From: Samuel Thibault <samuel.thibault@ens-lyon.org>
To: Jason Andryuk <jandryuk@gmail.com>
Cc: xen-devel@lists.xenproject.org,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Quan Xu <quan.xu0@gmail.com>
Subject: Re: [PATCH 9/9] vtpmmgr: Support GetRandom passthrough on TPM 2.0
Date: Tue, 4 May 2021 15:33:32 +0200 [thread overview]
Message-ID: <20210504133332.pt56xjrxvbnz2htd@begin> (raw)
In-Reply-To: <20210504124842.220445-10-jandryuk@gmail.com>
Jason Andryuk, le mar. 04 mai 2021 08:48:42 -0400, a ecrit:
> GetRandom passthrough currently fails when using vtpmmgr with a hardware
> TPM 2.0.
> vtpmmgr (8): INFO[VTPM]: Passthrough: TPM_GetRandom
> vtpm (12): vtpm_cmd.c:120: Error: TPM_GetRandom() failed with error code (30)
>
> When running on TPM 2.0 hardware, vtpmmgr needs to convert the TPM 1.2
> TPM_ORD_GetRandom into a TPM2 TPM_CC_GetRandom command. Besides the
> differing ordinal, the TPM 1.2 uses 32bit sizes for the request and
> response (vs. 16bit for TPM2).
>
> Place the random output directly into the tpmcmd->resp and build the
> packet around it. This avoids bouncing through an extra buffer, but the
> header has to be written after grabbing the random bytes so we have the
> number of bytes to include in the size.
>
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> stubdom/vtpmmgr/marshal.h | 10 +++++++
> stubdom/vtpmmgr/vtpm_cmd_handler.c | 48 ++++++++++++++++++++++++++++++
> 2 files changed, 58 insertions(+)
>
> diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h
> index dce19c6439..20da22af09 100644
> --- a/stubdom/vtpmmgr/marshal.h
> +++ b/stubdom/vtpmmgr/marshal.h
> @@ -890,6 +890,15 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) {
> return rv;
> }
>
> +static
> +inline int sizeof_TPM_RQU_HEADER(BYTE* ptr) {
> + int rv = 0;
> + rv += sizeof_UINT16(ptr);
> + rv += sizeof_UINT32(ptr);
> + rv += sizeof_UINT32(ptr);
> + return rv;
> +}
> +
> static
> inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr,
> TPM_TAG tag,
> @@ -923,5 +932,6 @@ inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* pos, UINT32 max,
> #define pack_TPM_RSP_HEADER(p, t, s, r) pack_TPM_RQU_HEADER(p, t, s, r)
> #define unpack_TPM_RSP_HEADER(p, t, s, r) unpack_TPM_RQU_HEADER(p, t, s, r)
> #define unpack3_TPM_RSP_HEADER(p, l, m, t, s, r) unpack3_TPM_RQU_HEADER(p, l, m, t, s, r)
> +#define sizeof_TPM_RSP_HEADER(p) sizeof_TPM_RQU_HEADER(p)
>
> #endif
> diff --git a/stubdom/vtpmmgr/vtpm_cmd_handler.c b/stubdom/vtpmmgr/vtpm_cmd_handler.c
> index 2ac14fae77..7ca1d9df94 100644
> --- a/stubdom/vtpmmgr/vtpm_cmd_handler.c
> +++ b/stubdom/vtpmmgr/vtpm_cmd_handler.c
> @@ -47,6 +47,7 @@
> #include "vtpm_disk.h"
> #include "vtpmmgr.h"
> #include "tpm.h"
> +#include "tpm2.h"
> #include "tpmrsa.h"
> #include "tcg.h"
> #include "mgmt_authority.h"
> @@ -772,6 +773,52 @@ static int vtpmmgr_permcheck(struct tpm_opaque *opq)
> return 1;
> }
>
> +TPM_RESULT vtpmmgr_handle_getrandom(struct tpm_opaque *opaque,
> + tpmcmd_t* tpmcmd)
> +{
> + TPM_RESULT status = TPM_SUCCESS;
> + TPM_TAG tag;
> + UINT32 size;
> + UINT32 rand_offset;
> + UINT32 rand_size;
> + TPM_COMMAND_CODE ord;
> + BYTE *p;
> +
> + p = unpack_TPM_RQU_HEADER(tpmcmd->req, &tag, &size, &ord);
> +
> + if (!hw_is_tpm2()) {
> + size = TCPA_MAX_BUFFER_LENGTH;
> + TPMTRYRETURN(TPM_TransmitData(tpmcmd->req, tpmcmd->req_len,
> + tpmcmd->resp, &size));
> + tpmcmd->resp_len = size;
> +
> + return TPM_SUCCESS;
> + }
We need to check for the size of the request before unpacking (which
doesn't check for it), don't we?
> + /* TPM_GetRandom req: <header><uint32 num bytes> */
> + unpack_UINT32(p, &rand_size);
> +
> + /* Call TPM2_GetRandom but return a TPM_GetRandom response. */
> + /* TPM_GetRandom resp: <header><uint32 num bytes><num random bytes> */
> + rand_offset = sizeof_TPM_RSP_HEADER(tpmcmd->resp) +
> + sizeof_UINT32(tpmcmd->resp);
There is a spurious indentation here, at first sight I even thought it
was part of the comment.
We also need to check that rand_size is not too large?
- that the returned data won't overflow tpmcmd->resp + rand_offset
- that it fits in a UINT16
Also, TPM2_GetRandom casts bytesRequested into UINT16*, that's bogus, it
should use a local UINT16 variable and assign *bytesRequested.
> + TPMTRYRETURN(TPM2_GetRandom(&rand_size, tpmcmd->resp + rand_offset));
> +
> + p = pack_TPM_RSP_HEADER(tpmcmd->resp, TPM_TAG_RSP_COMMAND,
> + rand_offset + rand_size, status);
> + p = pack_UINT32(p, rand_size);
> + tpmcmd->resp_len = rand_offset + rand_size;
> +
> + return status;
> +
> +abort_egress:
> + tpmcmd->resp_len = VTPM_COMMAND_HEADER_SIZE;
> + pack_TPM_RSP_HEADER(tpmcmd->resp, tag + 3, tpmcmd->resp_len, status);
> +
> + return status;
> +}
> +
> TPM_RESULT vtpmmgr_handle_cmd(
> struct tpm_opaque *opaque,
> tpmcmd_t* tpmcmd)
> @@ -842,6 +889,7 @@ TPM_RESULT vtpmmgr_handle_cmd(
> switch(ord) {
> case TPM_ORD_GetRandom:
> vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_GetRandom\n");
> + return vtpmmgr_handle_getrandom(opaque, tpmcmd);
> break;
Drop the break, then. I would say also move (or drop) the log, like the
other cases.
> case TPM_ORD_PcrRead:
> vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_PcrRead\n");
> --
> 2.30.2
>
next prev parent reply other threads:[~2021-05-04 13:33 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-04 12:48 [PATCH 0/9] vtpmmgr: Some fixes - still incomplete Jason Andryuk
2021-05-04 12:48 ` [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support Jason Andryuk
2021-05-04 17:55 ` Andrew Cooper
2021-05-07 15:31 ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 2/9] vtpmmgr: Print error code to aid debugging Jason Andryuk
2021-05-04 13:03 ` Samuel Thibault
2021-05-07 15:33 ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 3/9] stubom: newlib: Enable C99 formats for %z Jason Andryuk
2021-05-04 13:08 ` Samuel Thibault
2021-05-07 15:37 ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 4/9] vtpmmgr: Allow specifying srk_handle for TPM2 Jason Andryuk
2021-05-04 13:13 ` Samuel Thibault
2021-05-04 17:04 ` Jason Andryuk
2021-05-04 17:07 ` Samuel Thibault
2021-05-04 17:27 ` Jason Andryuk
2021-05-04 17:48 ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown Jason Andryuk
2021-05-04 13:14 ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown Jason Andryuk
2021-05-04 13:15 ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 7/9] vtpmmgr: Flush all transient keys Jason Andryuk
2021-05-04 13:16 ` Samuel Thibault
2021-05-04 17:05 ` Jason Andryuk
2021-05-04 17:07 ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 8/9] vtpmmgr: Shutdown more gracefully Jason Andryuk
2021-05-04 13:18 ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 9/9] vtpmmgr: Support GetRandom passthrough on TPM 2.0 Jason Andryuk
2021-05-04 13:33 ` Samuel Thibault [this message]
2021-05-04 17:23 ` Jason Andryuk
2021-05-04 17:47 ` Samuel Thibault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210504133332.pt56xjrxvbnz2htd@begin \
--to=samuel.thibault@ens-lyon.org \
--cc=dgdegra@tycho.nsa.gov \
--cc=jandryuk@gmail.com \
--cc=quan.xu0@gmail.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.