM_Create_Manager() ); |
---|
229 | TPMTRYRETURN( VTPM_SaveManagerData() ); |
---|
230 | } else if (serviceStatus != TPM_SUCCESS) { |
---|
231 | vtpmlogerror(VTPM_LOG_VTPM, "Failed to read existing manager file"); |
---|
232 | exit(1); |
---|
233 | } |
---|
234 | |
---|
235 | //Load Storage Key |
---|
236 | TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle, |
---|
237 | TPM_SRK_KEYHANDLE, |
---|
238 | &vtpm_globals->storageKeyWrap, |
---|
239 | &SRK_AUTH, |
---|
240 | &vtpm_globals->storageKeyHandle, |
---|
241 | &vtpm_globals->keyAuth, |
---|
242 | &vtpm_globals->storageKey, |
---|
243 | FALSE ) ); |
---|
244 | |
---|
245 | // Create entry for Dom0 for control messages |
---|
246 | TPMTRYRETURN( VTPM_Handle_New_DMI(NULL) ); |
---|
247 | |
---|
248 | goto egress; |
---|
249 | |
---|
250 | abort_egress: |
---|
251 | egress: |
---|
252 | |
---|
253 | return(status); |
---|
254 | } |
---|
255 | |
---|
256 | /////////////////////////////////////////////////////////////////////////////// |
---|
257 | void VTPM_Stop_Manager() { |
---|
258 | VTPM_DMI_RESOURCE *dmi_res; |
---|
259 | struct hashtable_itr *dmi_itr; |
---|
260 | |
---|
261 | // Close all the TCS contexts. TCS should evict keys based on this |
---|
262 | if (hashtable_count(vtpm_globals->dmi_map) > 0) { |
---|
263 | dmi_itr = hashtable_iterator(vtpm_globals->dmi_map); |
---|
264 | do { |
---|
265 | dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr); |
---|
266 | if (dmi_res->connected) |
---|
267 | close_dmi( dmi_res ); // Not really interested in return code |
---|
268 | |
---|
269 | } while (hashtable_iterator_advance(dmi_itr)); |
---|
270 | free (dmi_itr); |
---|
271 | } |
---|
272 | |
---|
273 | if ( VTPM_SaveManagerData() != TPM_SUCCESS ) |
---|
274 | vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n"); |
---|
275 | |
---|
276 | TCS_CloseContext(vtpm_globals->manager_tcs_handle); |
---|
277 | TCS_destroy(); |
---|
278 | |
---|
279 | hashtable_destroy(vtpm_globals->dmi_map, 1); |
---|
280 | free(vtpm_globals); |
---|
281 | |
---|
282 | Crypto_Exit(); |
---|
283 | |
---|
284 | vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n"); |
---|
285 | } |
---|