From d74b094191f2e09b29cfad4f03322e0cd64497ab Mon Sep 17 00:00:00 2001

From: jetwhiz <charles.munson@ll.mit.edu>

Date: Tue, 5 Feb 2019 17:24:44 -0500

Subject: [PATCH] Add ability to run tpm2_makecredential without a TPM

Used some functions from tpm2_import for off-TPM functionality

 - Move needed, overlap code into tpm2_identity_util

Add new global -X/--openssl-backend option for any tools that can operate w/o TPM

Signed-off-by: jetwhiz <Charles.Munson@ll.mit.edu>

---

 Makefile.am                             |   6 +-

 lib/tpm2_identity_util.c                | 480 ++++++++++++++++++++++++

 lib/tpm2_identity_util.h                | 141 +++++++

 lib/tpm2_openssl.c                      | 162 ++++++++

 lib/tpm2_openssl.h                      | 108 ++++++

 lib/tpm2_options.c                      |  36 +-

 lib/tpm2_options.h                      |   1 +

 man/common/tcti.md                      |   4 +

 man/tpm2_activatecredential.1.md        |   2 +-

 man/tpm2_certify.1.md                   |   2 +-

 man/tpm2_create.1.md                    |   2 +-

 man/tpm2_encryptdecrypt.1.md            |   2 +-

 man/tpm2_getpubak.1.md                  |   2 +-

 man/tpm2_makecredential.1.md            |   3 +-

 test/system/test_tpm2_makecredential.sh |   2 +

 tools/tpm2_makecredential.c             | 103 ++++-

 16 files changed, 1033 insertions(+), 23 deletions(-)

 create mode 100644 lib/tpm2_identity_util.c

 create mode 100644 lib/tpm2_identity_util.h

 create mode 100644 lib/tpm2_openssl.c

 create mode 100644 lib/tpm2_openssl.h

diff --git a/Makefile.am b/Makefile.am

index ffe22f383e3..2195537ce01 100644

--- a/Makefile.am

+++ b/Makefile.am

@@ -119,7 +119,11 @@ lib_libcommon_a_SOURCES = \

     lib/tpm2_errata.c \

     lib/tpm2_errata.h \

     lib/tpm2_header.h \

+    lib/tpm2_identity_util.c \

+    lib/tpm2_identity_util.h \

     lib/tpm2_nv_util.h \

+    lib/tpm2_openssl.c \

+    lib/tpm2_openssl.h \

     lib/tpm2_password_util.c \

     lib/tpm2_password_util.h \

     lib/tpm2_policy.c \

@@ -347,4 +351,4 @@ man/man1/%.1 : man/%.1.md $(MARKDOWN_COMMON_DEPS)

 	    -e '/\[object attribute specifiers\]/d' \

 	    < $< | pandoc -s -t man > $@

-CLEANFILES = $(man1_MANS)

+CLEANFILES = $(man1_MANS)

\ No newline at end of file

diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c

new file mode 100644

index 00000000000..70bf03647eb

--- /dev/null

+++ b/lib/tpm2_identity_util.c

@@ -0,0 +1,480 @@

+//**********************************************************************;

+// Copyright (c) 2017, Intel Corporation

+// Copyright (c) 2019 Massachusetts Institute of Technology

+// All rights reserved.

+//

+// Redistribution and use in source and binary forms, with or without

+// modification, are permitted provided that the following conditions are met:

+//

+// 1. Redistributions of source code must retain the above copyright notice,

+// this list of conditions and the following disclaimer.

+//

+// 2. Redistributions in binary form must reproduce the above copyright notice,

+// this list of conditions and the following disclaimer in the documentation

+// and/or other materials provided with the distribution.

+//

+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

+// THE POSSIBILITY OF SUCH DAMAGE.

+//**********************************************************************

+

+#include <errno.h>

+#include <stdint.h>

+#include <string.h>

+

+#include <openssl/aes.h>

+#include <openssl/bn.h>

+#include <openssl/evp.h>

+#include <openssl/err.h>

+#include <openssl/hmac.h>

+#include <openssl/obj_mac.h>

+#include <openssl/pem.h>

+#include <openssl/rand.h>

+#include <openssl/rsa.h>

+

+#include <tss2/tss2_mu.h>

+#include <tss2/tss2_sys.h>

+

+#include "files.h"

+#include "log.h"

+#include "tpm2_alg_util.h"

+#include "tpm_kdfa.h"

+#include "tpm2_openssl.h"

+#include "tpm2_identity_util.h"

+#include "tpm2_util.h"

+

+

+// Identity-related functionality that the TPM normally does, but using OpenSSL

+

+#if defined(LIBRESSL_VERSION_NUMBER)

+static int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,

+        const unsigned char *from, int flen, const unsigned char *param, int plen,

+        const EVP_MD *md, const EVP_MD *mgf1md) {

+

+    int ret = 0;

+    int i, emlen = tlen - 1;

+    unsigned char *db, *seed;

+    unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];

+    int mdlen;

+

+    if (md == NULL)

+        md = EVP_sha1();

+    if (mgf1md == NULL)

+        mgf1md = md;

+

+    mdlen = EVP_MD_size(md);

+

+    if (flen > emlen - 2 * mdlen - 1) {

+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,

+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);

+        return 0;

+    }

+

+    if (emlen < 2 * mdlen + 1) {

+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,

+               RSA_R_KEY_SIZE_TOO_SMALL);

+        return 0;

+    }

+

+    to[0] = 0;

+    seed = to + 1;

+    db = to + mdlen + 1;

+

+    if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))

+        return 0;

+    memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);

+    db[emlen - flen - mdlen - 1] = 0x01;

+    memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);

+    if (RAND_bytes(seed, mdlen) <= 0)

+        return 0;

+

+    dbmask = OPENSSL_malloc(emlen - mdlen);

+    if (dbmask == NULL) {

+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);

+        return 0;

+    }

+

+    if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)

+        goto err;

+    for (i = 0; i < emlen - mdlen; i++)

+        db[i] ^= dbmask[i];

+

+    if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)

+        goto err;

+    for (i = 0; i < mdlen; i++)

+        seed[i] ^= seedmask[i];

+

+    ret = 1;

+

+ err:

+    OPENSSL_free(dbmask);

+

+    return ret;

+}

+#endif

+

+static TPM2_KEY_BITS get_pub_asym_key_bits(TPM2B_PUBLIC *public) {

+

+    TPMU_PUBLIC_PARMS *p = &public->publicArea.parameters;

+    switch(public->publicArea.type) {

+    case TPM2_ALG_ECC:

+        /* fall-thru */

+    case TPM2_ALG_RSA:

+        return p->asymDetail.symmetric.keyBits.sym;

+    /* no default */

+    }

+

+    return 0;

+}

+

+static bool encrypt_seed_with_tpm2_rsa_public_key(TPM2B_DIGEST *protection_seed,

+        TPM2B_PUBLIC *parent_pub, unsigned char *label, int labelLen,

+        TPM2B_ENCRYPTED_SECRET *encrypted_protection_seed) {

+    bool rval = false;

+    RSA *rsa = NULL;

+

+    // Public modulus (RSA-only!)

+    TPMI_RSA_KEY_BITS mod_size_bits = parent_pub->publicArea.parameters.rsaDetail.keyBits;

+    UINT16 mod_size = mod_size_bits / 8;

+    TPM2B *pub_key_val = (TPM2B *)&parent_pub->publicArea.unique.rsa;

+    unsigned char *pub_modulus = malloc(mod_size);

+    if (pub_modulus == NULL) {

+        LOG_ERR("Failed to allocate memory to store public key's modulus.");

+        return false;

+    }

+    memcpy(pub_modulus, pub_key_val->buffer, mod_size);

+

+    TPMI_ALG_HASH parent_name_alg = parent_pub->publicArea.nameAlg;

+

+    /*

+     * This is the biggest buffer value, so it should always be sufficient.

+     */

+    unsigned char encoded[TPM2_MAX_DIGEST_BUFFER];

+    int return_code = RSA_padding_add_PKCS1_OAEP_mgf1(encoded,

+            mod_size, protection_seed->buffer, protection_seed->size, label, labelLen,

+            tpm2_openssl_halg_from_tpmhalg(parent_name_alg), NULL);

+    if (return_code != 1) {

+        LOG_ERR("Failed RSA_padding_add_PKCS1_OAEP_mgf1\n");

+        goto error;

+    }

+    BIGNUM* bne = BN_new();

+    if (!bne) {

+        LOG_ERR("BN_new for bne failed\n");

+        goto error;

+    }

+    return_code = BN_set_word(bne, RSA_F4);

+    if (return_code != 1) {

+        LOG_ERR("BN_set_word failed\n");

+        BN_free(bne);

+        goto error;

+    }

+    rsa = RSA_new();

+    if (!rsa) {

+        LOG_ERR("RSA_new failed\n");

+        BN_free(bne);

+        goto error;

+    }

+    return_code = RSA_generate_key_ex(rsa, mod_size_bits, bne, NULL);

+    BN_free(bne);

+    if (return_code != 1) {

+        LOG_ERR("RSA_generate_key_ex failed\n");

+        goto error;

+    }

+    BIGNUM *n = BN_bin2bn(pub_modulus, mod_size, NULL);

+    if (n == NULL) {

+        LOG_ERR("BN_bin2bn failed\n");

+        goto error;

+    }

+    if (!RSA_set0_key(rsa, n, NULL, NULL)) {

+        LOG_ERR("RSA_set0_key failed\n");

+        BN_free(n);

+        goto error;

+    }

+    // Encrypting

+    encrypted_protection_seed->size = mod_size;

+    return_code = RSA_public_encrypt(mod_size, encoded,

+            encrypted_protection_seed->secret, rsa, RSA_NO_PADDING);

+    if (return_code < 0) {

+        LOG_ERR("Failed RSA_public_encrypt\n");

+        goto error;

+    }

+

+    rval = true;

+

+error:

+    free(pub_modulus);

+    RSA_free(rsa);

+    return rval;

+}

+

+bool tpm2_identity_util_calc_outer_integrity_hmac_key_and_dupsensitive_enc_key(

+        TPM2B_PUBLIC *parent_pub,

+        TPM2B_NAME *pubname,

+        TPM2B_DIGEST *protection_seed,

+        TPM2B_MAX_BUFFER *protection_hmac_key,

+        TPM2B_MAX_BUFFER *protection_enc_key) {

+

+    TPM2B null_2b = { .size = 0 };

+

+    TPMI_ALG_HASH parent_alg = parent_pub->publicArea.nameAlg;

+    UINT16 parent_hash_size = tpm2_alg_util_get_hash_size(parent_alg);

+

+    TSS2_RC rval = tpm_kdfa(parent_alg, (TPM2B *)protection_seed, "INTEGRITY",

+            &null_2b, &null_2b, parent_hash_size * 8, protection_hmac_key);

+    if (rval != TPM2_RC_SUCCESS) {

+        return false;

+    }

+

+    TPM2_KEY_BITS pub_key_bits = get_pub_asym_key_bits(parent_pub);

+

+    rval = tpm_kdfa(parent_alg, (TPM2B *)protection_seed, "STORAGE",

+            (TPM2B *)pubname, &null_2b, pub_key_bits,

+            protection_enc_key);

+    if (rval != TPM2_RC_SUCCESS) {

+        return false;

+    }

+

+    return true;

+}

+

+

+bool tpm2_identity_util_encrypt_seed_with_public_key(TPM2B_DIGEST *protection_seed,

+        TPM2B_PUBLIC *parent_pub, unsigned char *label, int labelLen,

+        TPM2B_ENCRYPTED_SECRET *encrypted_protection_seed) {

+    bool result = false;

+    TPMI_ALG_PUBLIC alg = parent_pub->publicArea.type;

+    

+    switch (alg) {

+    case TPM2_ALG_RSA:

+        result = encrypt_seed_with_tpm2_rsa_public_key(protection_seed, 

+                parent_pub, label, labelLen, encrypted_protection_seed);

+        break;

+    case TPM2_ALG_ECC:

+        LOG_ERR("Algorithm '%s' not supported yet", tpm2_alg_util_algtostr(alg));

+        result = false;

+        break;

+    default:

+        LOG_ERR("Cannot handle algorithm, got: %s", tpm2_alg_util_algtostr(alg));

+        return false;

+    }

+    

+    return result;

+}

+

+static const EVP_CIPHER *tpm_alg_to_ossl(TPMT_SYM_DEF_OBJECT *sym) {

+

+    switch(sym->algorithm) {

+        case TPM2_ALG_AES: {

+            switch (sym->keyBits.aes) {

+            case 128:

+                return EVP_aes_128_cfb();

+            case 256:

+                return EVP_aes_256_cfb();

+            /* no default */

+            }

+        }

+        /* no default */

+    }

+

+    LOG_ERR("Unsupported parent key symmetric parameters");

+

+    return NULL;

+}

+

+static bool aes_encrypt_buffers(TPMT_SYM_DEF_OBJECT *sym, uint8_t *encryption_key,

+        uint8_t *buf1, size_t buf1_len,

+        uint8_t *buf2, size_t buf2_len,

+        TPM2B_MAX_BUFFER *cipher_text) {

+

+    bool result = false;

+

+    unsigned offset = 0;

+    size_t total_len = buf1_len + buf2_len;

+

+    if (total_len > sizeof(cipher_text->buffer)) {

+        LOG_ERR("Plaintext too big, got %zu, expected less then %zu",

+                total_len, sizeof(cipher_text->buffer));

+        return false;

+    }

+

+    const EVP_CIPHER *cipher = tpm_alg_to_ossl(sym);

+    if (!cipher) {

+        return false;

+    }

+

+    const unsigned char iv[512] = { 0 };

+

+    if (((unsigned long)EVP_CIPHER_iv_length(cipher)) > sizeof(iv)) {

+        LOG_ERR("IV size is bigger then IV buffer size");

+        return false;

+    }

+

+    EVP_CIPHER_CTX *ctx = tpm2_openssl_cipher_new();

+

+    int rc = EVP_EncryptInit_ex(ctx, cipher, NULL, encryption_key, iv);

+    if (!rc) {

+        return false;

+    }

+

+    EVP_CIPHER_CTX_set_padding(ctx, 0);

+

+    uint8_t *bufs[2] = {

+        buf1,

+        buf2

+    };

+

+    size_t lens[ARRAY_LEN(bufs)] = {

+        buf1_len,

+        buf2_len

+    };

+

+    unsigned i;

+    for (i=0; i < ARRAY_LEN(bufs); i++) {

+

+        uint8_t *b = bufs[i];

+        size_t l = lens[i];

+

+        if (!b) {

+            continue;

+        }

+

+        int output_len = total_len - offset;

+

+        rc = EVP_EncryptUpdate(ctx, &cipher_text->buffer[offset], &output_len, b, l);

+        if (!rc) {

+            LOG_ERR("Encrypt failed");

+            goto out;

+        }

+

+        offset += l;

+    }

+

+    int tmp_len = 0;

+    rc = EVP_EncryptFinal_ex(ctx, NULL, &tmp_len);

+    if (!rc) {

+        LOG_ERR("Encrypt failed");

+        goto out;

+    }

+

+    cipher_text->size = total_len;

+

+    result = true;

+

+out:

+    tpm2_openssl_cipher_free(ctx);

+

+    return result;

+}

+

+static void hmac_outer_integrity(

+        TPMI_ALG_HASH parent_name_alg,

+        uint8_t *buffer1, uint16_t buffer1_size,

+        uint8_t *buffer2, uint16_t buffer2_size, uint8_t *hmac_key,

+        TPM2B_DIGEST *outer_integrity_hmac) {

+

+    uint8_t to_hmac_buffer[TPM2_MAX_DIGEST_BUFFER];

+    memcpy(to_hmac_buffer, buffer1, buffer1_size);

+    memcpy(to_hmac_buffer + buffer1_size, buffer2, buffer2_size);

+    uint32_t size = 0;

+

+    UINT16 hash_size = tpm2_alg_util_get_hash_size(parent_name_alg);

+

+    HMAC(tpm2_openssl_halg_from_tpmhalg(parent_name_alg), hmac_key, hash_size, to_hmac_buffer,

+            buffer1_size + buffer2_size, outer_integrity_hmac->buffer, &size);

+    outer_integrity_hmac->size = size;

+}

+

+bool tpm2_identity_util_calculate_inner_integrity(

+        TPMI_ALG_HASH name_alg, 

+        TPM2B_SENSITIVE *sensitive, 

+        TPM2B_NAME *pubname, 

+        TPM2B_DATA *enc_sensitive_key,

+        TPMT_SYM_DEF_OBJECT *sym_alg,

+        TPM2B_MAX_BUFFER *encrypted_inner_integrity) {

+

+    //Marshal sensitive area

+    uint8_t buffer_marshalled_sensitiveArea[TPM2_MAX_DIGEST_BUFFER] = { 0 };

+    size_t marshalled_sensitive_size = 0;

+    Tss2_MU_TPMT_SENSITIVE_Marshal(&sensitive->sensitiveArea,

+            buffer_marshalled_sensitiveArea + sizeof(uint16_t), TPM2_MAX_DIGEST_BUFFER,

+            &marshalled_sensitive_size);

+    size_t marshalled_sensitive_size_info = 0;

+    Tss2_MU_UINT16_Marshal(marshalled_sensitive_size, buffer_marshalled_sensitiveArea,

+            sizeof(uint16_t), &marshalled_sensitive_size_info);

+

+    //concatenate NAME

+    memcpy(

+            buffer_marshalled_sensitiveArea + marshalled_sensitive_size

+                    + marshalled_sensitive_size_info,

+            pubname->name,

+            pubname->size);

+

+    //Digest marshalled-sensitive || name

+    uint8_t *marshalled_sensitive_and_name_digest =

+            buffer_marshalled_sensitiveArea + marshalled_sensitive_size

+                    + marshalled_sensitive_size_info

+                    + pubname->size;

+    size_t digest_size_info = 0;

+    UINT16 hash_size = tpm2_alg_util_get_hash_size(name_alg);

+    Tss2_MU_UINT16_Marshal(hash_size, marshalled_sensitive_and_name_digest,

+            sizeof(uint16_t), &digest_size_info);

+

+    digester d = tpm2_openssl_halg_to_digester(name_alg);

+    d(buffer_marshalled_sensitiveArea,

+            marshalled_sensitive_size_info + marshalled_sensitive_size

+                    + pubname->size,

+            marshalled_sensitive_and_name_digest + digest_size_info);

+

+    //Inner integrity

+    encrypted_inner_integrity->size = marshalled_sensitive_size_info

+            + marshalled_sensitive_size + pubname->size;

+

+    return aes_encrypt_buffers(

+            sym_alg,

+            enc_sensitive_key->buffer,

+            marshalled_sensitive_and_name_digest, 

+            hash_size + digest_size_info,

+            buffer_marshalled_sensitiveArea, 

+            marshalled_sensitive_size_info + marshalled_sensitive_size,

+            encrypted_inner_integrity);

+}

+

+void tpm2_identity_util_calculate_outer_integrity(

+        TPMI_ALG_HASH parent_name_alg,

+        TPM2B_NAME *pubname,

+        TPM2B_MAX_BUFFER *marshalled_sensitive,

+        TPM2B_MAX_BUFFER *protection_hmac_key,

+        TPM2B_MAX_BUFFER *protection_enc_key,

+        TPMT_SYM_DEF_OBJECT *sym_alg,

+        TPM2B_MAX_BUFFER *encrypted_duplicate_sensitive,

+        TPM2B_DIGEST *outer_hmac) {

+

+    //Calculate dupSensitive

+    encrypted_duplicate_sensitive->size =

+            marshalled_sensitive->size;

+

+    aes_encrypt_buffers(

+            sym_alg,

+            protection_enc_key->buffer,

+            marshalled_sensitive->buffer,

+            marshalled_sensitive->size,

+            NULL, 0,

+            encrypted_duplicate_sensitive);

+    //Calculate outerHMAC

+    hmac_outer_integrity(

+            parent_name_alg,

+            encrypted_duplicate_sensitive->buffer,

+            encrypted_duplicate_sensitive->size,

+            pubname->name,

+            pubname->size, 

+            protection_hmac_key->buffer,

+            outer_hmac);

+}

diff --git a/lib/tpm2_identity_util.h b/lib/tpm2_identity_util.h

new file mode 100644

index 00000000000..49f231a3347

--- /dev/null

+++ b/lib/tpm2_identity_util.h

@@ -0,0 +1,141 @@

+//**********************************************************************;

+// Copyright (c) 2017, Intel Corporation

+// Copyright (c) 2019 Massachusetts Institute of Technology

+// All rights reserved.

+//

+// Redistribution and use in source and binary forms, with or without

+// modification, are permitted provided that the following conditions are met:

+//

+// 1. Redistributions of source code must retain the above copyright notice,

+// this list of conditions and the following disclaimer.

+//

+// 2. Redistributions in binary form must reproduce the above copyright notice,

+// this list of conditions and the following disclaimer in the documentation

+// and/or other materials provided with the distribution.

+//

+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

+// THE POSSIBILITY OF SUCH DAMAGE.

+//**********************************************************************

+

+#ifndef LIB_TPM2_IDENTITY_UTIL_H_

+#define LIB_TPM2_IDENTITY_UTIL_H_

+

+#include <tss2/tss2_sys.h>

+

+#include <openssl/err.h>

+#include <openssl/hmac.h>

+#include <openssl/rsa.h>

+

+

+/**

+ * Generates HMAC integrity and symmetric encryption keys for TPM2 identies.

+ *

+ * @param parent_pub

+ *  The public key used for seed generation and protection.

+ * @param pubname

+ *  The Name object associated with the parent_pub credential.

+ * @param protection_seed

+ *  The symmetric seed value used to generate protection keys.

+ * @param protection_hmac_key

+ *  The HMAC integrity key to populate.

+ * @param protection_enc_key

+ *  The symmetric encryption key to populate.

+ * @return

+ *  True on success, false on failure.

+ */

+bool tpm2_identity_util_calc_outer_integrity_hmac_key_and_dupsensitive_enc_key(

+        TPM2B_PUBLIC *parent_pub,

+        TPM2B_NAME *pubname,

+        TPM2B_DIGEST *protection_seed,

+        TPM2B_MAX_BUFFER *protection_hmac_key,

+        TPM2B_MAX_BUFFER *protection_enc_key);

+

+/**

+ * Encrypts seed with parent public key for TPM2 credential protection process.

+ *

+ * @param protection_seed

+ *  The identity structure protection seed that is to be encrypted.

+ * @param parent_pub

+ *  The public key used for encryption.

+ * @param label

+ *  Indicates label for the seed, such as "IDENTITY" or "DUPLICATE".

+ * @param labelLen

+ *  Length of label.

+ * @param encrypted_protection_seed

+ *  The encrypted protection seed to populate.

+ * @return

+ *  True on success, false on failure.

+ */

+bool tpm2_identity_util_encrypt_seed_with_public_key(

+        TPM2B_DIGEST *protection_seed,

+        TPM2B_PUBLIC *parent_pub,

+        unsigned char *label,

+        int labelLen,

+        TPM2B_ENCRYPTED_SECRET *encrypted_protection_seed);

+

+/**

+ * Marshalls Credential Value and encrypts it with the symmetric encryption key.

+ *

+ * @param name_alg

+ *  Hash algorithm used to compute Name of the public key.

+ * @param sensitive

+ *  The Credential Value to be marshalled and encrypted with symmetric key.

+ * @param pubname

+ *  The Name object corresponding to the public key.

+ * @param enc_sensitive_key

+ *  The symmetric encryption key.

+ * @param sym_alg

+ *  The algorithm used for the symmetric encryption key.

+ * @param encrypted_inner_integrity

+ *  The encrypted, marshalled Credential Value to populate.

+ * @return

+ *  True on success, false on failure.

+ */

+bool tpm2_identity_util_calculate_inner_integrity(

+        TPMI_ALG_HASH name_alg,

+        TPM2B_SENSITIVE *sensitive,

+        TPM2B_NAME *pubname,

+        TPM2B_DATA *enc_sensitive_key,

+        TPMT_SYM_DEF_OBJECT *sym_alg,

+        TPM2B_MAX_BUFFER *encrypted_inner_integrity);

+

+/**

+ * Encrypts Credential Value with enc key and calculates HMAC with hmac key.

+ *

+ * @param parent_name_alg

+ *  Hash algorithm used to compute Name of the public key.

+ * @param pubname

+ *  The Name object corresponding to the public key.

+ * @param marshalled_sensitive

+ *  Marshalled Credential Value to be encrypted with symmetric encryption key.

+ * @param protection_hmac_key

+ *  The HMAC integrity key.

+ * @param protection_enc_key

+ *  The symmetric encryption key.

+ * @param sym_alg

+ *  The algorithm used for the symmetric encryption key.

+ * @param encrypted_duplicate_sensitive

+ *  The encrypted Credential Value to populate.

+ * @param outer_hmac

+ *  The outer HMAC structure to populate.

+ */

+void tpm2_identity_util_calculate_outer_integrity(

+        TPMI_ALG_HASH parent_name_alg,

+        TPM2B_NAME *pubname,

+        TPM2B_MAX_BUFFER *marshalled_sensitive,

+        TPM2B_MAX_BUFFER *protection_hmac_key,

+        TPM2B_MAX_BUFFER *protection_enc_key,

+        TPMT_SYM_DEF_OBJECT *sym_alg,

+        TPM2B_MAX_BUFFER *encrypted_duplicate_sensitive,

+        TPM2B_DIGEST *outer_hmac);

+

+#endif /* LIB_TPM2_IDENTITY_UTIL_H_ */

diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c

new file mode 100644

index 00000000000..0bfc95bd1ef

--- /dev/null

+++ b/lib/tpm2_openssl.c

@@ -0,0 +1,162 @@

+//**********************************************************************;

+// Copyright (c) 2017, Intel Corporation

+// All rights reserved.

+//

+// Redistribution and use in source and binary forms, with or without

+// modification, are permitted provided that the following conditions are met:

+//

+// 1. Redistributions of source code must retain the above copyright notice,

+// this list of conditions and the following disclaimer.

+//

+// 2. Redistributions in binary form must reproduce the above copyright notice,

+// this list of conditions and the following disclaimer in the documentation

+// and/or other materials provided with the distribution.

+//

+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

+// THE POSSIBILITY OF SUCH DAMAGE.

+//**********************************************************************

+

+#include <errno.h>

+#include <stdint.h>

+#include <string.h>

+

+#include <openssl/aes.h>

+#include <openssl/bn.h>

+#include <openssl/evp.h>

+#include <openssl/err.h>

+#include <openssl/hmac.h>

+#include <openssl/obj_mac.h>

+#include <openssl/pem.h>

+#include <openssl/rand.h>

+#include <openssl/rsa.h>

+

+#include <tss2/tss2_sys.h>

+

+#include "files.h"

+#include "log.h"

+#include "tpm2_alg_util.h"

+#include "tpm2_openssl.h"

+#include "tpm2_util.h"

+

+

+const EVP_MD *tpm2_openssl_halg_from_tpmhalg(TPMI_ALG_HASH algorithm) {

+

+    switch (algorithm) {

+    case TPM2_ALG_SHA1:

+        return EVP_sha1();

+    case TPM2_ALG_SHA256:

+        return EVP_sha256();

+    case TPM2_ALG_SHA384:

+        return EVP_sha384();

+    case TPM2_ALG_SHA512:

+        return EVP_sha512();

+    default:

+        return NULL;

+    }

+    /* no return, not possible */

+}

+

+#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)

+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {

+

+    if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {

+        return 0;

+    }

+

+    if (n != NULL) {

+        BN_free(r->n);

+        r->n = n;

+    }

+

+    if (e != NULL) {

+        BN_free(r->e);

+        r->e = e;

+    }

+

+    if (d != NULL) {

+        BN_free(r->d);

+        r->d = d;

+    }

+

+    return 1;

+}

+#endif

+

+static inline const char *get_openssl_err(void) {

+    return ERR_error_string(ERR_get_error(), NULL);

+}

+

+

+EVP_CIPHER_CTX *tpm2_openssl_cipher_new(void) {

+    EVP_CIPHER_CTX *ctx;

+#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)

+    ctx = malloc(sizeof(*ctx));

+#else

+    ctx = EVP_CIPHER_CTX_new();

+#endif

+    if (!ctx)

+        return NULL;

+

+#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)

+    EVP_CIPHER_CTX_init(ctx);

+#endif

+

+    return ctx;

+}

+

+void tpm2_openssl_cipher_free(EVP_CIPHER_CTX *ctx) {

+#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)

+    EVP_CIPHER_CTX_cleanup(ctx);

+    free(ctx);

+#else

+    EVP_CIPHER_CTX_free(ctx);

+#endif

+}

+

+digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) {

+

+    switch(halg) {

+    case TPM2_ALG_SHA1:

+        return SHA1;

+    case TPM2_ALG_SHA256:

+        return SHA256;

+    case TPM2_ALG_SHA384:

+        return SHA384;

+    case TPM2_ALG_SHA512:

+        return SHA512;

+    /* no default */

+    }

+

+    return NULL;

+}

+

+/*

+ * Per man openssl(1), handle the following --passin formats:

+ *     pass:password

+ *             the actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not

+ *             important.

+ *

+ *   env:var   obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain

+ *             Unix OSes) this option should be used with caution.

+ *

+ *   file:pathname

+ *             the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used

+ *             for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or

+ *             named pipe.

+ *

+ *   fd:number read the password from the file descriptor number. This can be used to send the data via a pipe for example.

+ *

+ *   stdin     read the password from standard input.

+ *

+ */

+

+typedef bool (*pfn_ossl_pw_handler)(const char *passin, char **pass);

diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h

new file mode 100644

index 00000000000..d749cb350ac

--- /dev/null

+++ b/lib/tpm2_openssl.h

@@ -0,0 +1,108 @@

+//**********************************************************************;

+// Copyright (c) 2017, Intel Corporation

+// All rights reserved.

+//

+// Redistribution and use in source and binary forms, with or without

+// modification, are permitted provided that the following conditions are met:

+//

+// 1. Redistributions of source code must retain the above copyright notice,

+// this list of conditions and the following disclaimer.

+//

+// 2. Redistributions in binary form must reproduce the above copyright notice,

+// this list of conditions and the following disclaimer in the documentation

+// and/or other materials provided with the distribution.

+//

+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE