[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] vTPM/TPM2: Create and load SK on TPM 2.0



commit 3334d916dea80ace09829d129753b20b85a41b65
Author:     Quan Xu <quan.xu@xxxxxxxxx>
AuthorDate: Thu Jan 15 04:21:45 2015 -0500
Commit:     Ian Campbell <ian.campbell@xxxxxxxxxx>
CommitDate: Wed Jan 28 12:54:49 2015 +0000

    vTPM/TPM2: Create and load SK on TPM 2.0

    TPM2_Create is used to create an object that can be loaded into a
    TPM using TPM2_Load(). If the command completes successfully, the
    TPM will create the new object and return the objectâ??s creation.
    data (creationData), its public area (outPublic), and its encrypted
    sensitive area (outPrivate). Preservation of the returned data is
    the responsibility of the caller. The object will need to be loaded
    (TPM2_Load()).
    TPM2_Load is used to load objects into the TPM. This command is used
    when both a TPM2B_PUBLIC and TPM2B_PRIVATE are to be loaded. If only
    a TPM2B_PUBLIC is to be loaded, the TPM2_LoadExternal command is used.

    Signed-off-by: Quan Xu <quan.xu@xxxxxxxxx>
    Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 stubdom/vtpmmgr/init.c    |   65 +++++++++++++++++++++++++++++++++++++++++++++
 stubdom/vtpmmgr/vtpmmgr.h |    1 +
 2 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index c654071..43ba693 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -580,3 +580,68 @@ TPM_RC tpm2_take_ownership(void)
 abort_egress:
     return status;
 }
+
+TPM_RESULT vtpmmgr2_create(void)
+{
+    TPM_RESULT status = TPM_SUCCESS;
+
+    TPMTRYRETURN(tpm2_take_ownership());
+
+   /* create SK */
+    TPM2_Create_Params_out out;
+    TPM2_Create_Params_in in = {
+        .inSensitive = {
+            .size = 4 + 20,
+            .sensitive = {
+                .userAuth.size = 20,
+                .userAuth.buffer = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\
+                                     0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+                .data.size = 0,
+            },
+        },
+        .inPublic = {
+            .size = (60),
+            .publicArea = {
+                 .type = TPM2_ALG_RSA,
+                 .nameAlg = TPM2_ALG_SHA256,
+#define SK_OBJ_ATTR (fixedTPM | fixedParent | userWithAuth |\
+                     sensitiveDataOrigin |decrypt)
+                 .objectAttributes = SK_OBJ_ATTR,
+                 .authPolicy.size = 0,
+                 .parameters.rsaDetail = {
+                     .symmetric = {
+                         .algorithm = TPM2_ALG_NULL,
+                     },
+                     .scheme = {
+                         TPM2_ALG_OAEP,
+                         .details.oaep.hashAlg = TPM2_ALG_SHA256,
+                     },
+                     .keyBits = RSA_KEY_SIZES_BITS,
+                     .exponent = 0,
+                  },
+                  .unique.rsa.size = 0,
+            },
+        },
+        .outsideInfo.size = 0,
+        .creationPCR.count = 0,
+    };/*end in */
+
+    TPMTRYRETURN(TPM2_Create(vtpm_globals.srk_handle, &in, &out));
+    TPMTRYRETURN(TPM2_Load(vtpm_globals.srk_handle,
+                           &vtpm_globals.tpm2_storage_key.Private,
+                           &vtpm_globals.tpm2_storage_key.Public,
+                           &vtpm_globals.sk_handle,
+                           &vtpm_globals.sk_name));
+
+    vtpmloginfo(VTPM_LOG_VTPM, "SK HANDLE: 0x%X\n", vtpm_globals.sk_handle);
+
+    /*Create new disk image*/
+    TPMTRYRETURN(vtpm_new_disk());
+
+    goto egress;
+
+abort_egress:
+egress:
+    vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM manager\n");
+    return status;
+}
diff --git a/stubdom/vtpmmgr/vtpmmgr.h b/stubdom/vtpmmgr/vtpmmgr.h
index 95519ba..9889feb 100644
--- a/stubdom/vtpmmgr/vtpmmgr.h
+++ b/stubdom/vtpmmgr/vtpmmgr.h
@@ -95,5 +95,6 @@ inline TPM_RESULT vtpmmgr_rand(unsigned char* bytes, size_t 
num_bytes) {

 /* TPM 2.0 */
 TPM_RC tpm2_take_ownership(void);
+TPM_RESULT vtpmmgr2_create(void);

 #endif
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.