From 523a9f905c2405abb9f60dab807b6544302243ad Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 2 Dec 2020 16:47:46 -0800 Subject: [PATCH] Fixes for properly setting auth (needs to include name for HMAC cpHash/rpHash calculation). Fix for sessionAttributes when command / response doesn't support it. Fixes for the TLS client / server examples. Added back the useful param enc / hmac debugging enabled with `--enable-debug=verbose`. --- examples/tls/tls_client.c | 3 ++ examples/tls/tls_server.c | 8 +++++- examples/wrap/wrap_test.c | 11 ++++++-- src/tpm2.c | 12 +++++--- src/tpm2_param_enc.c | 51 ++++++++++++++++++++++++++++++++++ src/tpm2_wrap.c | 58 +++++++++++++++++++++++---------------- 6 files changed, 112 insertions(+), 31 deletions(-) diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index 2dff856..3f26011 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -130,9 +130,11 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) sockIoCtx.fd = -1; XMEMSET(&tpmCtx, 0, sizeof(tpmCtx)); #ifndef NO_RSA + XMEMSET(&rsaKey, 0, sizeof(rsaKey)); XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey)); #endif #ifdef HAVE_ECC + XMEMSET(&eccKey, 0, sizeof(eccKey)); XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey)); #endif XMEMSET(&tpmSession, 0, sizeof(tpmSession)); @@ -523,6 +525,7 @@ exit: wc_ecc_free(&wolfEccKey); wolfTPM2_UnloadHandle(&dev, &eccKey.handle); #endif + wolfTPM2_UnloadHandle(&dev, &tpmSession.handle); wolfSSL_shutdown(ssl); diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c index 1470096..a083c9e 100644 --- a/examples/tls/tls_server.c +++ b/examples/tls/tls_server.c @@ -137,10 +137,16 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) sockIoCtx.fd = -1; XMEMSET(&tpmCtx, 0, sizeof(tpmCtx)); #ifndef NO_RSA + XMEMSET(&rsaKey, 0, sizeof(rsaKey)); XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey)); #endif #ifdef HAVE_ECC + XMEMSET(&eccKey, 0, sizeof(eccKey)); XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey)); + #ifndef WOLFTPM2_USE_SW_ECDHE + /* Ephemeral Key */ + XMEMSET(&ecdhKey, 0, sizeof(ecdhKey)); + #endif #endif XMEMSET(&tpmSession, 0, sizeof(tpmSession)); @@ -236,7 +242,6 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) #ifndef WOLFTPM2_USE_SW_ECDHE /* Ephemeral Key */ - XMEMSET(&ecdhKey, 0, sizeof(ecdhKey)); tpmCtx.ecdhKey = &ecdhKey; #endif #endif /* HAVE_ECC */ @@ -497,6 +502,7 @@ exit: wc_ecc_free(&wolfEccKey); wolfTPM2_UnloadHandle(&dev, &eccKey.handle); #endif + wolfTPM2_UnloadHandle(&dev, &tpmSession.handle); wolfTPM2_Cleanup(&dev); diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c index 9f42c5c..011c784 100644 --- a/examples/wrap/wrap_test.c +++ b/examples/wrap/wrap_test.c @@ -121,6 +121,8 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; WOLFTPM2_SESSION tpmSession; + XMEMSET(&aesKey, 0, sizeof(aesKey)); + XMEMSET(&publicKey, 0, sizeof(publicKey)); #ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef NO_RSA XMEMSET(&wolfRsaPubKey, 0, sizeof(wolfRsaPubKey)); @@ -415,6 +417,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) /* Close TPM session based on RSA storage key */ wolfTPM2_UnloadHandle(&dev, &tpmSession.handle); + wolfTPM2_SetAuthSession(&dev, 1, NULL, 0); /* clear auth session */ /*------------------------------------------------------------------------*/ @@ -462,6 +465,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) storageKey.handle.auth.size); } +#if 0 /* disabled until ECC Encrypted salt is added */ /* Start an authenticated session (salted / unbound) with parameter encryption */ if (paramEncAlg != TPM_ALG_NULL) { rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL, @@ -475,6 +479,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } +#endif /* Create an ECC key for ECDSA */ rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate, @@ -630,9 +635,11 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); if (rc != 0) goto exit; +#if 0 /* disabled until ECC Encrypted salt is added */ /* Close TPM session based on ECC storage key */ wolfTPM2_UnloadHandle(&dev, &tpmSession.handle); - + wolfTPM2_SetAuthSession(&dev, 1, NULL, 0); /* clear auth session */ +#endif /*------------------------------------------------------------------------*/ /* NV TESTS */ @@ -792,7 +799,6 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]) /*------------------------------------------------------------------------*/ /* ENCRYPT/DECRYPT TESTS */ /*------------------------------------------------------------------------*/ - XMEMSET(&aesKey, 0, sizeof(aesKey)); rc = wolfTPM2_LoadSymmetricKey(&dev, &aesKey, TEST_AES_MODE, TEST_AES_KEY, (word32)sizeof(TEST_AES_KEY)); if (rc != 0) goto exit; @@ -904,6 +910,7 @@ exit: wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); wolfTPM2_UnloadHandle(&dev, &eccKey.handle); wolfTPM2_UnloadHandle(&dev, &ekKey.handle); + wolfTPM2_UnloadHandle(&dev, &tpmSession.handle); wolfTPM2_Shutdown(&dev, 0); /* 0=just shutdown, no startup */ diff --git a/src/tpm2.c b/src/tpm2.c index c21693b..574d1cd 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -175,7 +175,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } /* Handle session request for encryption */ - if (encParam && session->sessionAttributes & TPMA_SESSION_decrypt) { + if (encParam && authCmd.sessionAttributes & TPMA_SESSION_decrypt) { /* Encrypt the first command parameter */ rc = TPM2_ParamEnc_CmdRequest(session, encParam, encParamSz); if (rc != TPM_RC_SUCCESS) { @@ -210,7 +210,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, /* this is done after encryption */ rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, &session->nonceCaller, &session->nonceTPM, - session->sessionAttributes, &authCmd.hmac); + authCmd.sessionAttributes, &authCmd.hmac); if (rc != TPM_RC_SUCCESS) { #ifdef DEBUG_WOLFTPM printf("Error calculating command HMAC!\n"); @@ -302,7 +302,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, /* Calculate HMAC prior to decryption */ rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, &session->nonceTPM, &session->nonceCaller, - session->sessionAttributes, &hmac); + authRsp.sessionAttributes, &hmac); if (rc != TPM_RC_SUCCESS) { #ifdef DEBUG_WOLFTPM printf("Error calculating response HMAC!\n"); @@ -323,7 +323,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, /* Handle session request for decryption */ /* If the response supports decryption */ - if (decParam && session->sessionAttributes & TPMA_SESSION_encrypt) { + if (decParam && authRsp.sessionAttributes & TPMA_SESSION_encrypt) { /* Decrypt the first response parameter */ rc = TPM2_ParamDec_CmdResponse(session, decParam, decParamSz); if (rc != TPM_RC_SUCCESS) { @@ -5282,6 +5282,10 @@ int TPM2_GetName(TPM2_CTX* ctx, int handleCnt, int idx, TPM2B_NAME* name) name->size = session->name.size; XMEMCPY(name->name, session->name.name, name->size); } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("Name %d: %d\n", idx, name->size); + TPM2_PrintBin(name->name, name->size); +#endif return TPM_RC_SUCCESS; } diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c index 971b2d4..3114453 100644 --- a/src/tpm2_param_enc.c +++ b/src/tpm2_param_enc.c @@ -286,6 +286,12 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, return TPM_RC_FAILURE; } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("AES Enc Key %d, IV %d\n", symKeySz, symKeyIvSz); + TPM2_PrintBin(symKey, symKeySz); + TPM2_PrintBin(&symKey[symKeySz], symKeyIvSz); +#endif + /* Perform AES CFB Encryption */ rc = wc_AesInit(&enc, NULL, INVALID_DEVID); if (rc == 0) { @@ -325,6 +331,12 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, return TPM_RC_FAILURE; } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("AES Dec Key %d, IV %d\n", symKeySz, symKeyIvSz); + TPM2_PrintBin(symKey, symKeySz); + TPM2_PrintBin(&symKey[symKeySz], symKeyIvSz); +#endif + /* Perform AES CFB Decryption */ rc = wc_AesInit(&dec, NULL, INVALID_DEVID); if (rc == 0) { @@ -386,6 +398,11 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, wc_HashFree(&hash_ctx, hashType); } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("cpHash: cmd %x, size %d\n", cmdCode, hash->size); + TPM2_PrintBin(hash->buffer, hash->size); +#endif + return rc; } @@ -430,6 +447,11 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, wc_HashFree(&hash_ctx, hashType); } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("rpHash: cmd %x, size %d\n", cmdCode, hash->size); + TPM2_PrintBin(hash->buffer, hash->size); +#endif + return rc; } @@ -455,9 +477,14 @@ int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, rc = wc_HmacInit(&hmac_ctx, NULL, INVALID_DEVID); if (rc != 0) return rc; + /* start HMAC - sessionKey || authValue */ /* TODO: Handle "authValue" case "a value that is found in the sensitive area of an entity" */ if (auth) { +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("HMAC Key: %d\n", auth->size); + TPM2_PrintBin(auth->buffer, auth->size); +#endif rc = wc_HmacSetKey(&hmac_ctx, hashType, auth->buffer, auth->size); } else { @@ -488,6 +515,11 @@ int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, rc = wc_HmacFinal(&hmac_ctx, hmac->buffer); wc_HmacFree(&hmac_ctx); +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("HMAC Auth: attrib %x, size %d\n", sessionAttributes, hmac->size); + TPM2_PrintBin(hmac->buffer, hmac->size); +#endif + return rc; } #endif /* !WOLFTPM2_NO_WOLFCRYPT */ @@ -497,6 +529,16 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session, { TPM_RC rc = TPM_RC_FAILURE; + #ifdef WOLFTPM_DEBUG_VERBOSE + printf("CmdEnc Session Key %d\n", session->auth.size); + TPM2_PrintBin(session->auth.buffer, session->auth.size); + printf("CmdEnc Nonce caller %d\n", session->nonceCaller.size); + TPM2_PrintBin(session->nonceCaller.buffer, session->nonceCaller.size); + printf("CmdEnc Nonce TPM %d\n", session->nonceTPM.size); + TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size); + #endif + + if (session->symmetric.algorithm == TPM_ALG_XOR) { rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonceCaller, &session->nonceTPM, paramData, paramSz); @@ -517,6 +559,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPM2_AUTH_SESSION *session, { TPM_RC rc = TPM_RC_FAILURE; +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("RspDec Session Key %d\n", session->auth.size); + TPM2_PrintBin(session->auth.buffer, session->auth.size); + printf("RspDec Nonce caller %d\n", session->nonceCaller.size); + TPM2_PrintBin(session->nonceCaller.buffer, session->nonceCaller.size); + printf("RspDec Nonce TPM %d\n", session->nonceTPM.size); + TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size); + #endif + if (session->symmetric.algorithm == TPM_ALG_XOR) { rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonceCaller, &session->nonceTPM, paramData, paramSz); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index ee5759c..a9c05db 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -424,6 +424,12 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, return BAD_FUNC_ARG; } + if (tpmSession == NULL) { + /* clearing auth session */ + XMEMSET(&dev->session[index], 0, sizeof(TPM2_AUTH_SESSION)); + return TPM_RC_SUCCESS; + } + rc = wolfTPM2_SetAuth(dev, index, tpmSession->handle.hndl, &tpmSession->handle.auth, sessionAttributes, NULL); if (rc == TPM_RC_SUCCESS) { @@ -575,6 +581,11 @@ int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey, return rc; } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("Session Salt %d\n", salt->size); + TPM2_PrintBin(salt->buffer, salt->size); +#endif + switch (tpmKey->pub.publicArea.type) { #ifdef HAVE_ECC case TPM_ALG_ECC: @@ -712,6 +723,12 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, rc = TPM_RC_SUCCESS; } +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("Session Key %d\n", session->handle.auth.size); + TPM2_PrintBin(session->handle.auth.buffer, session->handle.auth.size); +#endif + + /* return session */ session->type = authSesIn.sessionType; session->authHash = authSesIn.authHash; @@ -919,7 +936,7 @@ int wolfTPM2_LoadKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob, /* set session auth for parent key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = parent->auth; + wolfTPM2_SetAuthHandle(dev, 0, parent); } /* Load new key */ @@ -2178,9 +2195,7 @@ int wolfTPM2_ECDHGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = privKey->handle.auth; - dev->ctx.session[0].symmetric = - privKey->pub.publicArea.parameters.eccDetail.symmetric; + wolfTPM2_SetAuthHandle(dev, 0, &privKey->handle); } XMEMSET(&ecdhZIn, 0, sizeof(ecdhZIn)); @@ -2262,9 +2277,7 @@ int wolfTPM2_ECDHEGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* parentKey, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = parentKey->handle.auth; - dev->ctx.session[0].symmetric = - parentKey->pub.publicArea.parameters.eccDetail.symmetric; + wolfTPM2_SetAuthHandle(dev, 0, &parentKey->handle); } XMEMSET(&inZGen2Ph, 0, sizeof(inZGen2Ph)); @@ -2310,9 +2323,7 @@ int wolfTPM2_RsaEncrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = key->handle.auth; - dev->ctx.session[0].symmetric = - key->pub.publicArea.parameters.rsaDetail.symmetric; + wolfTPM2_SetAuthHandle(dev, 0, &key->handle); } /* RSA Encrypt */ @@ -2361,11 +2372,9 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, return BAD_FUNC_ARG; } - /* set session auth for key */ + /* set session auth and name for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = key->handle.auth; - dev->ctx.session[0].symmetric = - key->pub.publicArea.parameters.rsaDetail.symmetric; + wolfTPM2_SetAuthHandle(dev, 0, &key->handle); } /* RSA Decrypt */ @@ -2416,7 +2425,7 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int hashAlg, byte* digest, /* set session auth to blank */ if (dev->ctx.session) { - XMEMSET(&dev->ctx.session[0].auth, 0, sizeof(TPM2B_AUTH)); + wolfTPM2_SetAuthPassword(dev, 0, NULL); } wolfTPM2_SetupPCRSel(&pcrReadIn.pcrSelectionIn, hashAlg, pcrIndex); @@ -2521,7 +2530,7 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = parent->auth; + wolfTPM2_SetAuthHandle(dev, 0, parent); } XMEMSET(&in, 0, sizeof(in)); @@ -2593,7 +2602,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = nv->handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &nv->handle); } while (dataSz > 0) { @@ -2653,7 +2662,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = nv->handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &nv->handle); } dataSz = *pDataSz; @@ -2763,7 +2772,7 @@ int wolfTPM2_NVDeleteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = parent->auth; + wolfTPM2_SetAuthHandle(dev, 0, parent); } XMEMSET(&in, 0, sizeof(in)); @@ -2934,7 +2943,7 @@ int wolfTPM2_HashUpdate(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash, /* set session auth for hash handle */ if (dev->ctx.session) { - dev->ctx.session[0].auth = hash->handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &hash->handle); } XMEMSET(&in, 0, sizeof(in)); @@ -2980,7 +2989,7 @@ int wolfTPM2_HashFinish(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash, /* set session auth for hash handle */ if (dev->ctx.session) { - dev->ctx.session[0].auth = hash->handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &hash->handle); } XMEMSET(&in, 0, sizeof(in)); @@ -3179,7 +3188,7 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, /* set session auth for key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = key->handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &key->handle); } XMEMSET(&encDecIn, 0, sizeof(encDecIn)); @@ -3322,7 +3331,7 @@ int wolfTPM2_LoadKeyedHashKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, /* set session auth for parent key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = parent->auth; + wolfTPM2_SetAuthHandle(dev, 0, parent); } XMEMSET(&createIn, 0, sizeof(createIn)); @@ -3410,7 +3419,7 @@ int wolfTPM2_HmacStart(WOLFTPM2_DEV* dev, WOLFTPM2_HMAC* hmac, /* set session auth for hmac key */ if (dev->ctx.session) { - dev->ctx.session[0].auth = hmac->hash.handle.auth; + wolfTPM2_SetAuthHandle(dev, 0, &hmac->hash.handle); } /* Setup HMAC start command */ @@ -4010,6 +4019,7 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) /* otherwise load public key and perform public op */ /* load public key into TPM */ + XMEMSET(&rsaPub, 0, sizeof(rsaPub)); rc = wolfTPM2_RsaKey_WolfToTpm(tlsCtx->dev, info->pk.rsa.key, &rsaPub); if (rc != 0) {