vTPM data seal issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

vTPM data seal issue

Osborn, Justin D.
Hi everybody,
 
    For a while now I've been working on a project to do data sealing to TPM PCRs in a Xen Dom U using the vtpm.  I finally got everything set up, I'm using xen-unstable, the tpm_tis driver in Dom 0, and trousers 0.2.8 in Dom U (having patched Trousers with the TPM_PCR_INFO_LONG patch from Trusted Java that allows data sealing on Winbond/Infineon TPMs).
 
I booted my Dom U image, modprobe tpm_xenu, ran tcsd, and tpm_takeownership.  For the test I ran:
 
    ps auwx > foo
    tpm_sealdata < foo
 
This returns a TPM_BAD_PARAMETER.  However, executing:
 
    tpm_sealdata -p 1 < foo
 
works completely.
 
Further investigation in the vtpmd code revealed a block in tpm_cmd_handler.c that looks like:
 
     if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
           || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
           || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
           || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)
           || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
           || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
           || len != 0) return TPM_BAD_PARAMETER;
 
vtpmd tries to unpackage everything regardless of pcrInfoSize.  So essentially what happens is, if not sealing to PCRs, trousers sends pcrInfoSize as 0, and then doesn't include the pcrInfo.  However, the vtpm is looking for the pcrInfo no matter what, and it tries to read past the end of the data.  It would appear that trousers is not breaking spec to do this because without vtpm data sealing works.  Perhaps the vtpm should unmarshal everything up to the pcrInfo and then check pcrInfoSize before trying to unmarshal pcrInfo?
 
For now I'm just always sealing to PCRs. :-)
 
Let me know if that makes sense.
 
Thanks,
Justin
 
P.S.  I'm completely new to TCG/TPM, so please excuse any naivete. 

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

RE: vTPM data seal issue

Scarlata, Vincent R
I've CCed Mario Strasser. He is the author of the TPM emulator that is used for the vTPMs.
 
Thanks Justin, this I believe is a bug in the TPM emulator. If pcrInfoSize is zero, then the TPM protocols say to completely ignore the PCR_INFO structure and the next byte in this case should be inDataSize. The marshalling code always unpacks the PCR_INFO regardless of is pcrInfoSize == 0.
 
Mario, I have to think about it for a second, but I think everywhere you unmarshal PCR_INFO it should look something like
 
   if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
           || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
           || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
           || (  pcrInfoSize > 0  ) && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) )
           || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
           || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
           || len != 0) return TPM_BAD_PARAMETER;
 
-Vinnie Scarlata
 Trusted Platform Lab
 Corporate Technology Group
 Intel Corporation


From: Osborn, Justin D. [mailto:[hidden email]]
Sent: Wednesday, October 18, 2006 3:16 PM
To: [hidden email]; [hidden email]; Scarlata, Vincent R
Subject: vTPM data seal issue

Hi everybody,
 
    For a while now I've been working on a project to do data sealing to TPM PCRs in a Xen Dom U using the vtpm.  I finally got everything set up, I'm using xen-unstable, the tpm_tis driver in Dom 0, and trousers 0.2.8 in Dom U (having patched Trousers with the TPM_PCR_INFO_LONG patch from Trusted Java that allows data sealing on Winbond/Infineon TPMs).
 
I booted my Dom U image, modprobe tpm_xenu, ran tcsd, and tpm_takeownership.  For the test I ran:
 
    ps auwx > foo
    tpm_sealdata < foo
 
This returns a TPM_BAD_PARAMETER.  However, executing:
 
    tpm_sealdata -p 1 < foo
 
works completely.
 
Further investigation in the vtpmd code revealed a block in tpm_cmd_handler.c that looks like:
 
     if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
           || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
           || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
           || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)
           || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
           || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
           || len != 0) return TPM_BAD_PARAMETER;
 
vtpmd tries to unpackage everything regardless of pcrInfoSize.  So essentially what happens is, if not sealing to PCRs, trousers sends pcrInfoSize as 0, and then doesn't include the pcrInfo.  However, the vtpm is looking for the pcrInfo no matter what, and it tries to read past the end of the data.  It would appear that trousers is not breaking spec to do this because without vtpm data sealing works.  Perhaps the vtpm should unmarshal everything up to the pcrInfo and then check pcrInfoSize before trying to unmarshal pcrInfo?
 
For now I'm just always sealing to PCRs. :-)
 
Let me know if that makes sense.
 
Thanks,
Justin
 
P.S.  I'm completely new to TCG/TPM, so please excuse any naivete. 

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

Re: vTPM data seal issue

EricJohn
In reply to this post by Osborn, Justin D.
Hi,

I'm getting the following error:

dom1:~# ps auwx > foo
dom1:~# tpm_sealdata < foo
Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
dom1:~# tpm_sealdata -p 1 < foo
Tspi_Key_CreateKey failed: 0x00000001 - layer=tpm, code=0001 (1), Authentication failed
dom1:~#

Running tpm_emulator on Dom0 and using trousers and tpm_tools on DomU.

Cheers,
Eric
Osborn, Justin D. wrote
Hi everybody,
 
    For a while now I've been working on a project to do data sealing to
TPM PCRs in a Xen Dom U using the vtpm.  I finally got everything set
up, I'm using xen-unstable, the tpm_tis driver in Dom 0, and trousers
0.2.8 in Dom U (having patched Trousers with the TPM_PCR_INFO_LONG patch
from Trusted Java that allows data sealing on Winbond/Infineon TPMs).
 
I booted my Dom U image, modprobe tpm_xenu, ran tcsd, and
tpm_takeownership.  For the test I ran:
 
    ps auwx > foo
    tpm_sealdata < foo
 
This returns a TPM_BAD_PARAMETER.  However, executing:
 
    tpm_sealdata -p 1 < foo
 
works completely.
 
Further investigation in the vtpmd code revealed a block in
tpm_cmd_handler.c that looks like:
 
     if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
           || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
           || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
           || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)
           || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
           || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
           || len != 0) return TPM_BAD_PARAMETER;
 
vtpmd tries to unpackage everything regardless of pcrInfoSize.  So
essentially what happens is, if not sealing to PCRs, trousers sends
pcrInfoSize as 0, and then doesn't include the pcrInfo.  However, the
vtpm is looking for the pcrInfo no matter what, and it tries to read
past the end of the data.  It would appear that trousers is not breaking
spec to do this because without vtpm data sealing works.  Perhaps the
vtpm should unmarshal everything up to the pcrInfo and then check
pcrInfoSize before trying to unmarshal pcrInfo?
 
For now I'm just always sealing to PCRs. :-)
 
Let me know if that makes sense.
 
Thanks,
Justin
 
P.S.  I'm completely new to TCG/TPM, so please excuse any naivete.

_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel