diff -uprN orig/tpm_emulator-0.4/AUTHORS tpm_emulator/AUTHORS --- orig/tpm_emulator-0.4/AUTHORS 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/AUTHORS 2006-07-24 14:35:35.000000000 -0700 @@ -1,2 +1,3 @@ Mario Strasser Heiko Stamer [DAA] +INTEL Corp <> [Dropped to Ring3] diff -uprN orig/tpm_emulator-0.4/ChangeLog tpm_emulator/ChangeLog --- orig/tpm_emulator-0.4/ChangeLog 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/ChangeLog 2006-07-24 14:35:35.000000000 -0700 @@ -1,3 +1,6 @@ +????-??-?? Intel Corp + * Moved module out of kernel to run as a ring 3 app + 2006-06-23 Mario Strasser * tpm_startup.c: behaviour of ST_CLEAR and storage of persistent data adapted diff -uprN orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c tpm_emulator/crypto/gmp_kernel_wrapper.c --- orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/crypto/gmp_kernel_wrapper.c 2006-07-24 14:35:35.000000000 -0700 @@ -1,5 +1,6 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -24,15 +25,10 @@ int __gmp_junk; void __attribute__ ((regparm(0))) __gmp_assert_fail(const char *filename, int linenum, const char *expr) { - panic(KERN_CRIT TPM_MODULE_NAME "%s:%d: GNU MP assertion failed: %s\n", + error("%s:%d: GNU MP assertion failed: %s\n", filename, linenum, expr); } -void __attribute__ ((regparm(0))) abort(void) -{ - panic(KERN_CRIT TPM_MODULE_NAME "GNU MP abort() was called\n"); -} - /* overwrite GNU MP random functions (used by mpz/millerrabin.c) */ void __attribute__ ((regparm(0))) gmp_randinit(gmp_randstate_t rstate, @@ -77,20 +73,19 @@ void __attribute__ ((regparm(0))) mpz_ur void __attribute__ ((regparm(0))) *kernel_allocate(size_t size) { - void *ret = (void*)kmalloc(size, GFP_KERNEL); - if (!ret) panic(KERN_CRIT TPM_MODULE_NAME - "GMP: cannot allocate memory (size=%u)\n", size); + void *ret = (void*)malloc(size); + if (!ret) error("GMP: cannot allocate memory (size=%Zu)\n", size); return ret; } void __attribute__ ((regparm(0))) *kernel_reallocate(void *oldptr, size_t old_size, size_t new_size) { - void *ret = (void*)kmalloc(new_size, GFP_KERNEL); - if (!ret) panic(KERN_CRIT TPM_MODULE_NAME "GMP: Cannot reallocate memory " - "(old_size=%u new_size=%u)\n", old_size, new_size); + void *ret = (void*)malloc(new_size); + if (!ret) error("GMP: Cannot reallocate memory " + "(old_size=%Zu new_size=%Zu)\n", old_size, new_size); memcpy(ret, oldptr, old_size); - kfree(oldptr); + free(oldptr); return ret; } @@ -99,7 +94,7 @@ void __attribute__ ((regparm(0))) kernel /* overwrite used memory */ if (blk_ptr != NULL) { memset(blk_ptr, 0, blk_size); - kfree(blk_ptr); + free(blk_ptr); } } diff -uprN orig/tpm_emulator-0.4/crypto/rsa.c tpm_emulator/crypto/rsa.c --- orig/tpm_emulator-0.4/crypto/rsa.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/crypto/rsa.c 2006-07-24 14:35:35.000000000 -0700 @@ -1,5 +1,6 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -381,7 +382,7 @@ static int encode_message(int type, uint msg[0] = 0x00; get_random_bytes(&msg[1], SHA1_DIGEST_LENGTH); sha1_init(&ctx); - sha1_update(&ctx, "TCPA", 4); + sha1_update(&ctx, (uint8_t *) "TCPA", 4); sha1_final(&ctx, &msg[1 + SHA1_DIGEST_LENGTH]); memset(&msg[1 + 2 * SHA1_DIGEST_LENGTH], 0x00, msg_len - data_len - 2 * SHA1_DIGEST_LENGTH - 2); @@ -429,7 +430,7 @@ static int decode_message(int type, uint mask_generation(&msg[1], SHA1_DIGEST_LENGTH, &msg[1 + SHA1_DIGEST_LENGTH], msg_len - SHA1_DIGEST_LENGTH - 1); sha1_init(&ctx); - sha1_update(&ctx, "TCPA", 4); + sha1_update(&ctx, (uint8_t *) "TCPA", 4); sha1_final(&ctx, &msg[1]); if (memcmp(&msg[1], &msg[1 + SHA1_DIGEST_LENGTH], SHA1_DIGEST_LENGTH) != 0) return -1; diff -uprN orig/tpm_emulator-0.4/linux_module.c tpm_emulator/linux_module.c --- orig/tpm_emulator-0.4/linux_module.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/linux_module.c 1969-12-31 16:00:00.000000000 -0800 @@ -1,195 +0,0 @@ -/* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser , - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation; either version 2 of the License, - * or (at your option) any later version. - * - * This module is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * $Id: linux_module.c 91 2006-03-13 13:51:41Z mast $ - */ - -#include -#include -#include -#include -#include -#include "linux_module.h" -#include "tpm/tpm_emulator.h" - -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Mario Strasser "); -MODULE_DESCRIPTION("Trusted Platform Module (TPM) Emulator"); -MODULE_SUPPORTED_DEVICE(TPM_DEVICE_NAME); - -/* module startup parameters */ -char *startup = "save"; -module_param(startup, charp, 0444); -MODULE_PARM_DESC(startup, " Sets the startup mode of the TPM. " - "Possible values are 'clear', 'save' (default) and 'deactivated."); -char *storage_file = "/var/tpm/tpm_emulator-1.2.0.2"; -module_param(storage_file, charp, 0644); -MODULE_PARM_DESC(storage_file, " Sets the persistent-data storage " - "file of the TPM."); - -/* TPM lock */ -static struct semaphore tpm_mutex; - -/* TPM command response */ -static struct { - uint8_t *data; - uint32_t size; -} tpm_response; - -/* module state */ -#define STATE_IS_OPEN 0 -static uint32_t module_state; -static struct timespec old_time; - -static int tpm_open(struct inode *inode, struct file *file) -{ - debug("%s()", __FUNCTION__); - if (test_and_set_bit(STATE_IS_OPEN, (void*)&module_state)) return -EBUSY; - return 0; -} - -static int tpm_release(struct inode *inode, struct file *file) -{ - debug("%s()", __FUNCTION__); - clear_bit(STATE_IS_OPEN, (void*)&module_state); - down(&tpm_mutex); - if (tpm_response.data != NULL) { - kfree(tpm_response.data); - tpm_response.data = NULL; - } - up(&tpm_mutex); - return 0; -} - -static ssize_t tpm_read(struct file *file, char *buf, size_t count, loff_t *ppos) -{ - debug("%s(%d)", __FUNCTION__, count); - down(&tpm_mutex); - if (tpm_response.data != NULL) { - count = min(count, (size_t)tpm_response.size - (size_t)*ppos); - count -= copy_to_user(buf, &tpm_response.data[*ppos], count); - *ppos += count; - if ((size_t)tpm_response.size == (size_t)*ppos) { - kfree(tpm_response.data); - tpm_response.data = NULL; - } - } else { - count = 0; - } - up(&tpm_mutex); - return count; -} - -static ssize_t tpm_write(struct file *file, const char *buf, size_t count, loff_t *ppos) -{ - debug("%s(%d)", __FUNCTION__, count); - down(&tpm_mutex); - *ppos = 0; - if (tpm_response.data != NULL) kfree(tpm_response.data); - if (tpm_handle_command(buf, count, &tpm_response.data, - &tpm_response.size) != 0) { - count = -EILSEQ; - tpm_response.data = NULL; - } - up(&tpm_mutex); - return count; -} - -#define TPMIOC_CANCEL _IO('T', 0x00) -#define TPMIOC_TRANSMIT _IO('T', 0x01) - -static int tpm_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) -{ - debug("%s(%d, %p)", __FUNCTION__, cmd, (char*)arg); - if (cmd == TPMIOC_TRANSMIT) { - uint32_t count = ntohl(*(uint32_t*)(arg + 2)); - down(&tpm_mutex); - if (tpm_response.data != NULL) kfree(tpm_response.data); - if (tpm_handle_command((char*)arg, count, &tpm_response.data, - &tpm_response.size) == 0) { - tpm_response.size -= copy_to_user((char*)arg, tpm_response.data, - tpm_response.size); - kfree(tpm_response.data); - tpm_response.data = NULL; - } else { - tpm_response.size = 0; - tpm_response.data = NULL; - } - up(&tpm_mutex); - return tpm_response.size; - } - return -1; -} - -struct file_operations fops = { - .owner = THIS_MODULE, - .open = tpm_open, - .release = tpm_release, - .read = tpm_read, - .write = tpm_write, - .ioctl = tpm_ioctl, -}; - -static struct miscdevice tpm_dev = { - .minor = TPM_DEVICE_MINOR, - .name = TPM_DEVICE_NAME, - .fops = &fops, -}; - -int __init init_tpm_module(void) -{ - int res = misc_register(&tpm_dev); - if (res != 0) { - error("misc_register() failed for minor %d\n", TPM_DEVICE_MINOR); - return res; - } - /* initialize variables */ - sema_init(&tpm_mutex, 1); - module_state = 0; - tpm_response.data = NULL; - old_time = current_kernel_time(); - /* initialize TPM emulator */ - if (!strcmp(startup, "clear")) { - tpm_emulator_init(1); - } else if (!strcmp(startup, "save")) { - tpm_emulator_init(2); - } else if (!strcmp(startup, "deactivated")) { - tpm_emulator_init(3); - } else { - error("invalid startup mode '%s'; must be 'clear', " - "'save' (default) or 'deactivated", startup); - misc_deregister(&tpm_dev); - return -EINVAL; - } - return 0; -} - -void __exit cleanup_tpm_module(void) -{ - tpm_emulator_shutdown(); - misc_deregister(&tpm_dev); - if (tpm_response.data != NULL) kfree(tpm_response.data); -} - -module_init(init_tpm_module); -module_exit(cleanup_tpm_module); - -uint64_t tpm_get_ticks(void) -{ - struct timespec new_time = current_kernel_time(); - uint64_t ticks = (uint64_t)(new_time.tv_sec - old_time.tv_sec) * 1000000 - + (new_time.tv_nsec - old_time.tv_nsec) / 1000; - old_time = new_time; - return (ticks > 0) ? ticks : 1; -} - diff -uprN orig/tpm_emulator-0.4/linux_module.h tpm_emulator/linux_module.h --- orig/tpm_emulator-0.4/linux_module.h 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/linux_module.h 2006-07-24 14:35:35.000000000 -0700 @@ -1,5 +1,6 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -17,54 +18,62 @@ #ifndef _LINUX_MODULE_H_ #define _LINUX_MODULE_H_ -#include -#include -#include +#include +#include +#include +#include #include -#include -#include -#include -#include -/* module settings */ +#include +#define __BYTEORDER_HAS_U64__ +#ifdef LITTLE_ENDIAN + #include +#else + #include +#endif +/* module settings */ +#define min(A,B) ((A)<(B)?(A):(B)) +#ifndef STR #define STR(s) __STR__(s) #define __STR__(s) #s +#endif #include "tpm_version.h" #define TPM_DEVICE_MINOR 224 #define TPM_DEVICE_NAME "tpm" #define TPM_MODULE_NAME "tpm_emulator" -/* debug and log output functions */ - #ifdef DEBUG -#define debug(fmt, ...) printk(KERN_DEBUG "%s %s:%d: Debug: " fmt "\n", \ - TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) +#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \ + __FILE__, __LINE__, ## __VA_ARGS__) #else #define debug(fmt, ...) #endif -#define info(fmt, ...) printk(KERN_INFO "%s %s:%d: Info: " fmt "\n", \ - TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -#define error(fmt, ...) printk(KERN_ERR "%s %s:%d: Error: " fmt "\n", \ - TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -#define alert(fmt, ...) printk(KERN_ALERT "%s %s:%d: Alert: " fmt "\n", \ - TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) +#define info(fmt, ...) printf("TPMD: %s:%d: Info: " fmt "\n", \ + __FILE__, __LINE__, ## __VA_ARGS__) +#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \ + __FILE__, __LINE__, ## __VA_ARGS__) +#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \ + __FILE__, __LINE__, ## __VA_ARGS__) /* memory allocation */ static inline void *tpm_malloc(size_t size) { - return kmalloc(size, GFP_KERNEL); + return malloc(size); } static inline void tpm_free(const void *ptr) { - if (ptr != NULL) kfree(ptr); + if (ptr != NULL) free( (void *) ptr); } /* random numbers */ +//FIXME; +void get_random_bytes(void *buf, int nbytes); + static inline void tpm_get_random_bytes(void *buf, int nbytes) { get_random_bytes(buf, nbytes); @@ -84,9 +93,9 @@ uint64_t tpm_get_ticks(void); #define CPU_TO_LE16(x) __cpu_to_le16(x) #define BE64_TO_CPU(x) __be64_to_cpu(x) -#define LE64_TO_CPU(x) __be64_to_cpu(x) +#define LE64_TO_CPU(x) __le64_to_cpu(x) #define BE32_TO_CPU(x) __be32_to_cpu(x) -#define LE32_TO_CPU(x) __be32_to_cpu(x) +#define LE32_TO_CPU(x) __le32_to_cpu(x) #define BE16_TO_CPU(x) __be16_to_cpu(x) #define LE16_TO_CPU(x) __le16_to_cpu(x) diff -uprN orig/tpm_emulator-0.4/Makefile tpm_emulator/Makefile --- orig/tpm_emulator-0.4/Makefile 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/Makefile 2006-07-24 14:35:35.000000000 -0700 @@ -1,24 +1,40 @@ # Software-Based Trusted Platform Module (TPM) Emulator for Linux # Copyright (C) 2004 Mario Strasser +# Copyright (C) 2006 INTEL Corp. # # $Id: Makefile 115 2006-06-23 10:36:44Z mast $ -# kernel settings -KERNEL_RELEASE := $(shell uname -r) -KERNEL_BUILD := /lib/modules/$(KERNEL_RELEASE)/build -MOD_SUBDIR := misc +COMPILE_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/) # module settings -MODULE_NAME := tpm_emulator +BIN := tpm_emulator VERSION_MAJOR := 0 VERSION_MINOR := 4 VERSION_BUILD := $(shell date +"%s") -# enable/disable DEBUG messages -EXTRA_CFLAGS += -Wall -DDEBUG -g +# Installation program and options +INSTALL = install +INSTALL_PROG = $(INSTALL) -m0755 +INSTALL_DIR = $(INSTALL) -d -m0755 + +# Xen tools installation directory +TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin + +CC := gcc +CFLAGS += -g -Wall $(INCLUDE) -DDEBUG +CFLAGS += -I. -Itpm + +# Is the simulator running in it's own vm? +#CFLAGS += -DVTPM_MULTI_VM + +ifeq ($(COMPILE_ARCH),x86_64) +LIBDIR = lib64 +else +LIBDIR = lib +endif # GNU MP configuration -GMP_LIB := /usr/lib/libgmp.a +GMP_LIB := /usr/$(LIBDIR)/libgmp.a GMP_HEADER := /usr/include/gmp.h # sources and objects @@ -27,38 +43,32 @@ DIRS := . crypto tpm SRCS := $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.c)) OBJS := $(patsubst %.c, %.o, $(SRCS)) SRCS += $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.h)) -DISTSRC := ./README ./AUTHORS ./ChangeLog ./Makefile $(SRCS) -DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR) -obj-m := $(MODULE_NAME).o -$(MODULE_NAME)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a +obj-m := $(BIN) +$(BIN)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a EXTRA_CFLAGS += -I$(src) -I$(src)/crypto -I$(src)/tpm # do not print "Entering directory ..." MAKEFLAGS += --no-print-directory -all: $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version - @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules +all: $(BIN) -install: - @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules_install - test -d /var/tpm || mkdir /var/tpm - test -c /dev/tpm || mknod /dev/tpm c 10 224 - chmod 666 /dev/tpm - depmod -a +$(BIN): $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version $(SRCS) $(OBJS) + $(CC) $(CFLAGS) $(OBJS) $(src)/crypto/libgmp.a -o $(BIN) + +%.o: %.c + $(CC) $(CFLAGS) -c $< -o $@ + +install: $(BIN) + $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) + @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi clean: - @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) clean - rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a + rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS) -dist: $(DISTSRC) - rm -rf $(DISTDIR) - mkdir $(DISTDIR) - cp --parents $(DISTSRC) $(DISTDIR)/ - rm -f $(DISTDIR)/crypto/gmp.h - tar -chzf $(DISTDIR).tar.gz $(DISTDIR) - rm -rf $(DISTDIR) +mrproper: clean + rm -f $(BIN) tpm_version.h $(src)/crypto/libgmp.a: test -f $(src)/crypto/libgmp.a || ln -s $(GMP_LIB) $(src)/crypto/libgmp.a @@ -88,4 +98,3 @@ version: @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h .PHONY: all install clean dist gmp version - diff -uprN orig/tpm_emulator-0.4/README tpm_emulator/README --- orig/tpm_emulator-0.4/README 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/README 2006-07-24 14:35:35.000000000 -0700 @@ -13,7 +13,8 @@ $Id: README 113 2006-06-18 12:38:13Z hst Copyright -------------------------------------------------------------------------- Copyright (C) 2004 Mario Strasser and Swiss Federal -Institute of Technology (ETH) Zurich. + Institute of Technology (ETH) Zurich. +Copyright (C) 2005 INTEL Corp This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -43,6 +44,12 @@ Example: GMP_LIB := /usr/lib/libgmp.a GMP_HEADER := /usr/include/gmp.h +GNU MP Library on 64 bit Systems +-------------------------------------------------------------------------- +Some 64-bit kernels have problems with importing the user-space gmp +library (/usr/lib*/libgmp.a) into kernel space. These kernels will require +that the gmp library be recompiled for kernel space with -mcmodel=kernel. + Installation -------------------------------------------------------------------------- The compilation and installation process uses the build environment for diff -uprN orig/tpm_emulator-0.4/tpm/tpm_capability.c tpm_emulator/tpm/tpm_capability.c --- orig/tpm_emulator-0.4/tpm/tpm_capability.c 2006-06-23 19:37:07.000000000 +0900 +++ tpm_emulator/tpm/tpm_capability.c 2007-12-28 22:50:19.000000000 +0900 @@ -701,7 +701,10 @@ TPM_RESULT TPM_GetCapabilityOwner(TPM_VE TPM_RESULT res; info("TPM_GetCapabilityOwner()"); - + + if (!tpmData.permanent.flags.owned) { + return TPM_NOSRK; + } /* Verify owner authorization */ res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); if (res != TPM_SUCCESS) return res; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c tpm_emulator/tpm/tpm_cmd_handler.c --- orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c 2006-06-23 19:37:07.000000000 +0900 +++ tpm_emulator/tpm/tpm_cmd_handler.c 2007-09-12 20:23:00.000000000 +0900 @@ -565,7 +565,7 @@ static TPM_RESULT execute_TPM_Seal(TPM_R if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) - || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) + || (pcrInfoSize >0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) || len != 0) return TPM_BAD_PARAMETER; @@ -798,7 +798,7 @@ static TPM_RESULT execute_TPM_Sealx(TPM_ if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) - || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) + || (pcrInfoSize > 0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) || len != 0) return TPM_BAD_PARAMETER; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_credentials.c tpm_emulator/tpm/tpm_credentials.c --- orig/tpm_emulator-0.4/tpm/tpm_credentials.c 2006-06-23 19:37:07.000000000 +0900 +++ tpm_emulator/tpm/tpm_credentials.c 2007-09-12 20:23:30.000000000 +0900 @@ -47,20 +47,20 @@ int tpm_compute_pubkey_checksum(TPM_NONC TPM_RESULT tpm_get_pubek(TPM_PUBKEY *pubEndorsementKey) { - UINT32 key_length; + size_t key_length; if (!tpmData.permanent.data.endorsementKey.size) return TPM_NO_ENDORSEMENT; /* setup TPM_PUBKEY structure */ - key_length = tpmData.permanent.data.endorsementKey.size; - pubEndorsementKey->pubKey.keyLength = key_length >> 3; + pubEndorsementKey->pubKey.keyLength = tpmData.permanent.data.endorsementKey.size >> 3; pubEndorsementKey->pubKey.key = tpm_malloc(pubEndorsementKey->pubKey.keyLength); if (pubEndorsementKey->pubKey.key == NULL) return TPM_FAIL; rsa_export_modulus(&tpmData.permanent.data.endorsementKey, - pubEndorsementKey->pubKey.key, - &pubEndorsementKey->pubKey.keyLength); + pubEndorsementKey->pubKey.key, + &key_length); + pubEndorsementKey->pubKey.keyLength = key_length; pubEndorsementKey->algorithmParms.algorithmID = TPM_ALG_RSA; pubEndorsementKey->algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1; pubEndorsementKey->algorithmParms.sigScheme = TPM_SS_NONE; - pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length; + pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length << 3; pubEndorsementKey->algorithmParms.parms.rsa.numPrimes = 2; pubEndorsementKey->algorithmParms.parms.rsa.exponentSize = 0; pubEndorsementKey->algorithmParms.parms.rsa.exponent = NULL; @@ -175,6 +175,7 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ { TPM_RESULT res; TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; + size_t key_length; info("TPM_OwnerReadInternalPub()"); /* verify authorization */ res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); @@ -186,7 +187,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ publicPortion->pubKey.key = tpm_malloc(publicPortion->pubKey.keyLength); if (publicPortion->pubKey.key == NULL) return TPM_FAIL; rsa_export_modulus(&srk->key, publicPortion->pubKey.key, - &publicPortion->pubKey.keyLength); + &key_length); + publicPortion->pubKey.keyLength = key_length; publicPortion->algorithmParms.algorithmID = TPM_ALG_RSA; publicPortion->algorithmParms.encScheme = srk->encScheme; publicPortion->algorithmParms.sigScheme = srk->sigScheme; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_crypto.c tpm_emulator/tpm/tpm_crypto.c --- orig/tpm_emulator-0.4/tpm/tpm_crypto.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_crypto.c 2006-07-24 14:35:35.000000000 -0700 @@ -182,7 +182,8 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE TPM_KEY_DATA *cert, *key; sha1_ctx_t sha1_ctx; BYTE *buf, *p; - UINT32 length; + UINT32 length32; + size_t length; info("TPM_CertifyKey()"); /* get keys */ cert = tpm_get_key(certHandle); @@ -264,14 +265,15 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); p = buf = tpm_malloc(length); + length32=(UINT32) length; if (buf == NULL - || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { + || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { free_TPM_KEY_PARMS(certifyInfo->algorithmParms); return TPM_FAIL; } length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); sha1_init(&sha1_ctx); - sha1_update(&sha1_ctx, buf, length); + sha1_update(&sha1_ctx, buf, (size_t) length); sha1_final(&sha1_ctx, buf); res = tpm_sign(cert, auth1, FALSE, buf, SHA1_DIGEST_LENGTH, outData, outDataSize); tpm_free(buf); @@ -292,7 +294,8 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL TPM_KEY_DATA *cert, *key; sha1_ctx_t sha1_ctx; BYTE *buf, *p; - UINT32 length; + size_t length; + UINT32 length32; info("TPM_CertifyKey2()"); /* get keys */ cert = tpm_get_key(certHandle); @@ -362,8 +365,9 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); p = buf = tpm_malloc(length); + length32 = (UINT32) length; if (buf == NULL - || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { + || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { free_TPM_KEY_PARMS(certifyInfo->algorithmParms); return TPM_FAIL; } diff -uprN orig/tpm_emulator-0.4/tpm/tpm_daa.c tpm_emulator/tpm/tpm_daa.c --- orig/tpm_emulator-0.4/tpm/tpm_daa.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_daa.c 2006-07-24 14:35:35.000000000 -0700 @@ -716,14 +716,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -805,14 +805,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -1489,14 +1489,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -1712,14 +1712,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -1793,14 +1793,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -2918,14 +2918,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -3143,7 +3143,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, sizeof(session->DAA_session.DAA_digest)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_update(&sha1, inputData1, inputSize1); sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); } @@ -3172,7 +3172,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, sizeof(session->DAA_session.DAA_digest)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE*) "\x00", 1); rsa_export_modulus(&aikData->key, scratch, &size); sha1_update(&sha1, scratch, size); sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); @@ -3229,14 +3229,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); @@ -3309,14 +3309,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x00", 1); + sha1_update(&sha1, (BYTE *) "\x00", 1); sha1_final(&sha1, scratch); sha1_init(&sha1); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, sizeof(session->DAA_tpmSpecific.DAA_rekey)); sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, sizeof(session->DAA_tpmSpecific.DAA_count)); - sha1_update(&sha1, "\x01", 1); + sha1_update(&sha1, (BYTE *) "\x01", 1); sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); mpz_init(f), mpz_init(q); mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); diff -uprN orig/tpm_emulator-0.4/tpm/tpm_data.c tpm_emulator/tpm/tpm_data.c --- orig/tpm_emulator-0.4/tpm/tpm_data.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_data.c 2006-07-24 14:35:35.000000000 -0700 @@ -40,6 +40,7 @@ static inline void init_pcr_attr(int pcr void tpm_init_data(void) { /* endorsement key */ +#ifndef TPM_GENERATE_EK uint8_t ek_n[] = "\xa8\xdb\xa9\x42\xa8\xf3\xb8\x06\x85\x90\x76\x93\xad\xf7" "\x74\xec\x3f\xd3\x3d\x9d\xe8\x2e\xff\x15\xed\x0e\xce\x5f\x93" "\x92\xeb\xd1\x96\x2b\x72\x18\x81\x79\x12\x9d\x9c\x40\xd7\x1a" @@ -77,6 +78,8 @@ void tpm_init_data(void) "\xd1\xc0\x8b\x5b\xa2\x2e\xa7\x15\xca\x50\x75\x10\x48\x9c\x2b" "\x18\xb9\x67\x8f\x5d\x64\xc3\x28\x9f\x2f\x16\x2f\x08\xda\x47" "\xec\x86\x43\x0c\x80\x99\x07\x34\x0f"; +#endif + int i; /* reset all data to NULL, FALSE or 0 */ memset(&tpmData, 0, sizeof(tpmData)); @@ -152,44 +155,43 @@ void tpm_release_data(void) #ifdef TPM_STORE_TO_FILE -#include -#include -#include +#include +#include +#include +#include #define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." STR(VERSION_MINOR) static int write_to_file(uint8_t *data, size_t data_length) { int res; - struct file *fp; - mm_segment_t old_fs = get_fs(); - fp = filp_open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); - if (IS_ERR(fp)) return -1; - set_fs(get_ds()); - res = fp->f_op->write(fp, data, data_length, &fp->f_pos); - set_fs(old_fs); - filp_close(fp, NULL); + int fp; + fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); + res = write(fp, data, data_length); + close(fp); return (res == data_length) ? 0 : -1; } static int read_from_file(uint8_t **data, size_t *data_length) { int res; - struct file *fp; - mm_segment_t old_fs = get_fs(); - fp = filp_open(TPM_STORAGE_FILE, O_RDONLY, 0); - if (IS_ERR(fp)) return -1; - *data_length = (size_t)fp->f_dentry->d_inode->i_size; - /* *data_length = i_size_read(fp->f_dentry->d_inode); */ + int fp, file_status; + struct stat file_info; + fp = open(TPM_STORAGE_FILE, O_RDONLY, 0); + file_status = fstat(fp, &file_info); + if (file_status < 0) { + close(fp); + return -1; + } + + *data_length = file_info.st_size; *data = tpm_malloc(*data_length); if (*data == NULL) { - filp_close(fp, NULL); + close(fp); return -1; } - set_fs(get_ds()); - res = fp->f_op->read(fp, *data, *data_length, &fp->f_pos); - set_fs(old_fs); - filp_close(fp, NULL); + res = read(fp, *data, *data_length); + close(fp); if (res != *data_length) { tpm_free(*data); return -1; @@ -216,23 +218,30 @@ static int read_from_file(uint8_t **data int tpm_store_permanent_data(void) { uint8_t *buf, *ptr; - size_t buf_length, len; + UINT32 buf_length, len; /* marshal data */ - buf_length = len = sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) - + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) + 2 - + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data); + buf_length = len = 4 + sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) + + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) + + sizeof_TPM_STANY_FLAGS(tpmData.stany.flags) + 2 + + sizeof_TPM_STCLEAR_DATA(tpmData.stclear.data) + + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data) + + sizeof_TPM_STANY_DATA(tpmData.stany.data); buf = ptr = tpm_malloc(buf_length); if (buf == NULL || tpm_marshal_TPM_VERSION(&ptr, &len, &tpmData.permanent.data.version) || tpm_marshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) || tpm_marshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) + || tpm_marshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.selfTestSucceeded) || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.owned) - || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { + || tpm_marshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) + || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) + || tpm_marshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { tpm_free(buf); return -1; } + if (write_to_file(buf, buf_length - len)) { tpm_free(buf); return -1; @@ -244,31 +253,36 @@ int tpm_store_permanent_data(void) int tpm_restore_permanent_data(void) { uint8_t *buf, *ptr; - size_t buf_length, len; + size_t buf_length; + UINT32 len; TPM_VERSION ver; /* read data */ if (read_from_file(&buf, &buf_length)) return -1; ptr = buf; - len = buf_length; + len = (uint32_t) buf_length; /* unmarshal data */ if (tpm_unmarshal_TPM_VERSION(&ptr, &len, &ver) || memcmp(&ver, &tpmData.permanent.data.version, sizeof(TPM_VERSION)) || tpm_unmarshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) || tpm_unmarshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) + || tpm_unmarshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.selfTestSucceeded) || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.owned) - || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { + || tpm_unmarshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) + || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) + || tpm_unmarshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { tpm_free(buf); return -1; } + tpm_free(buf); return 0; } int tpm_erase_permanent_data(void) { - int res = write_to_file("", 0); + int res = write_to_file((uint8_t *) "", 0); return res; } diff -uprN orig/tpm_emulator-0.4/tpm/tpm_deprecated.c tpm_emulator/tpm/tpm_deprecated.c --- orig/tpm_emulator-0.4/tpm/tpm_deprecated.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_deprecated.c 2006-07-24 14:35:35.000000000 -0700 @@ -1,6 +1,7 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , * Swiss Federal Institute of Technology (ETH) Zurich + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -50,7 +51,7 @@ TPM_RESULT TPM_SaveKeyContext(TPM_KEY_HA BYTE *ptr; UINT32 len; info("TPM_SaveKeyContext()"); - res = TPM_SaveContext(keyHandle, TPM_RT_KEY, "SaveKeyContext..", + res = TPM_SaveContext(keyHandle, TPM_RT_KEY, (BYTE*)"SaveKeyContext..", keyContextSize, &contextBlob); if (res != TPM_SUCCESS) return res; len = *keyContextSize; @@ -82,7 +83,7 @@ TPM_RESULT TPM_SaveAuthContext(TPM_AUTHH BYTE *ptr; UINT32 len; info("TPM_SaveAuthContext()"); - res = TPM_SaveContext(authHandle, TPM_RT_KEY, "SaveAuthContext.", + res = TPM_SaveContext(authHandle, TPM_RT_KEY, (BYTE*)"SaveAuthContext.", authContextSize, &contextBlob); if (res != TPM_SUCCESS) return res; len = *authContextSize; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_emulator.h tpm_emulator/tpm/tpm_emulator.h --- orig/tpm_emulator-0.4/tpm/tpm_emulator.h 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_emulator.h 2006-07-24 14:35:35.000000000 -0700 @@ -1,5 +1,6 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -22,7 +23,8 @@ /* TPM configuration */ #define TPM_STORE_TO_FILE 1 #undef TPM_STRONG_PERSISTENCE -#undef TPM_GENERATE_EK +//#undef TPM_GENERATE_EK +#define TPM_GENERATE_EK #undef TPM_GENERATE_SEED_DAA #define TPM_MANUFACTURER 0x4554485A /* 'ETHZ' */ diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.c tpm_emulator/tpm/tpm_marshalling.c --- orig/tpm_emulator-0.4/tpm/tpm_marshalling.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_marshalling.c 2006-07-24 14:35:35.000000000 -0700 @@ -1312,7 +1312,7 @@ int tpm_unmarshal_TPM_STANY_FLAGS(BYTE * int tpm_marshal_RSA(BYTE **ptr, UINT32 *length, rsa_private_key_t *v) { - UINT32 m_len, e_len, q_len; + size_t m_len, e_len, q_len; if (*length < sizeof_RSA((*v))) return -1; if (v->size > 0) { rsa_export_modulus(v, &(*ptr)[6], &m_len); @@ -1460,6 +1460,66 @@ int tpm_unmarshal_TPM_PERMANENT_DATA(BYT return 0; } +int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) +{ + if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) + || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceKey) + || tpm_marshal_TPM_COUNT_ID(ptr, length, v->countID) ) return -1; + + return 0; +} + +int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) +{ + if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) + || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceKey) + || tpm_unmarshal_TPM_COUNT_ID(ptr, length, &v->countID) ) return -1; + + return 0; +} + +int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) +{ + UINT32 i; + if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) + || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceSession) + || tpm_marshal_TPM_DIGEST(ptr, length, &v->auditDigest) + || tpm_marshal_BOOL(ptr, length, v->auditSession) + || tpm_marshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) + || tpm_marshal_UINT32(ptr, length, v->contextCount) + || tpm_marshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; + for (i = 0; i < TPM_MAX_SESSIONS; i++) { + if (tpm_marshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; + } + for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { + if (tpm_marshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; + } + if (tpm_marshal_TPM_TRANSHANDLE(ptr, length, v->transExclusive)) return -1; + + return 0; +} + +int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) +{ + UINT32 i; + if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) + || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceSession) + || tpm_unmarshal_TPM_DIGEST(ptr, length, &v->auditDigest) + || tpm_unmarshal_BOOL(ptr, length, &v->auditSession) + || tpm_unmarshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) + || tpm_unmarshal_UINT32(ptr, length, &v->contextCount) + || tpm_unmarshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; + for (i = 0; i < TPM_MAX_SESSIONS; i++) { + if (tpm_unmarshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; + } + for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { + if (tpm_unmarshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; + } + if (tpm_unmarshal_TPM_TRANSHANDLE(ptr, length, &v->transExclusive)) return -1; + + return 0; +} + int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v) { if (tpm_marshal_BYTE(ptr, length, v->type) diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.h tpm_emulator/tpm/tpm_marshalling.h --- orig/tpm_emulator-0.4/tpm/tpm_marshalling.h 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_marshalling.h 2006-07-24 14:35:35.000000000 -0700 @@ -432,6 +432,12 @@ int tpm_unmarshal_TPM_KEY_DATA(BYTE **pt int tpm_marshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); int tpm_unmarshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); +int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); +int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); + +int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); +int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); + int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); int tpm_unmarshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); diff -uprN orig/tpm_emulator-0.4/tpm/tpm_owner.c tpm_emulator/tpm/tpm_owner.c --- orig/tpm_emulator-0.4/tpm/tpm_owner.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_owner.c 2006-07-24 14:35:35.000000000 -0700 @@ -108,7 +108,7 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO TPM_RESULT res; rsa_private_key_t *ek = &tpmData.permanent.data.endorsementKey; TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; - UINT32 buf_size = ek->size >> 3; + size_t buf_size = ek->size >> 3, key_length; BYTE buf[buf_size]; info("TPM_TakeOwnership()"); @@ -173,7 +173,8 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO return TPM_FAIL; } rsa_export_modulus(&srk->key, srkPub->pubKey.key, - &srkPub->pubKey.keyLength); + &key_length); + srkPub->pubKey.keyLength = (UINT32) key_length; /* setup tpmProof and set state to owned */ tpm_get_random_bytes(tpmData.permanent.data.tpmProof.nonce, sizeof(tpmData.permanent.data.tpmProof.nonce)); diff -uprN orig/tpm_emulator-0.4/tpm/tpm_startup.c tpm_emulator/tpm/tpm_startup.c --- orig/tpm_emulator-0.4/tpm/tpm_startup.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_startup.c 2006-07-24 14:35:35.000000000 -0700 @@ -41,26 +41,29 @@ void TPM_Init(TPM_STARTUP_TYPE startupTy TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE startupType) { int i; + int restore_fail; info("TPM_Startup(%d)", startupType); if (tpmData.stany.flags.postInitialise == FALSE) return TPM_INVALID_POSTINIT; - /* reset STANY_FLAGS */ - SET_TO_ZERO(&tpmData.stany.flags); - tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; - /* reset STANY_DATA (invalidates ALL sessions) */ - SET_TO_ZERO(&tpmData.stany.data); - tpmData.stany.data.tag = TPM_TAG_STANY_DATA; - /* init session-context nonce */ - SET_TO_RAND(&tpmData.stany.data.contextNonceSession); + + /* try and restore state to get EK, SRK, etc */ + restore_fail = tpm_restore_permanent_data(); + /* set data and flags according to the given startup type */ if (startupType == TPM_ST_CLEAR) { - /* if available, restore permanent data */ - tpm_restore_permanent_data(); + /* reset STANY_FLAGS */ + SET_TO_ZERO(&tpmData.stany.flags); + tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; + /* reset STANY_DATA (invalidates ALL sessions) */ + SET_TO_ZERO(&tpmData.stany.data); + tpmData.stany.data.tag = TPM_TAG_STANY_DATA; + /* init session-context nonce */ + SET_TO_RAND(&tpmData.stany.data.contextNonceSession); /* reset PCR values */ for (i = 0; i < TPM_NUM_PCR; i++) { - if (tpmData.permanent.data.pcrAttrib[i].pcrReset) - SET_TO_ZERO(tpmData.permanent.data.pcrValue[i].digest); + if (!tpmData.permanent.data.pcrAttrib[i].pcrReset) + SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest); else - SET_TO_0xFF(tpmData.permanent.data.pcrValue[i].digest); + SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest); } /* reset STCLEAR_FLAGS */ SET_TO_ZERO(&tpmData.stclear.flags); @@ -79,7 +82,8 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE /* init key-context nonce */ SET_TO_RAND(&tpmData.stclear.data.contextNonceKey); } else if (startupType == TPM_ST_STATE) { - if (tpm_restore_permanent_data()) { + /* restore must have been successful for TPM_ST_STATE */ + if (restore_fail) { error("restoring permanent data failed"); tpmData.permanent.data.testResult = "tpm_restore_permanent_data() failed"; tpmData.permanent.flags.selfTestSucceeded = FALSE; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_storage.c tpm_emulator/tpm/tpm_storage.c --- orig/tpm_emulator-0.4/tpm/tpm_storage.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_storage.c 2006-07-24 14:35:35.000000000 -0700 @@ -58,6 +58,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke BYTE *enc, UINT32 *enc_size) { UINT32 len; + size_t enc_size32 = *enc_size; BYTE *buf, *ptr; rsa_public_key_t pub_key; int scheme; @@ -72,7 +73,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke if (buf == NULL || tpm_marshal_TPM_SEALED_DATA(&ptr, &len, seal) || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_SEALED_DATA((*seal)), - enc, enc_size)) { + enc, &enc_size32)) { tpm_free(buf); rsa_release_public_key(&pub_key); return -1; @@ -85,7 +86,8 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke int decrypt_sealed_data(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, TPM_SEALED_DATA *seal, BYTE **buf) { - UINT32 len; + size_t len; + UINT32 len32; BYTE *ptr; int scheme; switch (key->encScheme) { @@ -96,8 +98,12 @@ int decrypt_sealed_data(TPM_KEY_DATA *ke len = enc_size; *buf = ptr = tpm_malloc(len); if (*buf == NULL - || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) - || tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len, seal)) { + || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ){ + tpm_free(*buf); + return -1; + } + len32 = len; + if (tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len32, seal)) { tpm_free(*buf); return -1; } @@ -240,11 +246,12 @@ TPM_RESULT TPM_Unseal(TPM_KEY_HANDLE par TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE keyHandle, UINT32 inDataSize, BYTE *inData, TPM_AUTH *auth1, - UINT32 *outDataSize, BYTE **outData) + UINT32 *outDataSize32, BYTE **outData) { TPM_RESULT res; TPM_KEY_DATA *key; int scheme; + size_t outDataSize; info("TPM_UnBind()"); /* get key */ @@ -262,8 +269,8 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key /* the size of the input data muss be greater than zero */ if (inDataSize == 0) return TPM_BAD_PARAMETER; /* decrypt data */ - *outDataSize = inDataSize; - *outData = tpm_malloc(*outDataSize); + outDataSize = inDataSize; + *outData = tpm_malloc(outDataSize); if (*outData == NULL) return TPM_NOSPACE; switch (key->encScheme) { case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; @@ -271,20 +278,21 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key default: tpm_free(*outData); return TPM_DECRYPT_ERROR; } if (rsa_decrypt(&key->key, scheme, inData, inDataSize, - *outData, outDataSize)) { + *outData, &outDataSize)) { tpm_free(*outData); return TPM_DECRYPT_ERROR; } /* verify data if it is of type TPM_BOUND_DATA */ if (key->encScheme == TPM_ES_RSAESOAEP_SHA1_MGF1 || key->keyUsage != TPM_KEY_LEGACY) { - if (*outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { + if (outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { tpm_free(*outData); return TPM_DECRYPT_ERROR; } - *outDataSize -= 5; - memmove(*outData, &(*outData)[5], *outDataSize); + outDataSize -= 5; + memmove(*outData, &(*outData)[5], outDataSize); } + *outDataSize32 = (UINT32) outDataSize; return TPM_SUCCESS; } @@ -334,12 +342,13 @@ int compute_pubkey_digest(TPM_PUBKEY *ke } int encrypt_private_key(TPM_KEY_DATA *key, TPM_STORE_ASYMKEY *store, - BYTE *enc, UINT32 *enc_size) + BYTE *enc, UINT32 *enc_size32) { UINT32 len; BYTE *buf, *ptr; rsa_public_key_t pub_key; int scheme; + size_t enc_size; switch (key->encScheme) { case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; case TPM_ES_RSAESPKCSv15: scheme = RSA_ES_PKCSV15; break; @@ -351,11 +360,12 @@ int encrypt_private_key(TPM_KEY_DATA *ke if (buf == NULL || tpm_marshal_TPM_STORE_ASYMKEY(&ptr, &len, store) || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_STORE_ASYMKEY((*store)), - enc, enc_size)) { + enc, &enc_size)) { tpm_free(buf); rsa_release_public_key(&pub_key); return -1; } + *enc_size32 = (UINT32) enc_size; tpm_free(buf); rsa_release_public_key(&pub_key); return 0; @@ -364,7 +374,8 @@ int encrypt_private_key(TPM_KEY_DATA *ke int decrypt_private_key(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, TPM_STORE_ASYMKEY *store, BYTE **buf) { - UINT32 len; + UINT32 len32; + size_t len; BYTE *ptr; int scheme; switch (key->encScheme) { @@ -375,8 +386,12 @@ int decrypt_private_key(TPM_KEY_DATA *ke len = enc_size; *buf = ptr = tpm_malloc(len); if (*buf == NULL - || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) - || tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len, store)) { + || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ) { + tpm_free(*buf); + return -1; + } + len32 = (UINT32) len; + if (tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len32, store)) { tpm_free(*buf); return -1; } @@ -394,7 +409,7 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN TPM_SESSION_DATA *session; TPM_STORE_ASYMKEY store; rsa_private_key_t rsa; - UINT32 key_length; + size_t key_length; info("TPM_CreateWrapKey()"); /* get parent key */ @@ -450,11 +465,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN } } /* generate key and store it */ - key_length = keyInfo->algorithmParms.parms.rsa.keyLength; - if (rsa_generate_key(&rsa, key_length)) return TPM_FAIL; - wrappedKey->pubKey.keyLength = key_length >> 3; + if (rsa_generate_key(&rsa, keyInfo->algorithmParms.parms.rsa.keyLength)) + return TPM_FAIL; + wrappedKey->pubKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength >> 3; wrappedKey->pubKey.key = tpm_malloc(wrappedKey->pubKey.keyLength); - store.privKey.keyLength = key_length >> 4; + store.privKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength >> 4; store.privKey.key = tpm_malloc(store.privKey.keyLength); wrappedKey->encDataSize = parent->key.size >> 3; wrappedKey->encData = tpm_malloc(wrappedKey->encDataSize); @@ -466,9 +481,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN tpm_free(wrappedKey->encData); return TPM_NOSPACE; } - rsa_export_modulus(&rsa, wrappedKey->pubKey.key, - &wrappedKey->pubKey.keyLength); - rsa_export_prime1(&rsa, store.privKey.key, &store.privKey.keyLength); + rsa_export_modulus(&rsa, wrappedKey->pubKey.key, + &key_length); + wrappedKey->pubKey.keyLength = (UINT32) key_length; + rsa_export_prime1(&rsa, store.privKey.key, &key_length); + store.privKey.keyLength = (UINT32) key_length; rsa_release_private_key(&rsa); /* compute the digest of the wrapped key (without encData) */ if (compute_key_digest(wrappedKey, &store.pubDataDigest)) { @@ -602,6 +619,7 @@ TPM_RESULT TPM_LoadKey2(TPM_KEY_HANDLE p int tpm_setup_key_parms(TPM_KEY_DATA *key, TPM_KEY_PARMS *parms) { + size_t key_length; parms->algorithmID = TPM_ALG_RSA; parms->encScheme = key->encScheme; parms->sigScheme = key->sigScheme; @@ -611,7 +629,8 @@ int tpm_setup_key_parms(TPM_KEY_DATA *ke parms->parms.rsa.exponent = tpm_malloc(parms->parms.rsa.exponentSize); if (parms->parms.rsa.exponent == NULL) return -1; rsa_export_exponent(&key->key, parms->parms.rsa.exponent, - &parms->parms.rsa.exponentSize); + &key_length); + parms->parms.rsa.exponentSize = (UINT32) key_length; parms->parmSize = 12 + parms->parms.rsa.exponentSize; return 0; } @@ -622,6 +641,7 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE TPM_RESULT res; TPM_KEY_DATA *key; TPM_DIGEST digest; + size_t key_length; info("TPM_GetPubKey()"); /* get key */ if (keyHandle == TPM_KH_SRK @@ -650,8 +670,8 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE pubKey->pubKey.keyLength = key->key.size >> 3; pubKey->pubKey.key = tpm_malloc(pubKey->pubKey.keyLength); if (pubKey->pubKey.key == NULL) return TPM_NOSPACE; - rsa_export_modulus(&key->key, pubKey->pubKey.key, - &pubKey->pubKey.keyLength); + rsa_export_modulus(&key->key, pubKey->pubKey.key, &key_length); + pubKey->pubKey.keyLength = (UINT32) key_length; if (tpm_setup_key_parms(key, &pubKey->algorithmParms) != 0) { error("TPM_GetPubKey(): tpm_setup_key_parms() failed."); tpm_free(pubKey->pubKey.key); diff -uprN orig/tpm_emulator-0.4/tpm/tpm_structures.h tpm_emulator/tpm/tpm_structures.h --- orig/tpm_emulator-0.4/tpm/tpm_structures.h 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_structures.h 2006-07-24 14:35:35.000000000 -0700 @@ -1958,6 +1958,7 @@ typedef struct tdTPM_DAA_ISSUER { TPM_DIGEST DAA_digest_gamma; BYTE DAA_generic_q[26]; } TPM_DAA_ISSUER; +#define sizeof_TPM_DAA_ISSUER(s) (2 + (20 * 6) + 26 ) /* * TPM_DAA_TPM ([TPM_Part2], Section 22.4) @@ -1973,6 +1974,7 @@ typedef struct tdTPM_DAA_TPM { TPM_DIGEST DAA_rekey; UINT32 DAA_count; } TPM_DAA_TPM; +#define sizeof_TPM_DAA_TPM(s) (2 + (4 * 20) + 4) /* * TPM_DAA_CONTEXT ([TPM_Part2], Section 22.5) @@ -1987,6 +1989,7 @@ typedef struct tdTPM_DAA_CONTEXT { BYTE DAA_scratch[256]; BYTE DAA_stage; } TPM_DAA_CONTEXT; +#define sizeof_TPM_DAA_CONTEXT(s) (2 + (3 * 20) + 256 + 1) /* * TPM_DAA_JOINDATA ([TPM_Part2], Section 22.6) @@ -1998,6 +2001,7 @@ typedef struct tdTPM_DAA_JOINDATA { BYTE DAA_join_u1[138]; TPM_DIGEST DAA_digest_n0; } TPM_DAA_JOINDATA; +#define sizeof_TPM_DAA_JOINDATA(s) (1 + 1 + 20) /* * TPM_DAA_BLOB ([TPM_Part2], Section 22.8) @@ -2202,6 +2206,7 @@ typedef struct tdTPM_STCLEAR_DATA { //UINT32 ownerReference; //BOOL disableResetLock; } TPM_STCLEAR_DATA; +#define sizeof_TPM_STCLEAR_DATA(s) (2 + 20 + 4) /* * TPM_SESSION_DATA @@ -2238,6 +2243,11 @@ typedef struct tdTPM_DAA_SESSION_DATA { TPM_DAA_JOINDATA DAA_joinSession; TPM_HANDLE handle; } TPM_DAA_SESSION_DATA; +#define sizeof_TPM_DAA_SESSION_DATA(s) ( 1 \ + + sizeof_TPM_DAA_ISSUER(s.DAA_issuerSettings) \ + + sizeof_TPM_DAA_TPM(s.DAA_tpmSpecific) \ + + sizeof_TPM_DAA_CONTEXT(s.DAA_session) \ + + sizeof_TPM_DAA_JOINDATA(s.DAA_joinSession) + 4) /* * TPM_STANY_DATA ([TPM_Part2], Section 7.6) @@ -2262,6 +2272,11 @@ typedef struct tdTPM_STANY_DATA { TPM_DAAHANDLE currentDAA; TPM_TRANSHANDLE transExclusive; } TPM_STANY_DATA; +#define sizeof_TPM_STANY_DATA(s) (2 + 20 + 20 + 1 \ + + sizeof_TPM_CURRENT_TICKS(s.currentTicks) \ + + 4 + (4 * TPM_MAX_SESSION_LIST) \ + + (sizeof_TPM_SESSION_DATA(s.sessions[0]) * TPM_MAX_SESSION_LIST) \ + + (sizeof_TPM_DAA_SESSION_DATA(s.sessionsDAA[0]) * TPM_MAX_SESSIONS_DAA) + 4) /* * TPM_DATA diff -uprN orig/tpm_emulator-0.4/tpm/tpm_testing.c tpm_emulator/tpm/tpm_testing.c --- orig/tpm_emulator-0.4/tpm/tpm_testing.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_testing.c 2006-07-24 14:35:35.000000000 -0700 @@ -1,6 +1,7 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , * Swiss Federal Institute of Technology (ETH) Zurich + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -95,24 +96,24 @@ static int tpm_test_sha1(void) struct { uint8_t *data; uint32_t repetitions; uint8_t *digest; } test_cases[] = {{ - "abc", 1, - "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" + (uint8_t*)"abc", 1, + (uint8_t*)"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" }, { - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, - "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" + (uint8_t*)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, + (uint8_t*)"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" }, { - "a", 1000000, - "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" + (uint8_t*)"a", 1000000, + (uint8_t*)"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" }, { - "0123456701234567012345670123456701234567012345670123456701234567", 10, - "\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" + (uint8_t*)"0123456701234567012345670123456701234567012345670123456701234567", 10, + (uint8_t*)"\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" }}; debug("tpm_test_sha1()"); for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { sha1_init(&ctx); for (j = 0; j < test_cases[i].repetitions; j++) - sha1_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); + sha1_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); sha1_final(&ctx, digest); if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; } @@ -128,41 +129,41 @@ static int tpm_test_hmac(void) struct { uint8_t *key, key_len, *data, data_len, *digest; } test_cases[] = {{ - "\x0b", 20, "Hi There", 8, - "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" + (uint8_t*)"\x0b", 20, (uint8_t*)"Hi There", 8, + (uint8_t*)"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" }, { - "Jefe", 4, "what do ya want for nothing?", 28, - "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" + (uint8_t*)"Jefe", 4, (uint8_t*)"what do ya want for nothing?", 28, + (uint8_t*)"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" }, { - "\xaa", 20, "\xdd", 50, - "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" + (uint8_t*)"\xaa", 20, (uint8_t*)"\xdd", 50, + (uint8_t*)"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" }, { - "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" - "\x15\x16\x17\x18\x19", 25, "\xcd", 50, - "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" + (uint8_t*)"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" + "\x15\x16\x17\x18\x19", 25, (uint8_t*)"\xcd", 50, + (uint8_t*)"\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" }, { - "\x0c", 20, "Test With Truncation", 20, - "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" + (uint8_t*)"\x0c", 20, (uint8_t*)"Test With Truncation", 20, + (uint8_t*)"\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" }, { - "\xaa", 80, "Test Using Larger Than Block-Size Key - Hash Key First", 54, - "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" + (uint8_t*)"\xaa", 80, (uint8_t*)"Test Using Larger Than Block-Size Key - Hash Key First", 54, + (uint8_t*)"\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" }, { - "\xaa", 80, - "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, - "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" + (uint8_t*)"\xaa", 80, + (uint8_t*)"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, + (uint8_t*)"\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" }}; debug("tpm_test_hmac()"); for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { - if (strlen(test_cases[i].key) < test_cases[i].key_len) { + if (strlen((char*)test_cases[i].key) < test_cases[i].key_len) { uint8_t key[test_cases[i].key_len]; memset(key, test_cases[i].key[0], test_cases[i].key_len); hmac_init(&ctx, key, test_cases[i].key_len); } else { hmac_init(&ctx, test_cases[i].key, test_cases[i].key_len); } - for (j = 0; j < test_cases[i].data_len; j += strlen(test_cases[i].data)) { - hmac_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); + for (j = 0; j < test_cases[i].data_len; j += strlen((char*)test_cases[i].data)) { + hmac_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); } hmac_final(&ctx, digest); if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; @@ -173,9 +174,9 @@ static int tpm_test_hmac(void) static int tpm_test_rsa_EK(void) { int res = 0; - char *data = "RSA PKCS #1 v1.5 Test-String"; + uint8_t *data = (uint8_t*)"RSA PKCS #1 v1.5 Test-String"; uint8_t buf[256]; - size_t buf_len, data_len = strlen(data); + size_t buf_len, data_len = strlen((char*)data); rsa_private_key_t priv_key; rsa_public_key_t pub_key; diff -uprN orig/tpm_emulator-0.4/tpm/tpm_ticks.c tpm_emulator/tpm/tpm_ticks.c --- orig/tpm_emulator-0.4/tpm/tpm_ticks.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_ticks.c 2006-07-24 14:35:35.000000000 -0700 @@ -1,6 +1,7 @@ /* Software-Based Trusted Platform Module (TPM) Emulator for Linux * Copyright (C) 2004 Mario Strasser , * Swiss Federal Institute of Technology (ETH) Zurich + * Copyright (C) 2005 INTEL Corp * * This module is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published @@ -39,9 +40,7 @@ TPM_RESULT TPM_SetTickType(TPM_TICKTYPE TPM_RESULT TPM_GetTicks(TPM_CURRENT_TICKS *currentTime) { info("TPM_GetTicks()"); - memcpy(currentTime, &tpmData.stany.data.currentTicks, - sizeof(TPM_CURRENT_TICKS)); - return TPM_SUCCESS; + return TPM_DISABLED_CMD; } TPM_RESULT TPM_TickStampBlob(TPM_KEY_HANDLE keyHandle, TPM_NONCE *antiReplay, @@ -49,64 +48,11 @@ TPM_RESULT TPM_TickStampBlob(TPM_KEY_HAN TPM_CURRENT_TICKS *currentTicks, UINT32 *sigSize, BYTE **sig) { - TPM_RESULT res; - TPM_KEY_DATA *key; - BYTE *info, *p; - UINT32 info_length, length; info("TPM_TickStampBlob()"); - /* get key */ - key = tpm_get_key(keyHandle); - if (key == NULL) return TPM_INVALID_KEYHANDLE; - /* verify authorization */ - res = tpm_verify_auth(auth1, key->usageAuth, keyHandle); - if (res != TPM_SUCCESS) return res; - if (key->keyUsage != TPM_KEY_SIGNING && key->keyUsage != TPM_KEY_LEGACY - && key->keyUsage != TPM_KEY_IDENTITY) return TPM_INVALID_KEYUSAGE; - /* get current ticks */ - TPM_GetTicks(currentTicks); - /* sign data using signature scheme PKCS1_SHA1 and TPM_SIGN_INFO container */ - *sigSize = key->key.size >> 3; - *sig = tpm_malloc(*sigSize); - if (*sig == NULL) return TPM_FAIL; - /* setup TPM_SIGN_INFO structure */ - info_length = 30 + sizeof(TPM_DIGEST) + sizeof_TPM_CURRENT_TICKS(currentTicks); - info = tpm_malloc(info_length); - if (info == NULL) { - tpm_free(*sig); - return TPM_FAIL; - } - memcpy(&info[0], "\x05\x00TSTP", 6); - memcpy(&info[6], antiReplay->nonce, 20); - *(UINT32*)&info[26] = CPU_TO_BE32(20 - + sizeof_TPM_CURRENT_TICKS(currentTicks)); - memcpy(&info[30], digestToStamp->digest, sizeof(TPM_DIGEST)); - p = &info[30 + sizeof(TPM_DIGEST)]; - length = sizeof_TPM_CURRENT_TICKS(currentTicks); - if (tpm_marshal_TPM_CURRENT_TICKS(&p, &length, currentTicks) - || rsa_sign(&key->key, RSA_SSA_PKCS1_SHA1, info, info_length, *sig)) { - tpm_free(*sig); - tpm_free(info); - return TPM_FAIL; - } - return TPM_SUCCESS; + return TPM_DISABLED_CMD; } void tpm_update_ticks(void) { - if (tpmData.stany.data.currentTicks.tag == 0) { - tpmData.stany.data.currentTicks.tag = TPM_TAG_CURRENT_TICKS; - tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); -/* removed since v1.2 rev 94 - tpmData.stany.data.currentTicks.tickType = tpmData.permanent.data.tickType; -*/ - tpm_get_random_bytes(tpmData.stany.data.currentTicks.tickNonce.nonce, - sizeof(TPM_NONCE)); - tpmData.stany.data.currentTicks.tickRate = 1; -/* removed since v1.2 rev 94 - tpmData.stany.data.currentTicks.tickSecurity = TICK_SEC_NO_CHECK; -*/ - } else { - tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); - } } diff -uprN orig/tpm_emulator-0.4/tpm/tpm_transport.c tpm_emulator/tpm/tpm_transport.c --- orig/tpm_emulator-0.4/tpm/tpm_transport.c 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm/tpm_transport.c 2006-07-24 14:35:35.000000000 -0700 @@ -189,7 +189,7 @@ static void decrypt_wrapped_command(BYTE sha1_init(&sha1); sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); - sha1_update(&sha1, "in", 2); + sha1_update(&sha1, (BYTE*)"in", 2); sha1_update(&sha1, secret, sizeof(TPM_SECRET)); j = CPU_TO_BE32(i); sha1_update(&sha1, (BYTE*)&j, 4); @@ -211,7 +211,7 @@ static void encrypt_wrapped_command(BYTE sha1_init(&sha1); sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); - sha1_update(&sha1, "out", 3); + sha1_update(&sha1, (BYTE*)"out", 3); sha1_update(&sha1, secret, sizeof(TPM_SECRET)); j = CPU_TO_BE32(i); sha1_update(&sha1, (BYTE*)&j, 4); diff -uprN orig/tpm_emulator-0.4/tpmd.c tpm_emulator/tpmd.c --- orig/tpm_emulator-0.4/tpmd.c 1969-12-31 16:00:00.000000000 -0800 +++ tpm_emulator/tpmd.c 2006-07-24 14:35:35.000000000 -0700 @@ -0,0 +1,156 @@ +/* Software-Based Trusted Platform Module (TPM) Emulator for Linux + * Copyright (C) 2005 INTEL Corp + * + * This module is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published + * by the Free Software Foundation; either version 2 of the License, + * or (at your option) any later version. + * + * This module is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "tpm_emulator.h" + +#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo" +#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo" + +#define BUFFER_SIZE 2048 + +static int devurandom=0; + +void get_random_bytes(void *buf, int nbytes) { + + if (devurandom == 0) { + devurandom = open("/dev/urandom", O_RDONLY); + } + + if (read(devurandom, buf, nbytes) != nbytes) { + printf("Can't get random number.\n"); + exit(-1); + } +} + +uint64_t tpm_get_ticks(void) +{ + //struct timeval tv; + //int gettimeofday(&tv, struct timezone *tz); + return 0; +} + +int main(int argc, char **argv) +{ + uint8_t in[BUFFER_SIZE], *out; + uint32_t out_size; + int in_size, written; + int i; + struct stat file_info; + + int tpm_tx_fh=-1, tpm_rx_fh=-1; + if (argc < 2) { + printf("Usage: tpmd clear|save|deactivated\n" ); + return -1; + } + + /* initialize TPM emulator */ + if (!strcmp(argv[1], "clear")) { + printf("Initializing tpm: %s\n", argv[1]); + tpm_emulator_init(1); + } else if (!strcmp(argv[1], "save")) { + printf("Initializing tpm: %s\n", argv[1]); + tpm_emulator_init(2); + } else if (!strcmp(argv[1], "deactivated")) { + printf("Initializing tpm: %s\n", argv[1]); + tpm_emulator_init(3); + } else { + printf("invalid startup mode '%s'; must be 'clear', " + "'save' (default) or 'deactivated", argv[1]); + return -1; + } + + if ( stat(TPM_RX_FNAME, &file_info) == -1) { + if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) { + printf("Failed to create fifo %s.\n", TPM_RX_FNAME); + return -1; + } + } + + if ( stat(TPM_TX_FNAME, &file_info) == -1) { + if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) { + printf("Failed to create fifo %s.\n", TPM_TX_FNAME); + return -1; + } + } + + while (1) { +abort_command: + if (tpm_rx_fh < 0) { + tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY); + } + + if (tpm_rx_fh < 0) { + printf("ERROR: failed to open devices to listen to guest.\n"); + return -1; + } + + if (tpm_tx_fh < 0) { + tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY); + } + + if (tpm_tx_fh < 0) { + printf("ERROR: failed to open devices to respond to guest.\n"); + return -1; + } + + in_size = read(tpm_rx_fh, in, BUFFER_SIZE); + if (in_size < 6) { // Magic size of minium TPM command + printf("Recv[%d] to small: 0x", in_size); + if (in_size <= 0) { + close(tpm_rx_fh); + tpm_rx_fh = -1; + goto abort_command; + } + } else { + printf("Recv[%d]: 0x", in_size); + for (i=0; i< in_size; i++) + printf("%x ", in[i]); + printf("\n"); + } + + + if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { + printf("ERROR: Handler Failed.\n"); + } + + written = write(tpm_tx_fh, out, out_size); + + if (written != out_size ) { + printf("ERROR: Part of response not written %d/%d.\nAttempt: ", written, out_size); + } else { + printf("Sent[%Zu]: ", out_size); + } + for (i=0; i< out_size; i++) + printf("%x ", out[i]); + printf("\n"); + tpm_free(out); + + } // loop + + tpm_emulator_shutdown(); + + close(tpm_tx_fh); + close(tpm_rx_fh); + +} Binary files orig/tpm_emulator-0.4/tpm_emulator and tpm_emulator/tpm_emulator differ diff -uprN orig/tpm_emulator-0.4/tpm_version.h tpm_emulator/tpm_version.h --- orig/tpm_emulator-0.4/tpm_version.h 2006-06-23 03:37:07.000000000 -0700 +++ tpm_emulator/tpm_version.h 2006-07-24 14:35:41.000000000 -0700 @@ -2,5 +2,5 @@ #define _TPM_VERSION_H_ #define VERSION_MAJOR 0 #define VERSION_MINOR 4 -#define VERSION_BUILD 1151058734 +#define VERSION_BUILD 1153776940 #endif /* _TPM_VERSION_H_ */