aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-12Rewrite MemoryEqual() to be constant-time. am: e760ff57b9 am: a71795a2cd am: ↵nagendra modadugu
07a9435803 am: 19237091e3 am: 98b0e9b9f4 Change-Id: If08baa76ab20307f1690ffad345152e7f6616faf
2017-05-12Rewrite MemoryEqual() to be constant-time. am: e760ff57b9 am: a71795a2cd am: ↵nagendra modadugu
07a9435803 am: 19237091e3 Change-Id: Ie987d7bf3c9872ec35cbe88f863ebaf58b3e4950
2017-05-12Rewrite MemoryEqual() to be constant-time. am: e760ff57b9 am: a71795a2cdnagendra modadugu
am: 07a9435803 Change-Id: I7c9ac4a9973aa33890034a544a5aec0cf3f5c8a2
2017-05-12Rewrite MemoryEqual() to be constant-time. am: e760ff57b9nagendra modadugu
am: a71795a2cd Change-Id: I4b54efeedb0e6835491ac40d29a47af9bcc24a7d
2017-05-12Rewrite MemoryEqual() to be constant-time.nagendra modadugu
am: e760ff57b9 Change-Id: I21c094b84f345de24afde68875d0558148042374
2017-05-11Rewrite MemoryEqual() to be constant-time.nagendra modadugu
The current implementation of MemoryEqual will not necessarily compile to a constant-time instruction sequence. This change ensures that every byte of the input must be inspected. BRANCH=none BUG=none TEST=TCG tests pass Change-Id: Ide83bce6cafea2d48c03e5116e97a6dd23419134 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/503478 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org>
2017-05-05Android.mk -> Android.bp am: 4454439844 am: c8ea94480d am: 9695b44f9aSteven Moreland
am: 2022877777 Change-Id: I357e3b3bffebb02eac1b73813e5a5327203c1ea2
2017-05-05Android.mk -> Android.bp am: 4454439844 am: c8ea94480dSteven Moreland
am: 9695b44f9a Change-Id: If4762aa705543514d891a0604e7c961cc02998cf
2017-05-05Android.mk -> Android.bp am: 4454439844Steven Moreland
am: c8ea94480d Change-Id: I4e0b9703317df67dc6b999c7645091394d7cbaa5
2017-05-05Android.mk -> Android.bpSteven Moreland
am: 4454439844 Change-Id: I1c98b0a5e4d19e805a5da8df677a3c5e6bc5bc4a
2017-05-04Android.mk -> Android.bpSteven Moreland
Test: links Bug: 37512442 Change-Id: I6a5bd123737d3bffa6b6c27c8d598552d2d3fb0f
2017-01-28Change NVMEM size to match cr50 implementation am: 1a68fe6fa8 am: d5f5f466f6 ↵android-vts-8.0_r9android-vts-8.0_r8android-vts-8.0_r7android-vts-8.0_r6android-vts-8.0_r2android-vts-8.0_r13android-vts-8.0_r12android-vts-8.0_r11android-vts-8.0_r10android-vts-8.0_r1android-security-8.0.0_r54android-security-8.0.0_r53android-security-8.0.0_r52android-cts-8.0_r9android-cts-8.0_r8android-cts-8.0_r7android-cts-8.0_r6android-cts-8.0_r5android-cts-8.0_r4android-cts-8.0_r3android-cts-8.0_r26android-cts-8.0_r25android-cts-8.0_r24android-cts-8.0_r23android-cts-8.0_r22android-cts-8.0_r21android-cts-8.0_r20android-cts-8.0_r2android-cts-8.0_r19android-cts-8.0_r18android-cts-8.0_r17android-cts-8.0_r16android-cts-8.0_r15android-cts-8.0_r14android-cts-8.0_r13android-cts-8.0_r12android-cts-8.0_r11android-cts-8.0_r10android-cts-8.0_r1android-8.0.0_r9android-8.0.0_r7android-8.0.0_r51android-8.0.0_r50android-8.0.0_r49android-8.0.0_r48android-8.0.0_r47android-8.0.0_r46android-8.0.0_r45android-8.0.0_r44android-8.0.0_r43android-8.0.0_r42android-8.0.0_r41android-8.0.0_r40android-8.0.0_r4android-8.0.0_r39android-8.0.0_r38android-8.0.0_r37android-8.0.0_r36android-8.0.0_r35android-8.0.0_r32android-8.0.0_r31android-8.0.0_r30android-8.0.0_r3android-8.0.0_r29android-8.0.0_r28android-8.0.0_r2android-8.0.0_r17android-8.0.0_r16android-8.0.0_r15android-8.0.0_r13android-8.0.0_r12android-8.0.0_r11android-8.0.0_r10android-8.0.0_r1security-oc-releaseoreo-vts-releaseoreo-security-releaseoreo-releaseoreo-r6-releaseoreo-r5-releaseoreo-r4-releaseoreo-r3-releaseoreo-r2-releaseoreo-devoreo-cts-releaseVadim Bendebury
am: 4f0ca3b562 am: 3ec2270abd am: 29e56ce56b Change-Id: I09813b6c15dac1445e9f10c64465b8dfb70f4534
2017-01-28Change NVMEM size to match cr50 implementation am: 1a68fe6fa8 am: d5f5f466f6 ↵android-wear-o-preview-4android-wear-o-preview-3android-o-preview-2Vadim Bendebury
am: 4f0ca3b562 am: 3ec2270abd Change-Id: I125d44b4cdcef57484a51cff9d92a5ccb44e7125
2017-01-28Change NVMEM size to match cr50 implementation am: 1a68fe6fa8 am: d5f5f466f6Vadim Bendebury
am: 4f0ca3b562 Change-Id: I8c1da02ce57cc32b84b62127d149dc7fcdb88798
2017-01-28Change NVMEM size to match cr50 implementation am: 1a68fe6fa8Vadim Bendebury
am: d5f5f466f6 Change-Id: I8b5e72b413473f5748b392cfae9ee26652288e71
2017-01-28Change NVMEM size to match cr50 implementationandroid-o-preview-1android-n-mr2-preview-2o-previewVadim Bendebury
am: 1a68fe6fa8 Change-Id: I57cb0a4c004a3ae3ca4a850d958f358c5cfdfe45
2017-01-28Change NVMEM size to match cr50 implementationVadim Bendebury
The TPM2 library and cr50 board have separate definitions of the NVMEM size, which need to be changed manually and are enforced by a compile time check in the cr50 code. CQ-DEPEND=CL:433184 BRANCH=none BUG=chrome-os-partner:62260 TEST=see dependent CL for test description Change-Id: I0586a35b77b2f52538023442f537c7a48b3357e7 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/433839 Reviewed-by: Andrey Pronin <apronin@chromium.org>
2017-01-05serialize objects in NVMEM am: 21756127fd am: 6ece5a16ed am: 94907f49fd am: ↵Vadim Bendebury
5bbd9763d5 am: fe6b30fb4e Change-Id: Ie8e28a2badaec6e58f932304c0d8f1d593d7b239
2017-01-05serialize objects in NVMEM am: 21756127fd am: 6ece5a16ed am: 94907f49fdVadim Bendebury
am: 5bbd9763d5 Change-Id: Ifff46be5982398cc1282df9077db3691a38fd1cf
2017-01-05serialize objects in NVMEM am: 21756127fd am: 6ece5a16edVadim Bendebury
am: 94907f49fd Change-Id: Ief4d7c45c0eccc62fc09a662fb3c974e2f06a029
2017-01-05serialize objects in NVMEM am: 21756127fdVadim Bendebury
am: 6ece5a16ed Change-Id: Ie30be3fd1839ea681901a88e6721f8803236de16
2017-01-05serialize objects in NVMEMandroid-n-mr2-preview-1Vadim Bendebury
am: 21756127fd Change-Id: I3ec3888ba566dc15bd81084da00fe9e581e9296c
2017-01-04serialize objects in NVMEMVadim Bendebury
Reference implementation stores OBJECT structures in NVRAM unmarshaled, even though this structure layout is such that most of its 1540 bytes remain unused by the object stored in the structure. Marshaling the structure before storing it in NVMEM allows to save a lot of room there. To make sure that marshaling is not processing junk data, clear the entire structure before allocating a new OBJECT. This change is meant to be backwards compatible. When data is read from NVMEM, in case its size is equal the size of OBJECT structure, data is considered stored unmarshaled and is copied to the output directly. If the stored size is smaller - unmarshaling function is invoked. BUG=chrome-os-partner:60502 TEST=tcg test suite passes (not that it exercises this a lot, just five instances of storing/retrieving objects for the entire suite). Will test on real tpm to verify NVMEM storage format backwards compatibility. Also tried taking a chrome os device through enterprise enrollment. With the old code after enrollment there is room for just two eviction objects left: # command to retrieve number of objects in nvmem(is in the last # byte of the response) localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a 00\ 00 00 06 00 00 02 08 00 00 00 01 80010000001B000000000100000006000000010000020800000003 # command to retrieve how many objects the tpm estimates it is # still possible to store in nvram (is in the last byte of the # response) localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a \ 00 00 00 06 00 00 02 09 00 00 00 01 80010000001B000000000100000006000000010000020900000002 with the new code after enrollment the responses the above commands are: 80010000001B000000000100000006000000010000020800000003 80010000001B000000000100000006000000010000020900000004 That is with three objects stored there is room for 4 more objects. Also verified that the device enrolled with the old version of the cr50 firmware remains enrolled after firmware update, which demonstrates backward compatibility. Change-Id: Ic2d5f902220b451523b740b57edb7867441d1faa Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/424171 Reviewed-by: Andrey Pronin <apronin@chromium.org>
2016-12-21tpm2: add support for padding-only RSASSA am: 569c3c58dc am: be42694d9f am: ↵Andrey Pronin
acdff2ed61 am: abf58a352b am: 2ba96f18ca Change-Id: I5d06675027c4bc201e4cc093bd9e29fd1b408461
2016-12-21tpm2: add support for padding-only RSASSA am: 569c3c58dc am: be42694d9f am: ↵Andrey Pronin
acdff2ed61 am: abf58a352b Change-Id: I008be36f019c3cda402734f64e594a9b26bcaf1e
2016-12-21tpm2: add support for padding-only RSASSA am: 569c3c58dc am: be42694d9fAndrey Pronin
am: acdff2ed61 Change-Id: I25c29962e149bac7c9fc57d33ae253f5553a71ab
2016-12-21tpm2: add support for padding-only RSASSA am: 569c3c58dcAndrey Pronin
am: be42694d9f Change-Id: I79933c1fb3b91ddf6ff30cdc32d4560495f5c85d
2016-12-21tpm2: add support for padding-only RSASSAAndrey Pronin
am: 569c3c58dc Change-Id: I9c12247c6c6ec66ac1091275db40dc371be9bcab
2016-12-21tpm2: add support for padding-only RSASSAAndrey Pronin
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is TPM_ALG_NULL in TPM2_Sign parameters and in the key public area. This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro. BUG=chrome-os-partner:60967 BRANCH=none TEST=On a unowned machine with TPM2: corp enroll, login, install a network certificate (gECC or GMC), then: a) retrieve the public key from the installed certificate LIBCHAPS=`ls /usr/lib**/libchaps.so` CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \ -O | grep "ID:" | awk '{print $2}'` pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \ --type=cert -r > /tmp/cert openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key b) sign a sample text using the private key for the certificate and MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command: echo "ABCDEF" > /tmp/1.txt pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \ -i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS c) verify signature: openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt Step (b) should succeed and step (c) should return "Verified OK". Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/420811 Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>
2016-12-16Add a build-time assert for sizeof(OBJECT) am: 1d3ac31070 am: 458b6689d7 am: ↵nagendra modadugu
09170b3a3c am: 12242f389d am: 6c856e6362 Change-Id: I3c4c9e70b879f414fffc23a30ddbd7a32d3c8e8e
2016-12-15Add a build-time assert for sizeof(OBJECT) am: 1d3ac31070 am: 458b6689d7 am: ↵nagendra modadugu
09170b3a3c am: 12242f389d Change-Id: I8f2fc3d7789e065c9a7d5b9db324276eb212dc01
2016-12-15Add a build-time assert for sizeof(OBJECT) am: 1d3ac31070 am: 458b6689d7nagendra modadugu
am: 09170b3a3c Change-Id: I0f6ea2214f7e9eaaa9aa588e8fe430e157f6154b
2016-12-15Add a build-time assert for sizeof(OBJECT) am: 1d3ac31070nagendra modadugu
am: 458b6689d7 Change-Id: I0a6124b6f177077f05c8c466c170692b12f99455
2016-12-15Add a build-time assert for sizeof(OBJECT)nagendra modadugu
am: 1d3ac31070 Change-Id: I6fd167b748ac45fdacde2af135b96375aee59896
2016-12-15Add a build-time assert for sizeof(OBJECT)nagendra modadugu
Add a build assert that checks the sizeof the tpm2 OBJECT struct. This check indicates that NV_FORMAT_VERSION needs to be bumped, due to a change to tpm2 data structures. BRANCH=none BUG=none TEST=build succeeds Change-Id: Id6cddd7bec10ebf0aa78e2199826fb6e1ff4fd8c Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/419120 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2016-12-07[ossfuzz] catching up with upstream changes am: abb7a18cbd am: be4ffac51a ↵Mike Aizatsky
am: 29b86236a6 am: 5e683e8a4c am: 03d6eae321 Change-Id: Ic07b6cabbcff7f97fe771e0119e5a16e7f354b37
2016-12-07[ossfuzz] catching up with upstream changes am: abb7a18cbd am: be4ffac51a ↵Mike Aizatsky
am: 29b86236a6 am: 5e683e8a4c Change-Id: Ieb33e4c449e2c41cec845c500ab391dac2bd6ba7
2016-12-07[ossfuzz] catching up with upstream changes am: abb7a18cbd am: be4ffac51aMike Aizatsky
am: 29b86236a6 Change-Id: I55a7459aa15d16a5fddb30a3608eb2fac1507d74
2016-12-07[ossfuzz] catching up with upstream changes am: abb7a18cbdMike Aizatsky
am: be4ffac51a Change-Id: I987dfeaa1ffc6875230a0e883fefa17bd025aa61
2016-12-07[ossfuzz] catching up with upstream changesMike Aizatsky
am: abb7a18cbd Change-Id: Ie29134b65552a2ff0a1b68e3ff7d9b50cd7fd6df
2016-12-07[ossfuzz] catching up with upstream changesMike Aizatsky
BUG=none BRANCH=none TEST=follow instructions in fuzz/build.sh Change-Id: Id3f1ade1ec74401e741928a6961f1da6a21deb6a Reviewed-on: https://chromium-review.googlesource.com/417702 Commit-Ready: Mike Aizitsky <aizatsky@chromium.org> Tested-by: Mike Aizitsky <aizatsky@chromium.org> Reviewed-by: Mike Aizitsky <aizatsky@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Nagendra Modadugu <ngm@google.com>
2016-12-05tpm2: enable all SHA-xxx hashing algorithms am: f037a5c57c am: 3f545ad4e8 ↵Andrey Pronin
am: da73c11811 am: d936fce981 am: 2fe751e255 Change-Id: I56532cceef1e79c440629dd1efa304339b6b1ee3
2016-12-05tpm2: enable all SHA-xxx hashing algorithms am: f037a5c57c am: 3f545ad4e8 ↵Andrey Pronin
am: da73c11811 am: d936fce981 Change-Id: I22beb227166d3e90196b76f9ac42726cb96df520
2016-12-05tpm2: enable all SHA-xxx hashing algorithms am: f037a5c57c am: 3f545ad4e8Andrey Pronin
am: da73c11811 Change-Id: I2480d22a46dce31b5cc5228c46e855cec452b779
2016-12-05tpm2: enable all SHA-xxx hashing algorithms am: f037a5c57cAndrey Pronin
am: 3f545ad4e8 Change-Id: I5fcd8c43f428a148f2b80829f136f5d9bb9ab487
2016-12-05tpm2: enable all SHA-xxx hashing algorithmsAndrey Pronin
am: f037a5c57c Change-Id: Ib1700fc14aaa486b3740877aa0598496e6ed01ed
2016-12-05tpm2: enable all SHA-xxx hashing algorithmsAndrey Pronin
In practice, RSASSA/SHA-512 is used for signing with tpm-backed keys, so we need to enable this algorithm. SHA-384 is also enabled, as it doesn't affect the size of objects, and support for it is also added in the code. Note that for cr50 this change combined with CL:415218 is sufficient to support SHA-384/512 digests in RSA Sign operations. However, more changes are required to actually support the new hashing algorithm, and will come in a separate CL. Bumped NV_FORMAT_VERSION to 2 since this change increases OBJECT size (that has 5 digest structures inside, so +32 (32->64) to max digest means +160 bytes to OBJECT). Note that it leads to decreasing the number of persistent objects that can be stored in NVRAM. BUG=chrome-os-partner:59754 TEST=1) On TPM2 simulator for a pre-generated key pair (/tmp/priv.key + /tmp/pub.key) and input /tmp/1.txt, import the private key, sign the text using it and SHA512-RSA-PKCS, and verify that the signature is correct: openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \ -out /tmp/priv.der -nocrypt p11_replay --import --path=/tmp/priv.der --type=privkey \ -id=bbbbbb pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \ --id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \ -m SHA512-RSA-PKCS openssl dgst -sha512 -verify /tmp/pub.key \ -signature /tmp/1.sig /tmp/1.txt The last operation should say "Verified OK". 2) Repeat the same for SHA384-RSA-PKCS and openssl dgst -sha384. 3) Boot on TPM2 board after clearing tpm owner, corp enroll, login. Change-Id: I03e24bd0659aa8b1d76dd16640ea44b6eb46bf56 Reviewed-on: https://chromium-review.googlesource.com/415108 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org>
2016-12-03Introduce NVRAM storage format versioning am: 889c3dda30 am: 06c8e853bb am: ↵Vadim Bendebury
630e2e46ea am: a8882eec97 am: 7906c74bd6 Change-Id: If2cb45262fcf7f5afc3756eb98ac8859cee3f512
2016-12-03Introduce NVRAM storage format versioning am: 889c3dda30 am: 06c8e853bb am: ↵Vadim Bendebury
630e2e46ea am: a8882eec97 Change-Id: I7bfc4a0c5132ad853062391894078ab0e17d16ec
2016-12-03Introduce NVRAM storage format versioning am: 889c3dda30 am: 06c8e853bbVadim Bendebury
am: 630e2e46ea Change-Id: Ib35cc66f14c576c24ab4ee2aedfbded38cfa124d
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 16:47:00 +0000