debuggers.hg

view tools/vtpm_manager/manager/vtpm_manager.c @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children
line source
1 // ===================================================================
2 //
3 // Copyright (c) 2005, Intel Corp.
4 // All rights reserved.
5 //
6 // Redistribution and use in source and binary forms, with or without
7 // modification, are permitted provided that the following conditions
8 // are met:
9 //
10 // * Redistributions of source code must retain the above copyright
11 // notice, this list of conditions and the following disclaimer.
12 // * Redistributions in binary form must reproduce the above
13 // copyright notice, this list of conditions and the following
14 // disclaimer in the documentation and/or other materials provided
15 // with the distribution.
16 // * Neither the name of Intel Corporation nor the names of its
17 // contributors may be used to endorse or promote products derived
18 // from this software without specific prior written permission.
19 //
20 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 // COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 // OF THE POSSIBILITY OF SUCH DAMAGE.
32 // ===================================================================
33 //
34 // vtpm_manager.c
35 //
36 // This file will house the main logic of the VTPM Manager
37 //
38 // ==================================================================
40 #include <stdio.h>
41 #include <unistd.h>
42 #include <string.h>
44 #include "vtpm_manager.h"
45 #include "vtpmpriv.h"
46 #include "vtsp.h"
47 #include "bsg.h"
48 #include "hashtable.h"
49 #include "hashtable_itr.h"
51 #include "log.h"
52 #include "buffer.h"
54 VTPM_GLOBALS *vtpm_globals=NULL;
56 // --------------------------- Well Known Auths --------------------------
57 const TPM_AUTHDATA SRK_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
58 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
60 #ifdef WELL_KNOWN_OWNER_AUTH
61 static BYTE FIXED_OWNER_AUTH[20] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
62 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
63 #endif
66 // -------------------------- Hash table functions --------------------
68 static unsigned int hashfunc32(void *ky) {
69 return (* (UINT32 *) ky);
70 }
72 static int equals32(void *k1, void *k2) {
73 return (*(UINT32 *) k1 == *(UINT32 *) k2);
74 }
76 // --------------------------- Functions ------------------------------
78 TPM_RESULT VTPM_Create_Manager(){
80 TPM_RESULT status = TPM_SUCCESS;
82 // Generate Auth for Owner
83 #ifdef WELL_KNOWN_OWNER_AUTH
84 memcpy(vtpm_globals->owner_usage_auth, FIXED_OWNER_AUTH, sizeof(TPM_AUTHDATA));
85 #else
86 Crypto_GetRandom(vtpm_globals->owner_usage_auth, sizeof(TPM_AUTHDATA) );
87 #endif
89 // Take Owership of TPM
90 CRYPTO_INFO ek_cryptoInfo;
92 status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, &ek_cryptoInfo);
94 // If we can read PubEK then there is no owner and we should take it.
95 // We use the abilty to read the pubEK to flag that the TPM is owned.
96 // FIXME: Change to just trying to take ownership and react to the status
97 if (status == TPM_SUCCESS) {
98 TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
99 (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
100 &SRK_AUTH,
101 &ek_cryptoInfo,
102 &vtpm_globals->keyAuth));
104 TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
105 (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,
106 &vtpm_globals->keyAuth));
107 } else {
108 vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an owner. Creating Keys off existing SRK.\n");
109 }
111 // Generate storage key's auth
112 Crypto_GetRandom( &vtpm_globals->storage_key_usage_auth,
113 sizeof(TPM_AUTHDATA) );
115 TCS_AUTH osap;
116 TPM_AUTHDATA sharedsecret;
118 TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
119 TPM_ET_KEYHANDLE,
120 TPM_SRK_KEYHANDLE,
121 &SRK_AUTH,
122 &sharedsecret,
123 &osap) );
125 osap.fContinueAuthSession = FALSE;
128 TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle,
129 TPM_KEY_BIND,
130 (const TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
131 TPM_SRK_KEYHANDLE,
132 (const TPM_AUTHDATA*)&sharedsecret,
133 &vtpm_globals->storageKeyWrap,
134 &osap) );
136 // Generate boot key's auth
137 TPM_AUTHDATA bootKeyWrapAuth;
138 memset(&bootKeyWrapAuth, 0, sizeof(bootKeyWrapAuth));
140 TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
141 TPM_ET_KEYHANDLE,
142 TPM_SRK_KEYHANDLE,
143 &SRK_AUTH,
144 &sharedsecret,
145 &osap) );
147 osap.fContinueAuthSession = FALSE;
149 // FIXME: This key protects the global secrets on disk. It should use TPM
150 // PCR bindings to limit its use to legit configurations.
151 // Current binds are open, implying a Trusted VM contains this code.
152 // If this VM is not Trusted, use measurement and PCR bindings.
153 TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle,
154 TPM_KEY_BIND,
155 (const TPM_AUTHDATA*)&bootKeyWrapAuth,
156 TPM_SRK_KEYHANDLE,
157 (const TPM_AUTHDATA*)&sharedsecret,
158 &vtpm_globals->bootKeyWrap,
159 &osap) );
161 // Populate CRYPTO_INFO vtpm_globals->bootKey. This does not load it into the TPM
162 TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
163 TPM_SRK_KEYHANDLE,
164 &vtpm_globals->bootKeyWrap,
165 NULL,
166 NULL,
167 NULL,
168 &vtpm_globals->bootKey,
169 TRUE ) );
171 TPMTRYRETURN( VTSP_SaveState(vtpm_globals->manager_tcs_handle) );
172 goto egress;
174 abort_egress:
175 exit(1);
177 egress:
178 vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM manager (Status = %d).\n", status);
179 return status;
181 }
183 ///////////////////////////////////////////////////////////////////////////////
184 TPM_RESULT VTPM_Init_Manager() {
185 TPM_RESULT status = TPM_FAIL, serviceStatus;
186 BYTE *randomsead;
187 UINT32 randomsize=256;
189 if ((vtpm_globals = (VTPM_GLOBALS *) malloc(sizeof(VTPM_GLOBALS))) == NULL){
190 status = TPM_FAIL;
191 goto abort_egress;
192 }
193 memset(vtpm_globals, 0, sizeof(VTPM_GLOBALS));
195 vtpm_globals->connected_dmis = 0;
197 if ((vtpm_globals->dmi_map = create_hashtable(10, hashfunc32, equals32)) == NULL){
198 status = TPM_FAIL;
199 goto abort_egress;
200 }
202 // Create new TCS Object
203 vtpm_globals->manager_tcs_handle = 0;
205 TPMTRYRETURN(TCS_create());
207 // Create TCS Context for service
208 TPMTRYRETURN( TCS_OpenContext(&vtpm_globals->manager_tcs_handle ) );
210 TPMTRYRETURN( TCSP_GetRandom(vtpm_globals->manager_tcs_handle,
211 &randomsize,
212 &randomsead));
214 Crypto_Init(randomsead, randomsize);
215 TPMTRYRETURN( TCS_FreeMemory (vtpm_globals->manager_tcs_handle, randomsead));
217 // Create OIAP session for service's authorized commands
218 TPMTRYRETURN( VTSP_OIAP( vtpm_globals->manager_tcs_handle,
219 &vtpm_globals->keyAuth) );
220 vtpm_globals->keyAuth.fContinueAuthSession = TRUE;
222 vtpm_globals->mig_keys = NULL;
224 // If fails, create new Manager.
225 serviceStatus = VTPM_LoadManagerData();
226 if (serviceStatus == TPM_IOERROR) {
227 vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming first time initialization.\n");
228 TPMTRYRETURN( VTPM_Create_Manager() );
229 TPMTRYRETURN( VTPM_SaveManagerData() );
230 } else if (serviceStatus != TPM_SUCCESS) {
231 vtpmlogerror(VTPM_LOG_VTPM, "Failed to read existing manager file");
232 exit(1);
233 }
235 //Load Storage Key
236 TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
237 TPM_SRK_KEYHANDLE,
238 &vtpm_globals->storageKeyWrap,
239 &SRK_AUTH,
240 &vtpm_globals->storageKeyHandle,
241 &vtpm_globals->keyAuth,
242 &vtpm_globals->storageKey,
243 FALSE ) );
245 // Create entry for Dom0 for control messages
246 TPMTRYRETURN( VTPM_Handle_New_DMI(NULL) );
248 goto egress;
250 abort_egress:
251 egress:
253 return(status);
254 }
256 ///////////////////////////////////////////////////////////////////////////////
257 void VTPM_Stop_Manager() {
258 VTPM_DMI_RESOURCE *dmi_res;
259 struct hashtable_itr *dmi_itr;
261 // Close all the TCS contexts. TCS should evict keys based on this
262 if (hashtable_count(vtpm_globals->dmi_map) > 0) {
263 dmi_itr = hashtable_iterator(vtpm_globals->dmi_map);
264 do {
265 dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr);
266 if (dmi_res->connected)
267 close_dmi( dmi_res ); // Not really interested in return code
269 } while (hashtable_iterator_advance(dmi_itr));
270 free (dmi_itr);
271 }
273 if ( VTPM_SaveManagerData() != TPM_SUCCESS )
274 vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n");
276 TCS_CloseContext(vtpm_globals->manager_tcs_handle);
277 TCS_destroy();
279 hashtable_destroy(vtpm_globals->dmi_map, 1);
280 free(vtpm_globals);
282 Crypto_Exit();
284 vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
285 }